Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: use semgrep to prevent using @latest tags for go install steps #11960

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

build: use semgrep to prevent using @latest tags for go install steps #11960

wants to merge 1 commit into from

Conversation

shoenig
Copy link
Contributor

@shoenig shoenig commented Jan 28, 2022

Tools should be pinned to a specific dependency when using make bootstrap
to Go install the tools we use to build Nomad. Using @latest tags means a
tool and what it produces could change out from under us.

@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:25 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from 661cd76 to 0d6e472 Compare January 28, 2022 20:28
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:28 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from 0d6e472 to f26bc17 Compare January 28, 2022 20:33
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:33 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from f26bc17 to d9bdfb8 Compare January 28, 2022 20:38
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:38 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from d9bdfb8 to b489a8f Compare January 28, 2022 20:41
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:41 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from b489a8f to 9c3dcfc Compare January 28, 2022 20:49
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:49 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from 9c3dcfc to 4055f4d Compare January 28, 2022 20:55
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:55 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from 4055f4d to 7e155f8 Compare January 28, 2022 20:59
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 20:59 Inactive
@shoenig shoenig force-pushed the semgrep-tools-versions branch from 7e155f8 to 97a6cbb Compare January 28, 2022 21:02
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 21:02 Inactive
@shoenig
build: use semgrep to prevent using @latest tags for go install steps
72e9d61 
Tools should be pinned to a specific dependency when using `make bootstrap`
to Go install the tools we use to build Nomad. Using @latest tags means a
tool and what it produces could change out from under us.
@shoenig shoenig force-pushed the semgrep-tools-versions branch from 97a6cbb to 72e9d61 Compare January 28, 2022 21:06
@vercel vercel bot temporarily deployed to Preview – nomad January 28, 2022 21:06 Inactive
@hashicorp-cla
Copy link

hashicorp-cla commented Mar 12, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tgross tgross added the stage/needs-rebase This PR needs to be rebased on main before it can be backported to pick up new BPA workflows label May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
stage/needs-rebase This PR needs to be rebased on main before it can be backported to pick up new BPA workflows
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shoenig @hashicorp-cla @tgross