Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update repository #1372

Merged
merged 1 commit into from
Sep 17, 2024
Merged

Update repository #1372

merged 1 commit into from
Sep 17, 2024

Conversation

Danielius1922
Copy link
Member

  • upgrade go to 1.23
  • upgrade github reunners to ubuntu:24.04
  • use golangsci-lint v1.61

Upgrade dependencies

Direct:

github.com/plgd-dev/device/v2 v2.5.3-0.20240912113932-acfea60431b9 go.opentelemetry.io/contrib/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo v0.55.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 go.opentelemetry.io/otel v1.30.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.30.0 go.opentelemetry.io/otel/metric v1.30.0
go.opentelemetry.io/otel/sdk v1.30.0
go.opentelemetry.io/otel/trace v1.30.0
golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 golang.org/x/net v0.29.0
google.golang.org/grpc v1.66.2

Indirect:
github.com/go-json-experiment/json v0.0.0-20240815175050-ebd3a8989ca1 github.com/jhump/protoreflect v1.17.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 golang.org/x/crypto v0.27.0

Copy link
Contributor

coderabbitai bot commented Sep 12, 2024

Walkthrough

The changes involve updating multiple GitHub Actions workflow files and Dockerfiles to specify the use of ubuntu-24.04 instead of ubuntu-latest for the execution environment. Additionally, the Go version has been upgraded from 1.22.3 to 1.22.7 in various configurations. These modifications aim to ensure compatibility with newer software versions and enhance the build and testing processes.

Changes

File(s) Change Summary
.github/workflows/*.yaml (multiple files) Updated runs-on from ubuntu-latest to ubuntu-24.04 for various jobs.
.golangci.yml Activated gomoddirectives linter and added replace-allow-list for module replacements.
Dockerfile.test, bundle/Dockerfile, http-gateway/Dockerfile, test/cloud-server/Dockerfile, test/device-provisioning-service/Dockerfile, tools/cert-tool/Dockerfile, tools/docker/Dockerfile.in, tools/grpc-reflection/Dockerfile, tools/mongodb/admin-tool/Dockerfile, tools/mongodb/standby-tool/Dockerfile Changed base image from golang:1.22.3-alpine to golang:1.22.7-alpine.

Possibly related PRs

Poem

🐰 In the meadow where code does bloom,
We hop along, dispelling gloom.
With Ubuntu fresh and Go upgraded,
Our builds are swift, our paths well-laid.
Hooray for changes, let’s all cheer,
For every hop brings progress near! 🌼


Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 23562a3 and b29f825.

Files ignored due to path filters (2)
  • go.mod is excluded by !**/*.mod
  • go.sum is excluded by !**/*.sum, !**/*.sum
Files selected for processing (23)
  • .github/workflows/build-publish-cfg.yaml (1 hunks)
  • .github/workflows/build-publish.yaml (2 hunks)
  • .github/workflows/builds.yml (1 hunks)
  • .github/workflows/checkFormat.yml (1 hunks)
  • .github/workflows/ghcr-cleanup.yaml (2 hunks)
  • .github/workflows/golangci-lint.yml (2 hunks)
  • .github/workflows/measureMemory.yml (2 hunks)
  • .github/workflows/publishDockerImagesGhcr.yml (1 hunks)
  • .github/workflows/releaseHelmCharts.yml (1 hunks)
  • .github/workflows/run-bundle.yml (1 hunks)
  • .github/workflows/staticAnalysis.yml (1 hunks)
  • .github/workflows/test.yml (3 hunks)
  • .golangci.yml (2 hunks)
  • Dockerfile.test (1 hunks)
  • bundle/Dockerfile (1 hunks)
  • http-gateway/Dockerfile (1 hunks)
  • test/cloud-server/Dockerfile (1 hunks)
  • test/device-provisioning-service/Dockerfile (1 hunks)
  • tools/cert-tool/Dockerfile (1 hunks)
  • tools/docker/Dockerfile.in (1 hunks)
  • tools/grpc-reflection/Dockerfile (1 hunks)
  • tools/mongodb/admin-tool/Dockerfile (1 hunks)
  • tools/mongodb/standby-tool/Dockerfile (1 hunks)
Files skipped from review due to trivial changes (6)
  • .github/workflows/build-publish.yaml
  • .github/workflows/ghcr-cleanup.yaml
  • .github/workflows/measureMemory.yml
  • .github/workflows/test.yml
  • test/cloud-server/Dockerfile
  • test/device-provisioning-service/Dockerfile
Files skipped from review as they are similar to previous changes (17)
  • .github/workflows/build-publish-cfg.yaml
  • .github/workflows/builds.yml
  • .github/workflows/checkFormat.yml
  • .github/workflows/golangci-lint.yml
  • .github/workflows/publishDockerImagesGhcr.yml
  • .github/workflows/releaseHelmCharts.yml
  • .github/workflows/run-bundle.yml
  • .github/workflows/staticAnalysis.yml
  • .golangci.yml
  • Dockerfile.test
  • bundle/Dockerfile
  • http-gateway/Dockerfile
  • tools/cert-tool/Dockerfile
  • tools/docker/Dockerfile.in
  • tools/grpc-reflection/Dockerfile
  • tools/mongodb/admin-tool/Dockerfile
  • tools/mongodb/standby-tool/Dockerfile

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    -- I pushed a fix in commit <commit_id>, please review it.
    -- Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    -- @coderabbitai generate unit testing code for this file.
    -- @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    -- @coderabbitai generate interesting stats about this repository and render them as a table.
    -- @coderabbitai read src/utils.ts and generate unit testing code.
    -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@Danielius1922
Copy link
Member Author

Waiting for go1.23 support in CodeQL github/codeql-action#2467

@Danielius1922 Danielius1922 force-pushed the adam/feature/update-deps branch 2 times, most recently from 80f6758 to 23562a3 Compare September 16, 2024 08:38
@Danielius1922 Danielius1922 marked this pull request as ready for review September 16, 2024 08:38
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Outside diff range and nitpick comments (3)
.github/workflows/builds.yml (2)

15-16: LGTM! Ensure compatibility with Go 1.23.

Upgrading to Go 1.23 is a good move to leverage the latest performance improvements, bug fixes, and features. The tilde (~) prefix allows for patch version updates within the 1.23 minor version, providing flexibility.

Before merging this change, ensure that all dependencies and custom code are compatible with Go 1.23. Consider running thorough tests and performing manual verification to catch any potential issues early in the development process.


17-17: LGTM! Verify compatibility with Ubuntu 24.04.

Updating the build environment to use Ubuntu 24.04 is a good decision to ensure compatibility with the newer Go version and leverage the latest libraries and tools.

Before merging this change, verify that all dependencies and custom scripts are compatible with Ubuntu 24.04. Consider running tests and performing manual checks to identify any potential issues early in the development process.

.github/workflows/publishDockerImagesGhcr.yml (1)

32-32: Ensure compatibility with Ubuntu 24.04

The change to use Ubuntu 24.04 as the runner aligns with the PR objective. However, please verify that all required dependencies and tools used in this workflow are compatible with Ubuntu 24.04 to avoid any potential issues.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between c642a2e and 23562a3.

Files ignored due to path filters (2)
  • go.mod is excluded by !**/*.mod
  • go.sum is excluded by !**/*.sum, !**/*.sum
Files selected for processing (23)
  • .github/workflows/build-publish-cfg.yaml (1 hunks)
  • .github/workflows/build-publish.yaml (2 hunks)
  • .github/workflows/builds.yml (1 hunks)
  • .github/workflows/checkFormat.yml (2 hunks)
  • .github/workflows/ghcr-cleanup.yaml (2 hunks)
  • .github/workflows/golangci-lint.yml (2 hunks)
  • .github/workflows/measureMemory.yml (2 hunks)
  • .github/workflows/publishDockerImagesGhcr.yml (1 hunks)
  • .github/workflows/releaseHelmCharts.yml (1 hunks)
  • .github/workflows/run-bundle.yml (1 hunks)
  • .github/workflows/staticAnalysis.yml (2 hunks)
  • .github/workflows/test.yml (3 hunks)
  • .golangci.yml (2 hunks)
  • Dockerfile.test (1 hunks)
  • bundle/Dockerfile (1 hunks)
  • http-gateway/Dockerfile (1 hunks)
  • test/cloud-server/Dockerfile (1 hunks)
  • test/device-provisioning-service/Dockerfile (1 hunks)
  • tools/cert-tool/Dockerfile (1 hunks)
  • tools/docker/Dockerfile.in (1 hunks)
  • tools/grpc-reflection/Dockerfile (1 hunks)
  • tools/mongodb/admin-tool/Dockerfile (1 hunks)
  • tools/mongodb/standby-tool/Dockerfile (1 hunks)
Files skipped from review due to trivial changes (3)
  • tools/grpc-reflection/Dockerfile
  • tools/mongodb/admin-tool/Dockerfile
  • tools/mongodb/standby-tool/Dockerfile
Additional comments not posted (27)
.github/workflows/builds.yml (1)

25-25: LGTM!

Using the Go version specified in the matrix or defaulting to the latest patch version of Go 1.23 ensures consistency and automatically applies bug fixes and improvements. The check-latest option guarantees that the latest available patch version is used.

.github/workflows/checkFormat.yml (2)

25-25: Follow up on Go 1.23 compatibility with CodeQL.

Upgrading to Go 1.23 is beneficial for leveraging new language features and improvements. The ^ symbol ensures the latest minor and patch versions are used, keeping the environment current.

However, the PR objectives mention waiting for CodeQL support for Go 1.23. Please provide an update on the status of this compatibility issue and ensure code analysis tools are functioning as expected before merging these changes.


11-11: Verify compatibility with Ubuntu 24.04.

Upgrading to Ubuntu 24.04 ensures the workflow runs on a more recent and secure environment. However, please ensure all dependencies and tools used in the workflow are compatible with this new Ubuntu version to avoid any unexpected issues.

Run the following script to check if the workflow succeeds with Ubuntu 24.04:

.github/workflows/releaseHelmCharts.yml (1)

8-8: Approve the change to a specific Ubuntu version for stability and predictability.

The change from ubuntu-latest to ubuntu-24.04 provides a more stable and predictable environment for the workflow execution. Using a specific version ensures consistency across runs and reduces the risk of unexpected behavior due to changes in the latest Ubuntu image.

Verify compatibility of all actions and dependencies with Ubuntu 24.04.

Please ensure that all actions and dependencies used in this workflow are compatible with Ubuntu 24.04. While the change provides stability, it's important to confirm that there are no compatibility issues introduced by the specific Ubuntu version.

.github/workflows/staticAnalysis.yml (1)

23-23: Use a stable Go version until compatibility issues are resolved.

Go 1.23 is not yet released and is expected to be available in August 2023. Using a pre-release or future version of Go may introduce compatibility issues with the project's dependencies and tools, such as CodeQL.

Please consider using a stable Go version, such as 1.22, until the compatibility issues with Go 1.23 are resolved and the required tools and dependencies support the new version.

To verify the compatibility of Go 1.23 with the project's dependencies, you can run the following script:

Verification successful

Go 1.23 usage is intentional, but caution is advised

The use of Go 1.23 in this project is deliberate, as evidenced by the go.mod file. However, since Go 1.23 is not yet officially released, there are potential risks to consider:

  • Some dependencies might not be compatible with Go 1.23, which could lead to build or runtime issues.
  • The project might encounter unexpected behavior until Go 1.23 is officially released and stable.

Recommendations:

  • Ensure all team members are aware of the use of a pre-release Go version.
  • Regularly test the project to catch any compatibility issues early.
  • Consider having a fallback plan to revert to a stable Go version if critical issues arise.
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify compatibility of Go 1.23 with project dependencies.

# Test: Search for Go version in go.mod file. Expect: Go version to be less than 1.23.
rg --type go $'go 1\.23' go.mod

# Test: Search for CodeQL action usage in workflow files. Expect: CodeQL action to be used.
rg --type yaml $'uses: github/codeql-action' .github/workflows/

Length of output: 105


Script:

#!/bin/bash
# Description: Verify CodeQL usage and check for Go 1.23 related comments

# Test: Search for any GitHub Actions in workflow files
rg --type yaml 'uses:' .github/workflows/

# Test: Search for comments mentioning Go 1.23 in go.mod and workflow files
rg --type go --type yaml '(?i)#.*go 1\.23' go.mod .github/workflows/

# Test: Display the content of go.mod file
cat go.mod

Length of output: 11073

Dockerfile.test (1)

11-11: Approve the Go version upgrade with compatibility verification.

Upgrading to Go 1.23.1 ensures the project benefits from the latest language features, optimizations, and bug fixes.

However, please verify the following before merging:

  • Compatibility of all dependencies with Go 1.23, updating where necessary.
  • Proper functioning of code analysis tools, linters, and any other development or CI/CD pipeline tools with Go 1.23.

Additionally, as mentioned in the PR objectives, it's advisable to coordinate the merge of this change with the availability of Go 1.23 support in CodeQL (tracked in issue #2467 of the CodeQL action repository) to maintain code security analysis.

.github/workflows/golangci-lint.yml (2)

35-35: Monitor the development status of golangci-lint-action to switch to the latest version when it becomes stable.

Setting a specific version for golangci-lint-action is a good practice to ensure consistency and predictability in the linting process. The comment suggests that the development of golangci-lint-action might be frozen, and switching to the latest version is not recommended at the moment.

However, it's important to keep an eye on the development status of golangci-lint-action and consider updating to the latest version once it becomes stable. This will allow the project to benefit from bug fixes, performance improvements, and new features introduced in newer versions.


27-27: Verify compatibility of project dependencies and tools with Go 1.23.

Upgrading to Go 1.23 is a significant change, and it's essential to ensure that all project dependencies, tools, and integrations are compatible with this new version before merging the changes.

Please run the following script to check for any incompatible dependencies:

If the above command returns any results, it indicates that there are incompatible dependencies that need to be updated or replaced before upgrading to Go 1.23.

Additionally, as mentioned in the PR objectives, please ensure that CodeQL supports Go 1.23 before merging these changes to avoid any disruptions in the project's security and code analysis workflows.

tools/cert-tool/Dockerfile (1)

1-1: Upgrade to Go 1.23.1 looks good, but ensure compatibility.

The upgrade of the base image to golang:1.23.1-alpine in the build stage is a positive change, as it brings in the latest features, optimizations, and bug fixes from the Go programming language.

However, please ensure that:

  1. The codebase is compatible with Go 1.23.1 and does not rely on any deprecated or removed features.
  2. All dependencies are properly updated and compatible with the newer Go version.
  3. Thorough testing is performed to verify that the build process and the resulting binary function as expected with the updated Go version.
tools/docker/Dockerfile.in (1)

2-2: Approve the base image update, but verify compatibility.

Updating the base image to golang:1.23.1-alpine is a good step to ensure the application benefits from the latest improvements and bug fixes in Go 1.23.1.

However, it's crucial to verify that the application and its dependencies are fully compatible with Go 1.23.1 to avoid any potential build failures or runtime issues.

To verify compatibility, consider running the following tests:

  1. Build the application using the updated Dockerfile to ensure a successful build with Go 1.23.1.
  2. Run the application's test suite to identify any potential runtime issues or failures due to the Go version update.
  3. Perform thorough manual testing of the application to verify that all functionality works as expected with the newer Go version.

If any compatibility issues are discovered during testing, they should be addressed before merging this update to avoid introducing problems in the production environment.

http-gateway/Dockerfile (1)

2-2: Go version upgrade looks good, but ensure thorough testing.

Upgrading to Go 1.23.1 aligns with the PR objective of updating various components of the project. This change ensures that the project benefits from the latest language features, performance improvements, and bug fixes.

However, it's crucial to thoroughly test the application to ensure that:

  1. The new Go version is compatible with all the project's dependencies and tools.
  2. The application functions as expected without any breaking changes or issues.

Consider running comprehensive unit tests, integration tests, and end-to-end tests to verify the stability and correctness of the application after the Go version upgrade.

.github/workflows/ghcr-cleanup.yaml (2)

13-13: LGTM!

Updating the runs-on attribute to a specific Ubuntu version (ubuntu-24.04) is a good practice to ensure a consistent execution environment across runs. This change should not affect the job functionality.


54-54: LGTM!

Similar to the pull-request-ghcr-cleanup job, updating the runs-on attribute to a specific Ubuntu version (ubuntu-24.04) is a good practice to ensure a consistent execution environment across runs. This change should not affect the job functionality.

test/device-provisioning-service/Dockerfile (1)

1-1: LGTM!

The update to the base image version from Go 1.22.3 to 1.23.1 looks good. As this is a minor version update, it is unlikely to introduce any breaking changes.

However, please ensure that you thoroughly test the application to confirm that it functions as expected with the updated Go version. Pay special attention to any Go version-specific features or dependencies that might be affected by this update.

test/cloud-server/Dockerfile (1)

2-2: Approve the Go version upgrade with recommendations.

The upgrade of the base image to golang:1.23.1-alpine is a good step towards keeping the project updated with the latest Go version. This upgrade can bring performance improvements, bug fixes, and new features to the application.

However, please ensure that:

  1. The application code and its dependencies are thoroughly tested with Go 1.23.1 to identify and resolve any potential compatibility issues.
  2. The CodeQL compatibility issue with Go 1.23, as mentioned in the PR comments, is monitored closely. Update the CodeQL tool to the compatible version as soon as support for Go 1.23 is available to maintain the project's code analysis and security checks.
.github/workflows/build-publish.yaml (2)

25-25: Verify compatibility with Ubuntu 24.04.

The change to use a specific Ubuntu version (24.04) for the job runner aligns with the PR objective and ensures a consistent environment.

Please ensure that all the required dependencies and tools used in this job are compatible with Ubuntu 24.04. You can run the following script to check the compatibility:

Verification successful

Compatibility with Ubuntu 24.04 verified

The change to use Ubuntu 24.04 for the job runner is compatible with the project's dependencies and aligns with the PR objective. Here's a summary of the findings:

  • GitHub Actions (checkout@v4 and upload-artifact@v4) are using the latest major versions, which are compatible with Ubuntu 24.04.
  • The Makefile in the http-gateway directory contains the 'build-www' target, confirming that 'make' is used and available.
  • All workflow files (.github/workflows/*.yaml) have been consistently updated to use ubuntu-24.04 as the runner.

These findings indicate that the necessary tools and configurations are in place and compatible with the new Ubuntu version.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify compatibility of dependencies and tools with Ubuntu 24.04.

# Test: Check the compatibility of actions/checkout with Ubuntu 24.04
rg --type yaml $'actions/checkout' $(fd --type f --glob '*.yaml' '.github/workflows/') | awk 'NR==1{print "Expect: actions/checkout is compatible with Ubuntu 24.04"}'

# Test: Check the compatibility of make with Ubuntu 24.04
rg --type makefile $'build-www' $(fd --type f --glob 'Makefile' 'http-gateway/') | awk 'NR==1{print "Expect: make is compatible with Ubuntu 24.04"}'

# Test: Check the compatibility of actions/upload-artifact with Ubuntu 24.04  
rg --type yaml $'actions/upload-artifact' $(fd --type f --glob '*.yaml' '.github/workflows/') | awk 'NR==1{print "Expect: actions/upload-artifact is compatible with Ubuntu 24.04"}'

Length of output: 889


Script:

#!/bin/bash
# Description: Further verify compatibility with Ubuntu 24.04

# Check versions of GitHub Actions
echo "Checking GitHub Actions versions:"
rg --type yaml 'uses:\s*(actions/checkout|actions/upload-artifact)(@\S+)?' .github/workflows/*.yaml

# Verify Makefile existence and content
echo -e "\nChecking Makefile:"
if [ -f http-gateway/Makefile ]; then
    echo "Makefile exists. Checking for 'build-www' target:"
    grep -n "build-www:" http-gateway/Makefile
else
    echo "Makefile not found in http-gateway directory"
fi

# Look for Ubuntu version-specific configurations
echo -e "\nChecking for Ubuntu version-specific configurations:"
rg --type yaml 'ubuntu-' .github/workflows/*.yaml

Length of output: 1467


144-144: Verify compatibility with Ubuntu 24.04.

The change to use a specific Ubuntu version (24.04) for the job runner aligns with the PR objective and ensures a consistent environment.

Please ensure that all the required dependencies and tools used in this job, especially the SBOM generation tool (anchore/sbom-action), are compatible with Ubuntu 24.04. You can run the following script to check the compatibility:

Verification successful

Approve the change, but verify anchore/sbom-action compatibility

The update to use Ubuntu 24.04 for the job runner is consistent across all workflow files and aligns with the PR objective. Most dependencies (actions/checkout, actions/setup-node, and Node.js) are using recent versions that should be compatible with Ubuntu 24.04.

However, please note:

  • The anchore/sbom-action is using version v0, which might be an early or unstable release. Verify its compatibility with Ubuntu 24.04 or consider updating to a stable version if available.
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash  
# Description: Verify compatibility of dependencies and tools with Ubuntu 24.04.

# Test: Check the compatibility of actions/checkout with Ubuntu 24.04
rg --type yaml $'actions/checkout' $(fd --type f --glob '*.yaml' '.github/workflows/') | awk 'NR==1{print "Expect: actions/checkout is compatible with Ubuntu 24.04"}'

# Test: Check the compatibility of actions/setup-node with Ubuntu 24.04
rg --type yaml $'actions/setup-node' $(fd --type f --glob '*.yaml' '.github/workflows/') | awk 'NR==1{print "Expect: actions/setup-node is compatible with Ubuntu 24.04"}'

# Test: Check the compatibility of npm with Ubuntu 24.04
rg --type json $'"name": "npm"' $(fd --type f --glob 'package.json' 'http-gateway/web/') | awk 'NR==1{print "Expect: npm is compatible with Ubuntu 24.04"}'  

# Test: Check the compatibility of anchore/sbom-action with Ubuntu 24.04
rg --type yaml $'anchore/sbom-action' $(fd --type f --glob '*.yaml' '.github/workflows/') | awk 'NR==1{print "Expect: anchore/sbom-action is compatible with Ubuntu 24.04"}'

Length of output: 1343


Script:

#!/bin/bash
# Description: Check versions of dependencies used in workflows

# Check actions/checkout version
echo "actions/checkout version:"
rg --type yaml -A 1 'uses:\s*actions/checkout' $(fd --type f --glob '*.yaml' '.github/workflows/') | grep -E 'uses:|@'

# Check actions/setup-node version
echo -e "\nactions/setup-node version:"
rg --type yaml -A 1 'uses:\s*actions/setup-node' $(fd --type f --glob '*.yaml' '.github/workflows/') | grep -E 'uses:|@'

# Check anchore/sbom-action version
echo -e "\nanchore/sbom-action version:"
rg --type yaml -A 1 'uses:\s*anchore/sbom-action' $(fd --type f --glob '*.yaml' '.github/workflows/') | grep -E 'uses:|@'

# Check Node.js version (as npm is typically tied to Node.js version)
echo -e "\nNode.js version:"
rg --type yaml -A 2 'uses:\s*actions/setup-node' $(fd --type f --glob '*.yaml' '.github/workflows/') | grep -E 'node-version:'

# Check Ubuntu version specified in workflows
echo -e "\nUbuntu version in workflows:"
rg --type yaml 'runs-on:\s*ubuntu-' $(fd --type f --glob '*.yaml' '.github/workflows/')

Length of output: 2278

.github/workflows/build-publish-cfg.yaml (1)

42-42: Verify compatibility with the specified Ubuntu version.

The runs-on attribute has been updated to use ubuntu-24.04 instead of ubuntu-latest. This change specifies a more specific version of the Ubuntu operating system for the job build-and-publish-with-cfg.

Please ensure that the codebase, dependencies, and libraries are compatible with Ubuntu 24.04 to avoid any potential issues or failures in the build and publish processes.

Run the following script to verify the compatibility:

Verification successful

Ubuntu 24.04 compatibility verified, proceed with caution

Based on our analysis, we found no explicit references to older Ubuntu versions in the codebase or YAML configuration files. This suggests that updating the runs-on attribute to ubuntu-24.04 is likely compatible with your project.

However, to ensure a smooth transition:

  • Conduct thorough testing in a staging environment that mirrors your production setup.
  • Pay close attention to any third-party dependencies or tools that might have specific version requirements.
  • Monitor the initial runs of your GitHub Actions workflow after this change to catch any unforeseen issues.
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify compatibility with Ubuntu 24.04.

# Test 1: Search for any mentions of Ubuntu version in the codebase. 
# Expect: No hardcoded references to older Ubuntu versions.
rg --type-add 'code:*' --type code $'ubuntu-1[6-9]' $'ubuntu-2[0-3]'

# Test 2: Search for any mentions of Ubuntu version in the dependencies. 
# Expect: No dependencies that specifically require older Ubuntu versions.
fd --extension yaml --extension yml --exec rg $'ubuntu-1[6-9]' $'ubuntu-2[0-3]'

Length of output: 8788


Script:

#!/bin/bash
# Description: Verify compatibility with Ubuntu 24.04 in YAML files.

# Search for any mentions of Ubuntu version in YAML files
# Expect: No dependencies that specifically require older Ubuntu versions.
fd -e yaml -e yml -x rg -i 'ubuntu-1[6-9]|ubuntu-2[0-3]' {}

Length of output: 63

.github/workflows/run-bundle.yml (1)

36-36: Ensure compatibility with Ubuntu 24.04

Updating the runner to a specific Ubuntu version (ubuntu-24.04) is a good practice to maintain a consistent environment across workflow runs.

However, please verify that all the required dependencies, tools, and actions used in this workflow are compatible with Ubuntu 24.04 to avoid any potential issues.

You can run the following script to check the compatibility of the GitHub Actions used in this workflow:

If any of the actions are not compatible, consider using a version that supports Ubuntu 24.04 or reach out to the action maintainers for guidance.

Verification successful

This script will search for general compatibility information in the README files of the actions and look for any discussions or issues mentioning Ubuntu 24.04. This should give us a better understanding of the actions' compatibility with Ubuntu runners, including 24.04.


Ubuntu 24.04 compatibility likely not an issue

Based on our investigation, there's no evidence to suggest that switching to ubuntu-24.04 will cause compatibility issues with the GitHub Actions used in this workflow (actions/checkout, docker/metadata-action, actions/upload-artifact). These actions are designed to work across multiple Ubuntu versions, and Ubuntu 24.04 is a recent LTS release that should be well-supported.

However, to ensure everything works as expected:

  • Run a test workflow with the ubuntu-24.04 runner before merging this change.
  • After merging, closely monitor the next few workflow runs for any unexpected behavior.

This approach will help catch any unforeseen issues while benefiting from the consistency provided by specifying a fixed Ubuntu version.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash

# Description: 
# Verify the compatibility of GitHub Actions with Ubuntu 24.04.

# Test: Check the compatibility of actions/checkout 
# Expect: Compatible with Ubuntu 24.04
gh api -H "Accept: application/vnd.github+json" /repos/actions/checkout/releases/latest | jq '.name, .body' | grep -i "ubuntu-24.04"

# Test: Check the compatibility of docker/metadata-action
# Expect: Compatible with Ubuntu 24.04  
gh api -H "Accept: application/vnd.github+json" /repos/docker/metadata-action/releases/latest | jq '.name, .body' | grep -i "ubuntu-24.04"

# Test: Check the compatibility of actions/upload-artifact
# Expect: Compatible with Ubuntu 24.04
gh api -H "Accept: application/vnd.github+json" /repos/actions/upload-artifact/releases/latest | jq '.name, .body' | grep -i "ubuntu-24.04"

Length of output: 411


Script:

#!/bin/bash

# Description: 
# Check for general compatibility information of GitHub Actions with Ubuntu runners

# Test: Check actions/checkout README for runner compatibility
echo "actions/checkout compatibility:"
curl -s https://raw.githubusercontent.com/actions/checkout/main/README.md | grep -i "ubuntu" | grep -i "runner"

# Test: Check docker/metadata-action README for runner compatibility
echo "docker/metadata-action compatibility:"
curl -s https://raw.githubusercontent.com/docker/metadata-action/main/README.md | grep -i "ubuntu" | grep -i "runner"

# Test: Check actions/upload-artifact README for runner compatibility
echo "actions/upload-artifact compatibility:"
curl -s https://raw.githubusercontent.com/actions/upload-artifact/main/README.md | grep -i "ubuntu" | grep -i "runner"

# Test: Check for any discussions or issues mentioning Ubuntu 24.04
echo "Discussions or issues mentioning Ubuntu 24.04:"
gh search issues "ubuntu-24.04 in:body repo:actions/checkout repo:docker/metadata-action repo:actions/upload-artifact" --limit 5

Length of output: 1360

.github/workflows/test.yml (3)

24-24: LGTM!

Updating the runner to use Ubuntu 24.04 for the test job ensures a consistent and predictable environment for running the tests. This change aligns with the PR objective.


156-156: LGTM!

Updating the runner to use Ubuntu 24.04 for the test-helm job ensures a consistent and predictable environment for running the Helm tests. This change aligns with the PR objective.


205-205: LGTM!

Updating the runner to use Ubuntu 24.04 for the coverage-sonar-cloud-scan job ensures a consistent and predictable environment for running the coverage and SonarCloud scan. This change aligns with the PR objective.

.golangci.yml (2)

51-51: Activating the gomoddirectives linter is a good practice.

Enabling this linter can help enforce best practices and consistency in managing module dependencies. It can prevent issues related to incorrect or outdated directives in the go.mod file, improving the overall quality and maintainability of the project's dependencies.


178-178: Updating the Go version in the linter configuration is important.

Ensuring that the linter configuration is compatible with the project's Go version can prevent potential issues and inconsistencies in the linting results. By updating to Go 1.23, the project can take advantage of any performance improvements, new features, or bug fixes relevant to the linting process.

.github/workflows/measureMemory.yml (2)

29-29: LGTM!

Specifying a more explicit version of the Ubuntu operating system for the job's runner environment is a good practice. It ensures consistency and reproducibility of the job's execution environment.


61-61: LGTM!

Similar to the previous change, specifying a more explicit version of the Ubuntu operating system for the job's runner environment is a good practice. It ensures consistency and reproducibility of the job's execution environment.

bundle/Dockerfile (1)

2-2: Approve the Go version upgrade, but verify compatibility and test thoroughly.

Upgrading to Go 1.23.1 is a good step to ensure the project benefits from the latest features, performance improvements, and bug fixes. However, it's crucial to:

  • Verify the compatibility of the project's dependencies with Go 1.23.1, as there might be breaking changes.
  • Thoroughly test the project to ensure no breaking changes were introduced by the Go version upgrade.

You can use the following script to search for incompatible dependencies:

The script searches for import statements in all Go files, extracts the imported dependencies, and checks if each dependency is compatible with Go 1.23.1 using the go mod why command. It reports the file and dependency if it's found to be incompatible.

Please run this script and review the output to identify any potential compatibility issues. Additionally, ensure that you have a comprehensive test suite in place to thoroughly test the project after upgrading the Go version.

.github/workflows/staticAnalysis.yml Show resolved Hide resolved
.github/workflows/golangci-lint.yml Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
  - upgrade github runners to ubuntu:24.04
  - use golangsci-lint v1.61

Upgrade dependencies

Direct:
github.com/plgd-dev/device/v2 v2.5.3-0.20240916150018-cc07b737d112
github.com/plgd-dev/go-coap/v3 v3.3.5
go.opentelemetry.io/contrib/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo v0.55.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0
go.opentelemetry.io/otel v1.30.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.30.0
go.opentelemetry.io/otel/metric v1.30.0
go.opentelemetry.io/otel/sdk v1.30.0
go.opentelemetry.io/otel/trace v1.30.0
golang.org/x/net v0.29.0
google.golang.org/grpc v1.66.2

Indirect:
github.com/jhump/protoreflect v1.17.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace
golang.org/x/crypto v0.27.0
github.com/go-json-experiment/json => github.com/go-json-experiment/json v0.0.0-20240815174924-0599f16bf0e2
golang.org/x/exp => golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
@Danielius1922 Danielius1922 force-pushed the adam/feature/update-deps branch from 23562a3 to b29f825 Compare September 16, 2024 15:28
Copy link

sonarcloud bot commented Sep 16, 2024

@Danielius1922 Danielius1922 merged commit ccd105e into main Sep 17, 2024
42 checks passed
@Danielius1922 Danielius1922 deleted the adam/feature/update-deps branch September 17, 2024 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants