Skip to content

versions: Bump golang to 1.24.11#2706

Merged
stevenhorsman merged 2 commits intoconfidential-containers:mainfrom
stevenhorsman:goalng-1.24.11-bump
Dec 3, 2025
Merged

versions: Bump golang to 1.24.11#2706
stevenhorsman merged 2 commits intoconfidential-containers:mainfrom
stevenhorsman:goalng-1.24.11-bump

Conversation

@stevenhorsman
Copy link
Copy Markdown
Member

@stevenhorsman stevenhorsman commented Dec 3, 2025

Fixes for the following GO-2025-4155

@stevenhorsman
versions: Bump golang to 1.24.11
90d7e71 
Fixes for the following GO-2025-4155

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman stevenhorsman requested a review from a team as a code owner December 3, 2025 11:41
@stevenhorsman
Copy link
Copy Markdown
Member Author

stevenhorsman commented Dec 3, 2025

The s390x failure is due to the removal of storage.googleapis.com/golang (actions/go-versions#127), so I will have to try and bump the setup-go action to 6.1.0 in alignment which has a fix for this: https://github.com/actions/setup-go/releases/tag/v6.1.0

@stevenhorsman
version: Bump actions/setup-go to 6.1.0
2502783 
Due to the removal of storage.googleapis.com/golang
(actions/go-versions#127),
some of the golang installs are failing, so  update setup-go action
to 6.1.0 which has a fix for this:
https://github.com/actions/setup-go/releases/tag/v6.1.0

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Dec 3, 2025
View reviewed changes
Comment thread .github/workflows/csi_wrapper_images.yaml
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
- name: Setup Golang version ${{ env.GO_VERSION }}
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0

Check failure

Code scanning / zizmor

runtime artifacts potentially vulnerable to a cache poisoning attack Error

runtime artifacts potentially vulnerable to a cache poisoning attack
Copy link
Copy Markdown
Member

@beraldoleal beraldoleal Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stevenhorsman is this a valid one?

Copy link
Copy Markdown
Member Author

@stevenhorsman stevenhorsman Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - you can see from https://github.com/actions/setup-go/releases/tag/v6.1.0. The reason is that it's flagged is that we a cache in this action: cache-dependency-path: "**/go.sum", which we need to track and see if the performance penalty is okay.

@stevenhorsman
Copy link
Copy Markdown
Member Author

stevenhorsman commented Dec 3, 2025

Unfortunately the e2e tests is a pull_request_target, so uses the main branches workload, so it still waiting, but the other jobs are passing, so hopefully this is enough to ensure that we don't have regressions.

@stevenhorsman stevenhorsman mentioned this pull request Dec 3, 2025
Merged
@stevenhorsman stevenhorsman merged commit d33f5cd into confidential-containers:main Dec 3, 2025
46 of 49 checks passed
@stevenhorsman stevenhorsman deleted the goalng-1.24.11-bump branch December 3, 2025 15:47
stevenhorsman added a commit to stevenhorsman/cloud-api-adaptor that referenced this pull request Dec 3, 2025
@stevenhorsman
version: Complete the bump to go 1.24.11
815bf9c 
Bump the builder image created in confidential-containers#2706 and bump
the go.mod version to actually use the new go version.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
stevenhorsman added a commit to stevenhorsman/cloud-api-adaptor that referenced this pull request Dec 3, 2025
@stevenhorsman
version: Complete the bump to go 1.24.11
8ecdf2b 
Bump the builder image created in confidential-containers#2706 and bump
the go.mod version to actually use the new go version.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman stevenhorsman mentioned this pull request Dec 3, 2025
Merged
stevenhorsman added a commit to stevenhorsman/cloud-api-adaptor that referenced this pull request Dec 3, 2025
@stevenhorsman
version: Complete the bump to go 1.24.11
e5ce1c2 
Bump the builder image created in confidential-containers#2706 and bump
the go.mod version to actually use the new go version.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
wainersm pushed a commit that referenced this pull request Dec 8, 2025
@stevenhorsman @wainersm
version: Complete the bump to go 1.24.11
18e28d3 
Bump the builder image created in #2706 and bump
the go.mod version to actually use the new go version.

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman stevenhorsman mentioned this pull request Jan 29, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beraldoleal beraldoleal beraldoleal approved these changes

@mkulke mkulke mkulke approved these changes

Assignees

No one assigned

Labels

test_e2e_docker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@stevenhorsman @beraldoleal @mkulke @github-advanced-security