github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,792 Commits 3 Branches 4 Tags
15782881ee49463adcd2e65e91973ebe379f65f9
Commit Graph

457 Commits

Author SHA1 Message Date
Akihiro Suda
2d5689434d CI: use Go 1.22 by default 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-04-30 11:52:36 +09:00
Sebastiaan van Stijn
13e6b2b686 update to go1.21.9, go1.22.2 
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages. See the Go 1.21.9 milestone for more details;
https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved

These minor releases include 1 security fixes following the security policy:

- http2: close connections when receiving too many headers

Maintaining HPACK state requires that we parse and process all HEADERS
and CONTINUATION frames on a connection. When a request's headers exceed
MaxHeaderBytes, we don't allocate memory to store the excess headers but
we do parse them. This permits an attacker to cause an HTTP/2 endpoint
to read arbitrary amounts of header data, all associated with a request
which is going to be rejected. These headers can include Huffman-encoded
data which is significantly more expensive for the receiver to decode
than for an attacker to send.

Set a limit on the amount of excess header frames we will process before
closing a connection.

Thanks to Bartek Nowotarski (https://nowotarski.info/) for reporting this issue.

This is CVE-2023-45288 and Go issue https://go.dev/issue/65051.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.2

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-04-22 19:43:32 +02:00
Derek McGowan
357c59b799 Update github actions ci to run on forks 
Excludes actuated when on fork.
Runs some project tests on fork.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-03-12 18:20:02 -07:00
dependabot[bot]
21d3fedf44 build(deps): bump softprops/action-gh-release from 1 to 2 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-11 23:09:36 +00:00
Phil Estes
249db79d6d Merge pull request #9923 from containerd/dependabot/github_actions/azure/login-2 
build(deps): bump azure/login from 1 to 2
 2024-03-08 02:54:36 +00:00
Austin Vazquez
7ac9d6909c Use the Go toolchain in CI matrix to build binaries 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-03-08 00:35:36 +00:00
Akihiro Suda
7ecdebff93 update to go 1.21.8, 1.22.1 
See https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-07 08:32:40 +09:00
dependabot[bot]
ab4de3e4c3 build(deps): bump azure/login from 1 to 2 
Bumps [azure/login](https://github.com/azure/login) from 1 to 2.
- [Release notes](https://github.com/azure/login/releases)
- [Commits](https://github.com/azure/login/compare/v1...v2)

---
updated-dependencies:
- dependency-name: azure/login
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-04 23:06:36 +00:00
Wei Fu
5351ad6b4a .github: windows should use fix critool version 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2024-02-24 22:48:53 +08:00
Austin Vazquez
6a759713ad Update golangci-lint to v1.56.1 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-02-19 15:15:01 +00:00
Maksym Pavlenko
a890c8e537 Add job to report statuses from matrix jobs 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-15 12:13:58 -08:00
dependabot[bot]
a274439f2e build(deps): bump golangci/golangci-lint-action from 3 to 4 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-12 23:37:29 +00:00
Phil Estes
1b67dd7235 Merge pull request #9797 from austinvazquez/update-scorecards-dependency 
Update codeql-action/upload-sarif dependency in scorecards workflow
 2024-02-09 16:42:16 +00:00
Kirtana Ashok
87aa9e8008 Drop go 1.20 and build against 1.22 
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
 2024-02-08 17:57:51 -08:00
Austin Vazquez
2763846956 Update codeql-action/upload-sarif dependency in scorecards workflow 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-02-09 00:47:37 +00:00
Maksym Pavlenko
b3f1c15b6a Merge pull request #9786 from mxpv/ci 
Extract setup-go step into composite action
 2024-02-09 00:21:06 +00:00
Maksym Pavlenko
f5ed7b84e9 Merge pull request #9705 from containerd/dependabot/github_actions/google-github-actions/upload-cloud-storage-2.1.0 
build(deps): bump google-github-actions/upload-cloud-storage from 2.0.0 to 2.1.0
 2024-02-07 21:33:20 +00:00
Maksym Pavlenko
360fbf197b Fix windows integration tests 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-07 13:01:43 -08:00
Maksym Pavlenko
2820343d47 Update workflow files to install Go via composite action 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-07 12:36:23 -08:00
Maksym Pavlenko
488b563610 Extract a composite action to install Go 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-07 12:28:17 -08:00
Maksym Pavlenko
32bd8eff9e Move inline PS scripts into files 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-06 18:27:21 -08:00
Maksym Pavlenko
72950c00b8 Treat PRs that require rebase > 90 days as stale 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-05 18:23:20 -08:00
Akihiro Suda
2369185aac CI: update Rocky Linux to 8.9 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:56:46 +09:00
dependabot[bot]
495afb0c02 build(deps): bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.9.1 to 1.9.3.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.9.1...v1.9.3)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:38 +00:00
dependabot[bot]
5365a1089d build(deps): bump google-github-actions/upload-cloud-storage 
Bumps [google-github-actions/upload-cloud-storage](https://github.com/google-github-actions/upload-cloud-storage) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/google-github-actions/upload-cloud-storage/releases)
- [Changelog](https://github.com/google-github-actions/upload-cloud-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/upload-cloud-storage/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: google-github-actions/upload-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:18 +00:00
roman-kiselenko
966d518014 The Links workflow should be disabled in forks. 
Signed-off-by: roman-kiselenko <roman.kiselenko.dev@gmail.com>
 2024-01-28 12:27:45 +03:00
dependabot[bot]
378e9f4434 build(deps): bump actions/cache from 3 to 4 
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-22 23:52:18 +00:00
Akihiro Suda
d34725f85a CI: use standard GHA runners 
"Larger" runners are no longer required for nested virt with Linux

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-19 12:33:23 +09:00
dependabot[bot]
18b0d236cb build(deps): bump actions/upload-artifact from 3 to 4 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-16 20:52:30 +00:00
Derek McGowan
07362334f0 Merge pull request #9645 from akhilerm/migrate-artifact-action-v4 
ci: make artifact name unique in linux integration
 2024-01-16 20:15:27 +00:00
Akhil Mohan
20619a7c9f ci: make artifact name unique in linux integration 
actions/upload-artifact@v4 marks artifacts as immutable. Thus, tests
which use matrix should have a unique artifact name while using
upload-artifact github action

Ref: https://github.com/actions/upload-artifact/releases/tag/v4.0.0
Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-01-16 18:30:18 +05:30
dependabot[bot]
2053d91578 build(deps): bump lycheeverse/lychee-action from 1.9.0 to 1.9.1 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-16 00:03:52 +00:00
Sebastiaan van Stijn
a5d9587061 update to go1.21.6, go1.20.13 
go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and
the crypto/tls, maps, and runtime/pprof packages. See the Go 1.21.6 milestone on
our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.6+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.5...go1.21.6

go1.20.13 (released 2024-01-09) includes fixes to the runtime and the crypto/tls
package. See the Go 1.20.13 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.13+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.12...go1.20.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-01-10 10:42:07 +01:00
Derek McGowan
5232e1322c Merge pull request #9615 from containerd/dependabot/github_actions/lycheeverse/lychee-action-1.9.0 
build(deps): bump lycheeverse/lychee-action from 1.8.0 to 1.9.0
 2024-01-10 04:54:48 +00:00
Kirtana Ashok
21640c57a8 Uninstall mingw before attempting upgrade 
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
 2024-01-09 09:14:05 -08:00
dependabot[bot]
2b415c911b build(deps): bump lycheeverse/lychee-action from 1.8.0 to 1.9.0 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-08 23:35:08 +00:00
James Sturtevant
46b2f1d162 Use latest VM image to get Windows updates regularly 
Signed-off-by: James Sturtevant <jstur@microsoft.com>
 2024-01-04 21:22:04 +00:00
Samuel Karp
935b22dbb7 Merge pull request #9560 from containerd/dependabot/github_actions/google-github-actions/upload-cloud-storage-2.0.0 
build(deps): bump google-github-actions/upload-cloud-storage from 1.0.3 to 2.0.0
 2023-12-19 07:45:10 +00:00
dependabot[bot]
0b48b56598 build(deps): bump google-github-actions/upload-cloud-storage 
Bumps [google-github-actions/upload-cloud-storage](https://github.com/google-github-actions/upload-cloud-storage) from 1.0.3 to 2.0.0.
- [Release notes](https://github.com/google-github-actions/upload-cloud-storage/releases)
- [Changelog](https://github.com/google-github-actions/upload-cloud-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/upload-cloud-storage/compare/v1.0.3...v2.0.0)

---
updated-dependencies:
- dependency-name: google-github-actions/upload-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-18 23:54:06 +00:00
dependabot[bot]
97ec26a5eb build(deps): bump actions/download-artifact from 3 to 4 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-18 23:53:36 +00:00
Phil Estes
e5e7f613cf Merge pull request #9514 from containerd/dependabot/github_actions/actions/upload-artifact-3 
build(deps): bump actions/upload-artifact from 1 to 3
 2023-12-14 14:56:55 +00:00
Phil Estes
aaf41a827a Merge pull request #9533 from containerd/dependabot/github_actions/docker/setup-buildx-action-3 
build(deps): bump docker/setup-buildx-action from 2 to 3
 2023-12-14 14:56:23 +00:00
dependabot[bot]
f9303d04de build(deps): bump github/codeql-action from 2 to 3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-14 03:34:30 +00:00
dependabot[bot]
4c1ebe33bd build(deps): bump docker/setup-buildx-action from 2 to 3 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-14 03:34:15 +00:00
Akihiro Suda
51fd1d47e6 dependabot: enable groups 
See https://github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta/

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-12-14 09:38:44 +09:00
Akihiro Suda
614395ce65 Merge pull request #9513 from containerd/dependabot/github_actions/ossf/scorecard-action-2.3.1 
build(deps): bump ossf/scorecard-action from 2.0.3 to 2.3.1
 2023-12-13 12:33:03 +00:00
Akihiro Suda
93e3a50420 Merge pull request #9511 from containerd/dependabot/github_actions/google-github-actions/auth-2 
build(deps): bump google-github-actions/auth from 0 to 2
 2023-12-13 05:52:48 +00:00
Akihiro Suda
47b18765b2 Merge pull request #9509 from containerd/dependabot/github_actions/google-github-actions/upload-cloud-storage-1.0.3 
build(deps): bump google-github-actions/upload-cloud-storage from 0.10.4 to 1.0.3
 2023-12-13 05:12:31 +00:00
Akihiro Suda
e66b912048 Merge pull request #9517 from containerd/dependabot/github_actions/actions/stale-9 
build(deps): bump actions/stale from 8 to 9
 2023-12-13 05:11:26 +00:00
Akihiro Suda
fd163893bc Merge pull request #9512 from containerd/dependabot/github_actions/crazy-max/ghaction-github-runtime-3 
build(deps): bump crazy-max/ghaction-github-runtime from 2 to 3
 2023-12-13 05:01:40 +00:00