github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,900 Commits 3 Branches 4 Tags
96ff18d37cb59072566d52178edca0dad773b9bb
Commit Graph

458 Commits

Author SHA1 Message Date
dependabot[bot]
96ff18d37c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...dc50aa9510)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-13 23:54:50 +00:00
Austin Vazquez
25c2f690a8 Update toolchain to Go 1.22.3 
Go 1.22.3 release includes bug fixes for the core net/http package.

Full release notes: https://go.dev/doc/devel/release#go1.22.minor

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-05-10 15:49:18 +00:00
Maksym Pavlenko
9a9a8c46a6 Don't require vagrant tests in merge queues 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-05-08 15:41:41 -07:00
Kohei Tokunaga
41dc94ee17 CI: bump up golangci-lint to v1.58.0 
This also fixes the following warnings:

```
WARN [config_reader] The configuration option `run.skip-dirs` is deprecated, please use `issues.exclude-dirs`.
WARN [lintersdb] The name "vet" is deprecated. The linter has been renamed to: govet.
```

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2024-05-08 12:09:30 +09:00
Akihiro Suda
bfdc224861 Merge pull request #9920 from AkihiroSuda/cri-tools-20240304 
critools-version: v1.30.0
 2024-05-07 21:27:53 +00:00
Phil Estes
c5f538c4c4 Merge pull request #10147 from containerd/dependabot/github_actions/lycheeverse/lychee-action-1.10.0 
build(deps): bump lycheeverse/lychee-action from 1.9.3 to 1.10.0
 2024-05-07 14:21:21 +00:00
Wei Fu
3b065cdddb CI: skip test in arm64 CI 
Co-authored-by: Wei Fu <fuweid89@gmail.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-05-07 21:24:28 +09:00
Akhil Mohan
13f2fa1de1 remove go1.21.9 from CI matrix 
since go.mod got updated to go1.22, 1.22 is the minimum version to build
containerd. even if 1.21.9 is the version present on the host, go
command will build using 1.22.0 go version.

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-05-06 16:00:41 +05:30
Derek McGowan
b811a88793 Add API release action 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-05-03 16:26:11 -07:00
Akihiro Suda
53160fb4b6 Merge pull request #10110 from AkihiroSuda/go-mod-1.22 
go.mod: go 1.22
 2024-04-30 09:19:17 +00:00
Akihiro Suda
2d5689434d CI: use Go 1.22 by default 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-04-30 11:52:36 +09:00
dependabot[bot]
c001a70562 build(deps): bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.9.3 to 1.10.0.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.9.3...v1.10.0)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-29 23:19:13 +00:00
dependabot[bot]
6df759e243 build(deps): bump golangci/golangci-lint-action from 4 to 5 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-29 23:19:10 +00:00
Sebastiaan van Stijn
13e6b2b686 update to go1.21.9, go1.22.2 
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages. See the Go 1.21.9 milestone for more details;
https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved

These minor releases include 1 security fixes following the security policy:

- http2: close connections when receiving too many headers

Maintaining HPACK state requires that we parse and process all HEADERS
and CONTINUATION frames on a connection. When a request's headers exceed
MaxHeaderBytes, we don't allocate memory to store the excess headers but
we do parse them. This permits an attacker to cause an HTTP/2 endpoint
to read arbitrary amounts of header data, all associated with a request
which is going to be rejected. These headers can include Huffman-encoded
data which is significantly more expensive for the receiver to decode
than for an attacker to send.

Set a limit on the amount of excess header frames we will process before
closing a connection.

Thanks to Bartek Nowotarski (https://nowotarski.info/) for reporting this issue.

This is CVE-2023-45288 and Go issue https://go.dev/issue/65051.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.2

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-04-22 19:43:32 +02:00
Derek McGowan
357c59b799 Update github actions ci to run on forks 
Excludes actuated when on fork.
Runs some project tests on fork.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-03-12 18:20:02 -07:00
dependabot[bot]
21d3fedf44 build(deps): bump softprops/action-gh-release from 1 to 2 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-11 23:09:36 +00:00
Phil Estes
249db79d6d Merge pull request #9923 from containerd/dependabot/github_actions/azure/login-2 
build(deps): bump azure/login from 1 to 2
 2024-03-08 02:54:36 +00:00
Austin Vazquez
7ac9d6909c Use the Go toolchain in CI matrix to build binaries 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-03-08 00:35:36 +00:00
Akihiro Suda
7ecdebff93 update to go 1.21.8, 1.22.1 
See https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-03-07 08:32:40 +09:00
dependabot[bot]
ab4de3e4c3 build(deps): bump azure/login from 1 to 2 
Bumps [azure/login](https://github.com/azure/login) from 1 to 2.
- [Release notes](https://github.com/azure/login/releases)
- [Commits](https://github.com/azure/login/compare/v1...v2)

---
updated-dependencies:
- dependency-name: azure/login
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-04 23:06:36 +00:00
Wei Fu
5351ad6b4a .github: windows should use fix critool version 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2024-02-24 22:48:53 +08:00
Austin Vazquez
6a759713ad Update golangci-lint to v1.56.1 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-02-19 15:15:01 +00:00
Maksym Pavlenko
a890c8e537 Add job to report statuses from matrix jobs 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-15 12:13:58 -08:00
dependabot[bot]
a274439f2e build(deps): bump golangci/golangci-lint-action from 3 to 4 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-12 23:37:29 +00:00
Phil Estes
1b67dd7235 Merge pull request #9797 from austinvazquez/update-scorecards-dependency 
Update codeql-action/upload-sarif dependency in scorecards workflow
 2024-02-09 16:42:16 +00:00
Kirtana Ashok
87aa9e8008 Drop go 1.20 and build against 1.22 
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
 2024-02-08 17:57:51 -08:00
Austin Vazquez
2763846956 Update codeql-action/upload-sarif dependency in scorecards workflow 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-02-09 00:47:37 +00:00
Maksym Pavlenko
b3f1c15b6a Merge pull request #9786 from mxpv/ci 
Extract setup-go step into composite action
 2024-02-09 00:21:06 +00:00
Maksym Pavlenko
f5ed7b84e9 Merge pull request #9705 from containerd/dependabot/github_actions/google-github-actions/upload-cloud-storage-2.1.0 
build(deps): bump google-github-actions/upload-cloud-storage from 2.0.0 to 2.1.0
 2024-02-07 21:33:20 +00:00
Maksym Pavlenko
360fbf197b Fix windows integration tests 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-07 13:01:43 -08:00
Maksym Pavlenko
2820343d47 Update workflow files to install Go via composite action 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-07 12:36:23 -08:00
Maksym Pavlenko
488b563610 Extract a composite action to install Go 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-07 12:28:17 -08:00
Maksym Pavlenko
32bd8eff9e Move inline PS scripts into files 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-06 18:27:21 -08:00
Maksym Pavlenko
72950c00b8 Treat PRs that require rebase > 90 days as stale 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-05 18:23:20 -08:00
Akihiro Suda
2369185aac CI: update Rocky Linux to 8.9 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:56:46 +09:00
dependabot[bot]
495afb0c02 build(deps): bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.9.1 to 1.9.3.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.9.1...v1.9.3)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:38 +00:00
dependabot[bot]
5365a1089d build(deps): bump google-github-actions/upload-cloud-storage 
Bumps [google-github-actions/upload-cloud-storage](https://github.com/google-github-actions/upload-cloud-storage) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/google-github-actions/upload-cloud-storage/releases)
- [Changelog](https://github.com/google-github-actions/upload-cloud-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/upload-cloud-storage/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: google-github-actions/upload-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:18 +00:00
roman-kiselenko
966d518014 The Links workflow should be disabled in forks. 
Signed-off-by: roman-kiselenko <roman.kiselenko.dev@gmail.com>
 2024-01-28 12:27:45 +03:00
dependabot[bot]
378e9f4434 build(deps): bump actions/cache from 3 to 4 
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-22 23:52:18 +00:00
Akihiro Suda
d34725f85a CI: use standard GHA runners 
"Larger" runners are no longer required for nested virt with Linux

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-19 12:33:23 +09:00
dependabot[bot]
18b0d236cb build(deps): bump actions/upload-artifact from 3 to 4 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-16 20:52:30 +00:00
Derek McGowan
07362334f0 Merge pull request #9645 from akhilerm/migrate-artifact-action-v4 
ci: make artifact name unique in linux integration
 2024-01-16 20:15:27 +00:00
Akhil Mohan
20619a7c9f ci: make artifact name unique in linux integration 
actions/upload-artifact@v4 marks artifacts as immutable. Thus, tests
which use matrix should have a unique artifact name while using
upload-artifact github action

Ref: https://github.com/actions/upload-artifact/releases/tag/v4.0.0
Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-01-16 18:30:18 +05:30
dependabot[bot]
2053d91578 build(deps): bump lycheeverse/lychee-action from 1.9.0 to 1.9.1 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-16 00:03:52 +00:00
Sebastiaan van Stijn
a5d9587061 update to go1.21.6, go1.20.13 
go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and
the crypto/tls, maps, and runtime/pprof packages. See the Go 1.21.6 milestone on
our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.6+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.5...go1.21.6

go1.20.13 (released 2024-01-09) includes fixes to the runtime and the crypto/tls
package. See the Go 1.20.13 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.13+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.12...go1.20.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-01-10 10:42:07 +01:00
Derek McGowan
5232e1322c Merge pull request #9615 from containerd/dependabot/github_actions/lycheeverse/lychee-action-1.9.0 
build(deps): bump lycheeverse/lychee-action from 1.8.0 to 1.9.0
 2024-01-10 04:54:48 +00:00
Kirtana Ashok
21640c57a8 Uninstall mingw before attempting upgrade 
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
 2024-01-09 09:14:05 -08:00
dependabot[bot]
2b415c911b build(deps): bump lycheeverse/lychee-action from 1.8.0 to 1.9.0 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-08 23:35:08 +00:00
James Sturtevant
46b2f1d162 Use latest VM image to get Windows updates regularly 
Signed-off-by: James Sturtevant <jstur@microsoft.com>
 2024-01-04 21:22:04 +00:00
Samuel Karp
935b22dbb7 Merge pull request #9560 from containerd/dependabot/github_actions/google-github-actions/upload-cloud-storage-2.0.0 
build(deps): bump google-github-actions/upload-cloud-storage from 1.0.3 to 2.0.0
 2023-12-19 07:45:10 +00:00