9bcc88611f
- https://github.com/golang/go/issues?q=milestone%3AGo1.24.5+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.24.4...go1.24.5 This minor releases include 1 security fixes following the security policy: - cmd/go: unexpected command execution in untrusted VCS repositories Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools (such as directly cloning Git or Mercurial repositories) can cause the toolchain to execute unexpected commands, if said directory contains multiple VCS configuration metadata (such as a '.hg' directory in a Git repository). This is due to how the Go toolchain attempts to resolve which VCS is being used in order to embed build information in binaries and determine module versions. The toolchain will now abort attempting to resolve which VCS is being used if it detects multiple VCS configuration metadata in a module directory or nested VCS configuration metadata (such as a '.git' directoy in a parent directory and a '.hg' directory in a child directory). This will not prevent the toolchain from building modules, but will result in binaries omitting VCS related build information. If this behavior is expected by the user, the old behavior can be re-enabled by setting GODEBUG=allowmultiplevcs=1. This should only be done in trusted repositories. Thanks to RyotaK (https://ryotak.net) of GMO Flatt Security Inc for reporting this issue. This is CVE-2025-4674 and https://go.dev/issue/74380. View the release notes for more information: https://go.dev/doc/devel/release#go1.24.5 Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
84 lines
2.2 KiB
YAML
84 lines
2.2 KiB
YAML
name: test
|
|
|
|
# Default to 'contents: read', which grants actions to read commits.
|
|
#
|
|
# If any permission is set, any permission not included in the list is
|
|
# implicitly set to "none".
|
|
#
|
|
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- 'master'
|
|
- '[0-9]+.[0-9]+'
|
|
- '[0-9]+.x'
|
|
tags:
|
|
- 'v*'
|
|
pull_request:
|
|
|
|
jobs:
|
|
ctn:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
-
|
|
name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
-
|
|
name: Test
|
|
uses: docker/bake-action@v6
|
|
with:
|
|
targets: test-coverage
|
|
-
|
|
name: Send to Codecov
|
|
uses: codecov/codecov-action@v5
|
|
with:
|
|
files: ./build/coverage/coverage.txt
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
|
|
host:
|
|
runs-on: ${{ matrix.os }}
|
|
env:
|
|
GOPATH: ${{ github.workspace }}
|
|
GOBIN: ${{ github.workspace }}/bin
|
|
GO111MODULE: auto
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os:
|
|
- macos-13 # macOS 13 on Intel
|
|
- macos-14 # macOS 14 on arm64 (Apple Silicon M1)
|
|
# - windows-2022 # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history
|
|
steps:
|
|
-
|
|
name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
path: ${{ env.GOPATH }}/src/github.com/docker/cli
|
|
-
|
|
name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: "1.24.5"
|
|
-
|
|
name: Test
|
|
run: |
|
|
go test -coverprofile=/tmp/coverage.txt $(go list ./... | grep -vE '/vendor/|/e2e/')
|
|
go tool cover -func=/tmp/coverage.txt
|
|
working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli
|
|
shell: bash
|
|
-
|
|
name: Send to Codecov
|
|
uses: codecov/codecov-action@v5
|
|
with:
|
|
files: /tmp/coverage.txt
|
|
working-directory: ${{ env.GOPATH }}/src/github.com/docker/cli
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|