Skip to content

🌱 Bump Go 1.24 #12128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

🌱 Bump Go 1.24 #12128

wants to merge 4 commits into from

Conversation

sivchari
Copy link
Member

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Part of #11642

/area dependency

@k8s-ci-robot k8s-ci-robot added area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 25, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign justinsb for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Apr 25, 2025
@sivchari
Copy link
Member Author

Error: can't load config: the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.24)
Failed executing command with error: can't load config: the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.24)

We should merge #12088 at first since the golangci-lint version that Go1.24 is available is only golangci-lint v2.

@sivchari sivchari mentioned this pull request Apr 25, 2025
Open
mboersma
mboersma reviewed May 2, 2025
View reviewed changes
@mboersma mboersma mentioned this pull request May 2, 2025
Merged
@fabriziopandini
Copy link
Member

/hold

We usually use the same go version used by K8s version we are importing, and we import the same K8s version used by the controller runtime version we are using.
(so most probably we should stick to go 1.23 until we bump to CR 0.21)

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 5, 2025
@sivchari
Copy link
Member Author

sivchari commented May 5, 2025

Thanks!
Other PRs about dependency could be merged, when new CR is published.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 8, 2025
@sbueringer
Copy link
Member

sbueringer commented May 9, 2025
edited
Loading

I would like to do the CR bump. I'm usually using CAPI as a final verification for CR before the CR release is published. I will coordinate with you that this PR is merged right before.

Can you please rebase this PR?

@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 9, 2025
@sivchari
Copy link
Member Author

sivchari commented May 9, 2025
edited
Loading

@sbueringer
rebased it.

EDIT
I'll take it later.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels May 9, 2025
sivchari added 2 commits May 9, 2025 18:01
@sivchari
Bump Go 1.24
cf12dab 
Signed-off-by: sivchari <[email protected]>
@sivchari
Disable 2 rules of golangci-lint
5155b25 
Signed-off-by: sivchari <[email protected]>
sivchari
sivchari commented May 9, 2025
View reviewed changes
.golangci.yml
@@ -47,6 +47,9 @@ linters:
- usestdlibvars # using variables/constants from the standard library
- usetesting # report function to be replace by testing
- whitespace # unnecessary newlines
disable:
# TODO: It will be dropped when the Go version migration is done.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

usetesting is automatically enabled when Go 1.24 is used. This linter diagnose the calls that can be replaced by functions defined in testing package. e.g. os.Setenv -> testing.Setenv.
It is what I'm going to do after the migration to Go1.24 since the diff is very large. So I disable it once, then would tackle it later on another PR.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good! Maybe open a small issue to track it

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opened #12179 👍

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thx!

@sivchari
Copy link
Member Author

sivchari commented May 9, 2025

This failure is led by Go 1.24 since the go test run the vet implicitly before run test. Since 1.24, printf linter is called every time, then I disabled it on golanci.yml to deal with these issues on another PR. But it seems to deal with it too including with this PR.

@sivchari
apply for printf
0ca8a1d 
Signed-off-by: sivchari <[email protected]>
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 9, 2025
@sivchari
Copy link
Member Author

sivchari commented May 9, 2025

Okay, it works correctly 😄

@sivchari sivchari mentioned this pull request May 9, 2025
Open
@sivchari
Copy link
Member Author

sivchari commented May 9, 2025 

=== Symbol Results ===

Vulnerability #1: GO-2025-3563
    Request smuggling due to acceptance of invalid chunked data in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3563
  Standard library
    Found in: net/http/[email protected]
    Fixed in: net/http/[email protected]
    Example traces found:
      #1: cmd/clusterctl/client/repository/repository_gitlab.go:184:28: repository.gitLabRepository.GetFile calls io.ReadAll, which eventually calls internal.chunkedReader.Read

Your code is affected by 1 vulnerability from the Go standard library.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.
=== Symbol Results ===

No vulnerabilities found.

Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
=== Symbol Results ===

Vulnerability #1: GO-2025-3563
    Request smuggling due to acceptance of invalid chunked data in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3563
  Standard library
    Found in: net/http/[email protected]
    Fixed in: net/http/[email protected]
    Example traces found:
      #1: infrastructure/container/docker.go:130:24: container.dockerRuntime.PullContainerImage calls io.ReadAll, which eventually calls internal.chunkedReader.Read

Your code is affected by 1 vulnerability from the Go standard library.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.
make: *** [verify-govulncheck] Error 1

We met the vulnerability, then I decide to upgrade from go1.24.0 to go1.24.2.

@sivchari
Copy link
Member Author

sivchari commented May 9, 2025

/retest

@sivchari sivchari mentioned this pull request May 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mboersma mboersma mboersma left review comments

@sbueringer sbueringer sbueringer left review comments

@richardcase richardcase Awaiting requested review from richardcase

@vincepri vincepri Awaiting requested review from vincepri

Assignees
No one assigned
Labels
area/dependency Issues or PRs related to dependency changes cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sivchari @k8s-ci-robot @fabriziopandini @sbueringer @mboersma