The previous circleci images were deprecated and no longer getting
updates. The version of Go included had known CVEs. This moves to
the newer images which container newer patch versions of Go.
Closes#11105
Signed-off-by: Matt Farina <matt@mattfarina.com>
Confirm that the current and updated revision numbers also match as part
of the readiness check. Add coverage for readiness scenarios where
StatefulSet status does not reflect the most recent generation of the
StatefulSet yet.
Also add additional logging around the sts transitions from non-ready to
ready.
Fixes: #10163
Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
(cherry picked from commit 7c74f1dd02)
Note, Go seems to handle dependencies differently in 1.16 and 1.17.
Running go mod tidy highlights this. This change was generated using
go mod tidy -compat=1.17. The current supported Go versions are 1.18
and 1.17.
Signed-off-by: Matt Farina <matt.farina@suse.com>
(cherry picked from commit 5ef01c2714)
This required modifying the `kube.Factory` interface to conform to
changes in k8s' `cmdutil.Factory` interface:
fe3772890f
Signed-off-by: Andrew Seigner <andrew@sig.gy>
The symlink message did not tell anyone what Helm does with the contents
of the linked file. These are used in 2 places:
1. When loading a chart as a directory
2. When creating a chart archive (the linked files contents are
included)
Signed-off-by: Matt Farina <matt.farina@suse.com>
Update the crypto dependency to address CVE-2022-27191.
Helm does not use the ssh module of crypto, so is not vulnerable to this
CVE, but the dependency gets flagged by vulnerability scanners
Signed-off-by: Colleen Murphy <colleen.murphy@suse.com>
go:build is the new conditional compilation directive used to specify build constraints. It was introduced in Go 1.17. It is meant to replace the old +build directives.
Now that go.mod points to Go 1.17 we no longer need to support both
build flags.
Signed-off-by: Matthew Fisher <matt.fisher@fermyon.com>
vcs had a release due to a CVE. This updates to the latest version
that mitigates the CVE.
Note, the Makefile was updated so that `make build` would build
without cgo just like gox does in the CI pipeline. They should
both build without cgo so we can catch issues before merging to
master where a canary build would pick up the problem.
Signed-off-by: Matt Farina <matt@mattfarina.com>
Fixed old releases rotation procedure to not require a deployed release to exists.
An error will arise when there are no successfully deployed release yet, but releases history limit has been reached. In such situation helm will refuse to upgrade release anymore with "... has no deployed releases" error.
Furthermore, release rotation procedure already expecting lastDeployedRelease to be either nil, or not nil. So it is assumed that deployed release may exist or may not and these both outcomes were already expected as a valid situation rather than a failure.
Reworked storage_test.go TestStorageRemoveLeastRecentWithError test case: use mocked driver and test release creation procedure does not shadows errors from the underneath release rotation procedure.
Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
Guilherme Macedo
Arvid E. Picciani
Matt Farina
Martin Hickey
Dominic Evans
Soule BA
dependabot[bot]
Matt Farina
Andrew Seigner
Simon Alling
Andrew Block
Colleen Murphy
Matthew Fisher
Graham Reed
Zoran Krleza
Timofey Kirillov