Bump otelhttp to resolve CVE #280

Workflow file for this run

	---
	name: CI
	on: # yamllint disable-line rule:truthy
	pull_request:
	push:
	jobs:
	test_go:
	name: Go tests
	runs-on: ubuntu-latest
	# Whenever the Go version is updated here, .promu.yml
	# should also be updated.
	container:
	image: quay.io/prometheus/golang-builder:1.20-base
	steps:
	- uses: actions/checkout@v3
	- uses: ./.github/actions/setup_environment
	- run: make GO_ONLY=1 SKIP_GOLANGCI_LINT=1
	- run: go test ./tsdb/ -test.tsdb-isolation=false
	- run: GOARCH=386 go test ./cmd/prometheus
	# NOTE(bwplotka): Linting some example code can be skipped, somehow fetching golangci-lint fails for our fork.
	- run: make SKIP_GOLANGCI_LINT=1 -C documentation/examples/remote_storage
	- run: make -C documentation/examples
	- uses: ./.github/actions/check_proto
	with:
	version: "3.15.8"

	test_ui:
	name: UI tests
	runs-on: ubuntu-latest
	# Whenever the Go version is updated here, .promu.yml
	# should also be updated.
	container:
	image: quay.io/prometheus/golang-builder:1.20-base

	steps:
	- uses: actions/checkout@v3
	- uses: ./.github/actions/setup_environment
	with:
	enable_go: false
	enable_npm: true
	- run: make assets-tarball
	- run: make ui-lint
	- run: make ui-test
	- uses: ./.github/actions/save_artifacts
	with:
	directory: .tarballs

	test_windows:
	name: Go tests on Windows
	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-go@v3
	with:
	go-version: '>=1.20 <1.21'
	- run: \|
	$TestTargets = go list ./... \| Where-Object { $_ -NotMatch "(github.com/prometheus/prometheus/discovery.*\|github.com/prometheus/prometheus/config\|github.com/prometheus/prometheus/web)"}
	go test $TestTargets -vet=off -v
	shell: powershell

	test_golang_oldest:
	name: Go tests with previous Go version
	runs-on: ubuntu-latest
	# The go verson in this image should be N-1 wrt test_go.
	container:
	image: quay.io/prometheus/golang-builder:1.19-base
	steps:
	- uses: actions/checkout@v3
	- run: make build
	- run: go test ./tsdb/...
	- run: go test ./tsdb/ -test.tsdb-isolation=false

	test_mixins:
	name: Mixins tests
	runs-on: ubuntu-latest
	# Whenever the Go version is updated here, .promu.yml
	# should also be updated.
	container:
	image: quay.io/prometheus/golang-builder:1.20-base
	steps:
	- uses: actions/checkout@v3
	- run: go install ./cmd/promtool/.
	- run: go install github.com/google/go-jsonnet/cmd/jsonnet@latest
	- run: go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
	- run: go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
	- run: make -C documentation/prometheus-mixin clean
	- run: make -C documentation/prometheus-mixin jb_install
	- run: make -C documentation/prometheus-mixin
	- run: git diff --exit-code

	build:
	name: Build Prometheus for common architectures
	runs-on: ubuntu-latest
	if: \|
	!(github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v2.'))
	&&
	!(github.event_name == 'pull_request' && startsWith(github.event.pull_request.base.ref, 'release-'))
	&&
	!(github.event_name == 'push' && github.event.ref == 'refs/heads/main')
	strategy:
	matrix:
	thread: [ 0, 1, 2 ]
	steps:
	- uses: actions/checkout@v3
	- uses: ./.github/actions/build
	with:
	promu_opts: "-p linux/amd64 -p windows/amd64 -p linux/arm64 -p darwin/amd64 -p darwin/arm64 -p linux/386"
	parallelism: 3
	thread: ${{ matrix.thread }}
	build_all:
	name: Build Prometheus for all architectures
	runs-on: ubuntu-latest
	if: \|
	(github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v2.'))
	\|\|
	(github.event_name == 'pull_request' && startsWith(github.event.pull_request.base.ref, 'release-'))
	\|\|
	(github.event_name == 'push' && github.event.ref == 'refs/heads/main')
	strategy:
	matrix:
	thread: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 ]

	# Whenever the Go version is updated here, .promu.yml
	# should also be updated.
	steps:
	- uses: actions/checkout@v3
	- uses: ./.github/actions/build
	with:
	parallelism: 12
	thread: ${{ matrix.thread }}
	golangci:
	name: golangci-lint
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Install Go
	uses: actions/setup-go@v3
	with:
	go-version: '<1.21'
	- name: Install snmp_exporter/generator dependencies
	run: sudo apt-get update && sudo apt-get -y install libsnmp-dev
	if: github.repository == 'prometheus/snmp_exporter'
	- name: Lint
	uses: golangci/golangci-lint-action@v3.3.0
	with:
	version: v1.55.2 # NOTE(bwplotka): Patched as our old version of Prometheus uses newer Go version now.
	fuzzing:
	uses: ./.github/workflows/fuzzing.yml
	if: github.event_name == 'pull_request'
	codeql:
	uses: ./.github/workflows/codeql-analysis.yml

	publish_main:
	name: Publish main branch artifacts
	runs-on: ubuntu-latest
	needs: [test_ui, test_go, test_windows, golangci, codeql, build_all]
	if: github.repository == 'prometheus/prometheus' && github.event_name == 'push' && github.event.ref == 'refs/heads/main'
	steps:
	- uses: actions/checkout@v3
	- uses: ./.github/actions/publish_main
	with:
	docker_hub_login: ${{ secrets.docker_hub_login }}
	docker_hub_password: ${{ secrets.docker_hub_password }}
	quay_io_login: ${{ secrets.quay_io_login }}
	quay_io_password: ${{ secrets.quay_io_password }}
	publish_release:
	name: Publish release arfefacts
	runs-on: ubuntu-latest
	needs: [test_ui, test_go, test_windows, golangci, codeql, build_all]
	if: github.repository == 'prometheus/prometheus' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v2.')
	steps:
	- uses: actions/checkout@v3
	- uses: ./.github/actions/publish_release
	with:
	docker_hub_login: ${{ secrets.docker_hub_login }}
	docker_hub_password: ${{ secrets.docker_hub_password }}
	quay_io_login: ${{ secrets.quay_io_login }}
	quay_io_password: ${{ secrets.quay_io_password }}
	github_token: ${{ secrets.PROMBOT_GITHUB_TOKEN }}
	publish_ui_release:
	name: Publish UI on npm Registry
	runs-on: ubuntu-latest
	needs: [test_ui, codeql]
	if: github.repository == 'prometheus/prometheus'
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Install nodejs
	uses: actions/setup-node@v3
	with:
	node-version-file: "web/ui/.nvmrc"
	registry-url: "https://registry.npmjs.org"
	- uses: actions/cache@v3.0.11
	with:
	path: ~/.npm
	key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-node-
	- name: Check libraries version
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v2.')
	run: ./scripts/ui_release.sh --check-package "$(echo ${{ github.ref_name }}\|sed s/v2/v0/)"
	- name: build
	run: make assets
	- name: Copy files before publishing libs
	run: ./scripts/ui_release.sh --copy
	- name: Publish dry-run libraries
	if: "!(github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v2.'))"
	run: ./scripts/ui_release.sh --publish dry-run
	- name: Publish libraries
	if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v2.')
	run: ./scripts/ui_release.sh --publish
	env:
	# The setup-node action writes an .npmrc file with this env variable
	# as the placeholder for the auth token
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump otelhttp to resolve CVE #280

Workflow file

Bump otelhttp to resolve CVE #280

Jobs

Run details

Workflow file for this run