diff --git a/.github/renovate.json5 b/.github/renovate.json5 index d91e873b037..5fb510565ca 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,12 +1,15 @@ { // self-hosted configuration - "username": "cilium-renovate[bot]", - "repositories": ["cilium/tetragon"], + "username": "mtardy", + "repositories": ["mtardy/tetragon"], + // this is weird + "requireConfig": "ignored", "allowedPostUpgradeCommands": [ "^/tmp/install-buildx$", "^make codegen$", "^make generate$", - "^install/kubernetes/test.sh$" + "^install/kubernetes/test.sh$", + "^go mod vendor$" ], // repository configuration "$schema": "https://docs.renovatebot.com/renovate-schema.json", @@ -15,7 +18,6 @@ ":gitSignOff", "helpers:pinGitHubActionDigests" ], - "gitAuthor": "cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com>", "includePaths": [ ".github/workflows/**", "go.mod", @@ -26,6 +28,7 @@ "pkg/k8s/go.sum", "Dockerfile*", "install/kubernetes/values.yaml", + "Makefile.cli" ], "postUpdateOptions": [ "gomodTidy" @@ -74,6 +77,9 @@ "matchFileNames": [ ".github/workflows/**" ], + "matchManagers": [ + "github-actions" + ], "separateMinorPatch": false, }, { @@ -203,14 +209,6 @@ "main" ], }, - { - // Images that directly use docker.io/library/golang for building. - "groupName": "golang-images", - "matchFileNames": [ - "Dockerfile", - "Makefile" - ] - }, { "matchPackageNames": [ "docker.io/library/busybox" @@ -219,12 +217,25 @@ "Dockerfile" ], }, + // Upgrade the Go module directive, see: + // https://docs.renovatebot.com/modules/versioning/#go-modules-directive-versioning + // depName is 'go' so it will be group with the 'Go' groupName + { + "matchDatasources": ["golang-version"], + "rangeStrategy": "bump", + }, { "groupName": "Go", "matchDepNames": [ "go", "docker.io/library/golang" ], + // postUpgradeTasks is only for when the Go module directives are bumped + "postUpgradeTasks": { + "commands": ["go mod vendor"], + "fileFilters": ["**/**"], + "executionMode": "branch" + }, }, { // Group golangci-lint updates to overrule grouping of version updates in the GHA files. @@ -245,6 +256,7 @@ "executionMode": "branch" } }, + // ignore deps section { // do not update those packages as they are replaced by the local copy // see https://github.com/cilium/tetragon/blob/7623babdf54e9a38326420c1b188308f6cf96fff/go.mod#L178-L179 @@ -268,5 +280,25 @@ ], "enabled": false } + ], + // Those regexes manage version strings in variousfiles, similar to the + // examples shown here: https://docs.renovatebot.com/modules/manager/regex/#advanced-capture + "regexManagers": [ + { + "fileMatch": [ + "^\\.github/workflows/[^/]+\\.ya?ml$" + ], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)\\s+.+version: *['\"]?(?[^'\"\\s]*)" + ] + }, + { + "fileMatch": [ + "Makefile.cli" + ], + "matchStrings": [ + "# renovate: datasource=(?.*?)\\s+GO_IMAGE[[:blank:]]*=[[:blank:]]*(?.*?):(?[^\\s]*)" + ] + } ] } diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml deleted file mode 100644 index c7959997bfc..00000000000 --- a/.github/workflows/build-clang-image.yaml +++ /dev/null @@ -1,191 +0,0 @@ -name: Build Clang Image - -on: - push: - branches: - - main - - v* - paths: - - 'Dockerfile.clang' - pull_request: - paths: - - 'Dockerfile.clang' - - '.github/workflows/build-clang-image.yaml' - -jobs: - build-preview: - if: github.event_name == 'pull_request' - runs-on: ubuntu-20.04 - steps: - # https://github.com/docker/setup-qemu-action - - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - with: - platforms: amd64,arm64 - - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 - - - name: Getting image tag - id: tag - run: | - if [ ${{ github.event.pull_request.head.sha }} != "" ]; then - echo "tag=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT - else - echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT - fi - - - name: Checkout source code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Preview build Clang image - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 - with: - provenance: false - context: . - file: ./Dockerfile.clang - platforms: linux/amd64,linux/arm64 - push: false - tags: | - quay.io/${{ github.repository_owner }}/clang:${{ steps.tag.outputs.tag }} - - build-and-push: - if: github.event_name == 'push' - runs-on: ubuntu-20.04 - environment: release-clang - permissions: - # To be able to access the repository with `actions/checkout` - contents: read - # Required to generate OIDC tokens for `sigstore/cosign-installer` authentication - id-token: write - steps: - # https://github.com/docker/setup-qemu-action - - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - with: - platforms: amd64,arm64 - - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 - - - name: Login to quay.io - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_CLANG_RELEASE_USERNAME }} - password: ${{ secrets.QUAY_CLANG_RELEASE_PASSWORD }} - - - name: Getting image tag - id: tag - run: | - if [ ${{ github.event.pull_request.head.sha }} != "" ]; then - echo "tag=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT - else - echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT - fi - - - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Release Build clang - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 - id: docker_build_release - with: - provenance: false - context: . - file: ./Dockerfile.clang - platforms: linux/amd64,linux/arm64 - push: true - tags: | - quay.io/${{ github.repository_owner }}/clang:${{ steps.tag.outputs.tag }} - - - name: Install Cosign - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v3.0.5 - - - name: Sign Container Image - if: steps.tag-in-repositories.outputs.exists == 'false' - env: - COSIGN_EXPERIMENTAL: "true" - run: | - cosign sign quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} - - - name: Install Bom - shell: bash - run: | - curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.4.1/bom-linux-amd64 -o bom - sudo mv ./bom /usr/local/bin/bom - sudo chmod +x /usr/local/bin/bom - - - name: Generate SBOM - shell: bash - # To-Do: Format SBOM output to JSON after a new version of cosign is released after v1.13.1. Ref: https://github.com/sigstore/cosign/pull/2479 - run: | - bom generate -o sbom_clang_${{ steps.tag.outputs.tag }}.spdx \ - --dirs= . \ - --image=quay.io/${{ github.repository_owner }}/clang:${{ steps.tag.outputs.tag }} - - - name: Attach SBOM to container image - run: | - cosign attach sbom --sbom sbom_clang_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} - - - name: Sign SBOM Image - if: steps.tag-in-repositories.outputs.exists == 'false' - env: - COSIGN_EXPERIMENTAL: "true" - run: | - docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}" - image_name="quay.io/${{ github.repository_owner }}/clang:${docker_build_release_digest/:/-}.sbom" - docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}" - - - name: Image Release Digest - shell: bash - run: | - mkdir -p image-digest/ - job_name=clang - job_name_capital=${job_name^^} - job_name_underscored=${job_name_capital//-/_} - echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt - echo "### clang" > image-digest/clang.txt - echo "" >> image-digest/clang.txt - echo "\`quay.io/${{ github.repository_owner }}/clang:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/clang.txt - echo "" >> image-digest/clang.txt - - # Upload artifact digests - - name: Upload artifact digests - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - with: - name: image-digest clang - path: image-digest - retention-days: 1 - - image-digests: - if: github.event_name == 'push' && github.repository == 'cilium/tetragon' - needs: build-and-push - name: Display Digests - runs-on: ubuntu-20.04 - steps: - - name: Downloading Image Digests - shell: bash - run: | - mkdir -p image-digest/ - - - name: Download digests of all images built - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - path: image-digest/ - - - name: Image Digests Output - shell: bash - run: | - cd image-digest/ - find -type f | sort | xargs -d '\n' cat - diff --git a/.github/workflows/build-deploy-docs.yaml b/.github/workflows/build-deploy-docs.yaml deleted file mode 100644 index cd701b37bd9..00000000000 --- a/.github/workflows/build-deploy-docs.yaml +++ /dev/null @@ -1,82 +0,0 @@ -name: Build and deploy docs - -on: - push: - branches: - - main - paths: - - 'docs/**' - - '.github/workflows/build-deploy-docs.yaml' - pull_request: - paths: - - 'docs/**' - - '.github/workflows/build-deploy-docs.yaml' - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-22.04 - steps: - - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - - - name: Setup Pages - id: pages - uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3.0.6 - - - name: Setup Hugo - uses: peaceiris/actions-hugo@16361eb4acea8698b220b76c0d4e84e1fd22c61d # v2.6.0 - with: - hugo-version: '0.111.2' - extended: true - - - name: Setup Node - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 - with: - node-version: '18' - cache: 'npm' - # The action defaults to search for the dependency file (package-lock.json, - # npm-shrinkwrap.json or yarn.lock) in the repository root, and uses its - # hash as a part of the cache key. - # https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#caching-packages-data - cache-dependency-path: '**/package-lock.json' - - - name: Install Node dependencies - working-directory: docs - run: npm ci - - - name: Build the Hugo website - working-directory: docs - run: hugo --minify --baseURL "${{ steps.pages.outputs.base_url }}/" - - - name: Upload artifact - if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' - uses: actions/upload-pages-artifact@84bb4cd4b733d5c320c9c9cfbc354937524f4d64 # v1.0.10 - with: - path: docs/public - - deploy: - if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - # Allow one concurrent deployment - concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - runs-on: ubuntu-latest - # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages - permissions: - contents: read - pages: write - id-token: write - needs: build - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@12ab2b16cf43a7a061fe99da74b6f8f11fb77f5b # v2.0.3 - diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml deleted file mode 100644 index eb4552c0e83..00000000000 --- a/.github/workflows/build-images-ci.yml +++ /dev/null @@ -1,220 +0,0 @@ -name: Image CI Build - -on: - pull_request_target: - types: - - opened - - synchronize - - reopened - paths-ignore: - - 'docs/**' - push: - branches: - - main - paths-ignore: - - 'docs/**' - -permissions: - # To be able to access the repository with `actions/checkout` - contents: read - # Required to generate OIDC tokens for `sigstore/cosign-installer` authentication - id-token: write - -jobs: - build-and-push-prs: - runs-on: ubuntu-20.04 - strategy: - matrix: - include: - - name: tetragon - dockerfile: ./Dockerfile - - - name: tetragon-operator - dockerfile: ./Dockerfile.operator - - steps: - # https://github.com/docker/setup-qemu-action - - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - with: - platforms: arm64 - - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 - - - name: Login to quay.io for CI - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME_CI }} - password: ${{ secrets.QUAY_PASSWORD_CI }} - - - name: Getting image tag - id: tag - run: | - if [ ${{ github.event.pull_request.head.sha }} != "" ]; then - echo "tag=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT - else - echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT - fi - - - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - persist-credentials: false - ref: ${{ steps.tag.outputs.tag }} - fetch-depth: 0 - - - name: Get version - run: | - echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV - - - name: Install Cosign - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v3.0.5 - - - name: Install Bom - shell: bash - run: | - curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.4.1/bom-linux-amd64 -o bom - sudo mv ./bom /usr/local/bin/bom - sudo chmod +x /usr/local/bin/bom - - # main branch pushes - - name: CI Build (main) - if: github.event_name == 'push' - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 - id: docker_build_ci_main - with: - provenance: false - context: . - file: ${{ matrix.dockerfile }} - push: true - platforms: linux/amd64,linux/arm64 - build-args: | - TETRAGON_VERSION=${{ env.TETRAGON_VERSION }} - tags: | - quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} - quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:latest - - - name: Sign Container Image - if: github.event_name == 'push' - env: - COSIGN_EXPERIMENTAL: "true" - run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }} - - - name: Generate SBOM - if: github.event_name == 'push' - shell: bash - # To-Do: Format SBOM output to JSON after a new version of cosign is released after v1.13.1. Ref: https://github.com/sigstore/cosign/pull/2479 - run: | - bom generate -o sbom_ci_main_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \ - --dirs=. \ - --image=quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} - - - name: Attach SBOM to container images - if: github.event_name == 'push' - run: | - cosign attach sbom --sbom sbom_ci_main_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }} - - - name: Sign SBOM Image - if: github.event_name == 'push' - env: - COSIGN_EXPERIMENTAL: "true" - run: | - docker_build_ci_main_digest="${{ steps.docker_build_ci_main.outputs.digest }}" - image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_main_digest/:/-}.sbom" - docker_build_ci_main_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}" - - - name: CI Image Releases digests (main) - if: github.event_name == 'push' - shell: bash - run: | - mkdir -p image-digest/ - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_main.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt - - # PR updates - - name: CI Build (PR) - if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 - id: docker_build_ci_pr - with: - provenance: false - context: . - file: ${{ matrix.dockerfile }} - push: true - platforms: linux/amd64,linux/arm64 - build-args: | - TETRAGON_VERSION=${{ env.TETRAGON_VERSION }} - tags: | - quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} - - - name: Sign Container Image - if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - env: - COSIGN_EXPERIMENTAL: "true" - run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }} - - - name: Generate SBOM - if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - shell: bash - # To-Do: Format SBOM output to JSON after a new version of cosign is released after v1.13.1. Ref: https://github.com/sigstore/cosign/pull/2479 - run: | - bom generate --format json -o sbom_ci_pr_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \ - --dirs=. \ - --image=quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} - - - name: Attach SBOM to container images - if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - run: | - cosign attach sbom --sbom sbom_ci_pr_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }} - - - name: Sign SBOM Image - if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - env: - COSIGN_EXPERIMENTAL: "true" - run: | - docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}" - image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom" - docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}" - - - name: CI Image Releases digests (PR) - if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - shell: bash - run: | - mkdir -p image-digest/ - echo "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt - - # Upload artifact digests - - name: Upload artifact digests - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - with: - name: image-digest ${{ matrix.name }} - path: image-digest - retention-days: 1 - - image-digests: - if: ${{ always() }} - name: Display Digests - runs-on: ubuntu-20.04 - needs: [build-and-push-prs] - steps: - - name: Downloading Image Digests - shell: bash - run: | - mkdir -p image-digest/ - - - name: Download digests of all images built - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - path: image-digest/ - - - name: Image Digests Output - shell: bash - run: | - cd image-digest/ - find -type f | sort | xargs -d '\n' cat diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml deleted file mode 100644 index 1533a8c1264..00000000000 --- a/.github/workflows/build-images-releases.yml +++ /dev/null @@ -1,201 +0,0 @@ -name: Image CI Releases - -on: - push: - tags: - - v* - - test* - paths-ignore: - - 'docs/**' - -permissions: - # To be able to access the repository with `actions/checkout` and upload release artifacts - contents: write - # Required to generate OIDC tokens for `sigstore/cosign-installer` authentication - id-token: write - -jobs: - build-and-push: - environment: release - runs-on: ubuntu-20.04 - strategy: - matrix: - include: - - name: tetragon - dockerfile: ./Dockerfile - - - name: tetragon-operator - dockerfile: ./Dockerfile.operator - - steps: - # https://github.com/docker/setup-qemu-action - - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - with: - platforms: arm64 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 - - - name: Login to quay.io - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD_RELEASE_PASSWORD }} - - - name: Getting image tag - id: tag - run: | - echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - - - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Get version - run: | - echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV - - - name: Release Build ${{ matrix.name }} - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 - id: docker_build_release - with: - provenance: false - context: . - file: ${{ matrix.dockerfile }} - push: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - platforms: linux/amd64,linux/arm64 - target: release - build-args: | - TETRAGON_VERSION=${{ env.TETRAGON_VERSION }} - tags: | - quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} - quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${{ github.sha }} - - - name: Install Cosign - if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v3.0.5 - - - name: Sign Container Image - if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - env: - COSIGN_EXPERIMENTAL: "true" - run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }} - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - - - name: Install Bom - if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - shell: bash - run: | - curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.4.1/bom-linux-amd64 -o bom - sudo mv ./bom /usr/local/bin/bom - sudo chmod +x /usr/local/bin/bom - - - name: Generate SBOM - if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - shell: bash - # To-Do: Format SBOM output to JSON after a new version of cosign is released after v1.13.1. Ref: https://github.com/sigstore/cosign/pull/2479 - run: | - bom generate -o sbom_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \ - --dirs= . \ - --image=quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} - - - name: Attach SBOM to container image - if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - run: | - cosign attach sbom --sbom sbom_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }} - cosign attach sbom --sbom sbom_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - - - name: Sign SBOM Image - if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - env: - COSIGN_EXPERIMENTAL: "true" - run: | - docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}" - image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${docker_build_release_digest/:/-}.sbom" - docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}" - - image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_release_digest/:/-}.sbom" - docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}" - - - name: Image Release Digest - shell: bash - run: | - mkdir -p image-digest/ - job_name=${{ matrix.name }} - job_name_capital=${job_name^^} - job_name_underscored=${job_name_capital//-/_} - echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt - - echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt - echo "" >> image-digest/${{ matrix.name }}.txt - echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt - echo "" >> image-digest/${{ matrix.name }}.txt - - # Upload artifact digests - - name: Upload artifact digests - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - with: - name: image-digest ${{ matrix.name }} - path: image-digest - retention-days: 1 - - image-digests: - if: ${{ github.repository == 'cilium/tetragon' }} - name: Display Digests - runs-on: ubuntu-20.04 - needs: build-and-push - steps: - - name: Downloading Image Digests - shell: bash - run: | - mkdir -p image-digest/ - - - name: Download digests of all images built - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - path: image-digest/ - - - name: Image Digests Output - shell: bash - run: | - cd image-digest/ - find -type f | sort | xargs -d '\n' cat - - draft-github-release: - name: Create Release - if: github.repository == 'cilium/tetragon' - environment: release - runs-on: ubuntu-20.04 - steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - - - name: Generate tetra CLI artifacts - run: make cli-release - - - name: Generate Tetragon Tarball - run: make tarball-release - - - name: Create Release - id: create_release - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - tag_name: ${{ github.ref }} - name: Release ${{ github.ref }} - draft: true - prerelease: false - body: | - Note for maintainers:: Please update the description with the actual release notes (see RELEASE.md for instructions). - files: | - release/* diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml deleted file mode 100644 index 8f539d775e9..00000000000 --- a/.github/workflows/check-links-cron.yaml +++ /dev/null @@ -1,53 +0,0 @@ -name: Periodically check docs links - -on: - schedule: - - cron: '0 10 * * 1-5' - workflow_dispatch: - pull_request: - paths: - - '.github/workflows/check-links-cron.yaml' - -jobs: - links-checker: - env: - ISSUE_NAME: 'Documentation: broken links automatic report' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - - - name: Links Checker - id: lychee - uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - with: - args: --base https://tetragon.cilium.io docs/content README.md - - # to avoid automated spam, try to find an existing open issue before opening a new one - - name: Search for existing issue number - id: search-issue - run: | - encoded_issue_name=$(echo "$ISSUE_NAME" | sed 's/ /%20/g') - response=$(curl -s -X GET "https://api.github.com/search/issues?q=$encoded_issue_name+repo:cilium/tetragon+state:open+label:automated-issue&type=Issues") - issue_number=$(echo "$response" | jq -r '.items[0].number // empty') - echo "issue_number=$issue_number" >> $GITHUB_OUTPUT - - - name: Create or update issue with report - if: env.lychee_exit_code != 0 - uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v4.0.1 - with: - title: ${{ env.ISSUE_NAME }} - content-filepath: ./lychee/out.md - issue-number: ${{ steps.search-issue.outputs.issue_number }} - labels: automated-issue - - - name: Close automated issue - if: env.lychee_exit_code == 0 && steps.search-issue.outputs.issue_number != '' - uses: peter-evans/close-issue@276d7966e389d888f011539a86c8920025ea0626 # v3.0.1 - with: - issue-number: ${{ steps.search-issue.outputs.issue_number }} - comment: '[Periodic links check](https://github.com/cilium/tetragon/actions/workflows/check-links-cron.yaml) no longer finds broken links, closing issue.' diff --git a/.github/workflows/generated-files.yaml b/.github/workflows/generated-files.yaml index a6043e38a19..aba0ac7fd7e 100644 --- a/.github/workflows/generated-files.yaml +++ b/.github/workflows/generated-files.yaml @@ -18,7 +18,8 @@ jobs: - name: Install Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: '1.19.6' + # renovate: datasource=golang-version depName=go + go-version: '1.20.6' - name: Validate that generated files are up to date. run: | make generate diff --git a/.github/workflows/gotests.yml b/.github/workflows/gotests.yml index 6e623496135..f2ca704f4d2 100644 --- a/.github/workflows/gotests.yml +++ b/.github/workflows/gotests.yml @@ -25,7 +25,8 @@ jobs: - name: Install Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: '1.19.6' + # renovate: datasource=golang-version depName=go + go-version: '1.20.6' - name: Install dependencies run: | diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6d1e720351b..f57c8a66e40 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -16,16 +16,6 @@ jobs: env: buildx_version: 'v0.10.5' steps: - # we need special permission to be able to operate renovate (view, list, - # create issues, PR, etc.) and we use a GitHub application with fine - # grained permissions installed in the repository for that. - - name: Get token - id: get_token - uses: cilium/actions-app-token@61a6271ce92ba02f49bf81c755685d59fb25a59a # v0.21.1 - with: - APP_PEM: ${{ secrets.CILIUM_RENOVATE_PEM }} - APP_ID: ${{ secrets.CILIUM_RENOVATE_APP_ID }} - # buildx is not installed in the renovate container image and we need it # for the postUpgradeTasks's commands. We take advantage of the fact that # the renovate GitHub action mounts the /tmp folder in the container to @@ -63,6 +53,6 @@ jobs: LOG_LEVEL: ${{ github.event.inputs.renovate_log_level_debug == 'true' && 'DEBUG' || 'INFO' }} with: configurationFile: .github/renovate.json5 - token: '${{ steps.get_token.outputs.app_token }}' + token: '${{ secrets.PAT }}' mount-docker-socket: true diff --git a/.github/workflows/run-e2e-tests.yaml b/.github/workflows/run-e2e-tests.yaml deleted file mode 100644 index 1a92965859c..00000000000 --- a/.github/workflows/run-e2e-tests.yaml +++ /dev/null @@ -1,87 +0,0 @@ -name: Tetragon e2e Test -on: - pull_request: - paths-ignore: - - 'docs/**' - push: - branches: - - main - paths-ignore: - - 'docs/**' - -concurrency: - group: ${{ github.ref }} - cancel-in-progress: true - -env: - clusterName: tetragon-ci - ciliumCliVersion: v0.15.0 - -jobs: - e2e-test: - runs-on: ${{ matrix.os }} - timeout-minutes: 40 - strategy: - matrix: - os: [ ubuntu-22.04, buildjet-4vcpu-ubuntu-2204-arm ] - steps: - - name: Checkout Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - path: go/src/github.com/cilium/tetragon/ - - - name: Install Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version: '1.19.6' - - - name: Set Up Job Variables - id: vars - run: | - if [ ${{ github.event.issue.pull_request || github.event.pull_request }} ]; then - PR_API_JSON=$(curl \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - ${{ github.event.issue.pull_request.url || github.event.pull_request.url }}) - SHA=$(echo "$PR_API_JSON" | jq -r ".head.sha") - else - SHA=${{ github.sha }} - fi - echo "sha=${SHA}" >> $GITHUB_OUTPUT - echo "agentImage=quay.io/cilium/tetragon-ci:${SHA}" >> $GITHUB_OUTPUT - echo "operatorImage=quay.io/cilium/tetragon-operator-ci:${SHA}" >> $GITHUB_OUTPUT - - - name: Install kubectl, kind and cilium CLI - uses: alexellis/arkade-get@master - with: - kubectl: latest - helm: v3.12.1 - kind: v0.20.0 - cilium: ${{ env.ciliumCliVersion }} - print-summary: false - - - name: Pull Tetragon Images - uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3 - with: - timeout_minutes: 2 - max_attempts: 30 - retry_wait_seconds: 30 - warning_on_retry: false - command: | - set -e - docker pull ${{ steps.vars.outputs.agentImage }} - docker pull ${{ steps.vars.outputs.operatorImage }} - - - name: Run e2e Tests - run: | - cd go/src/github.com/cilium/tetragon - - make e2e-test E2E_BUILD_IMAGES=0 E2E_AGENT=${{ steps.vars.outputs.agentImage }} E2E_OPERATOR=${{ steps.vars.outputs.operatorImage }} EXTRA_TESTFLAGS="-cluster-name=${{ env.clusterName }} -args -v=4" - - - name: Upload Tetragon Logs - if: failure() || cancelled() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - with: - name: tetragon-logs - path: /tmp/tetragon.e2e.* - retention-days: 5 diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index 771203c2a89..290964cc4eb 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -20,7 +20,8 @@ jobs: - name: Install Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: '1.19.6' + # renovate: datasource=golang-version depName=go + go-version: '1.20.6' - name: Run static checks uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: diff --git a/.github/workflows/vmtests.yml b/.github/workflows/vmtests.yml deleted file mode 100644 index e9a47d32bd0..00000000000 --- a/.github/workflows/vmtests.yml +++ /dev/null @@ -1,148 +0,0 @@ -name: vmtests -on: - pull_request: - paths-ignore: - - 'docs/**' - push: - branches: - - main - paths-ignore: - - 'docs/**' - -jobs: - build: - name: Build tetragon - runs-on: ubuntu-latest - timeout-minutes: 20 - concurrency: - group: ${{ github.ref }}-vmtest-build - cancel-in-progress: true - steps: - - name: Install Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version: '1.19.6' - - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - path: go/src/github.com/cilium/tetragon/ - - - name: Install build dependencies - run: | - sudo apt install libelf-dev netcat-traditional libcap-dev gcc - echo `which clang` - echo `which llc` - echo `clang --version` - - name: Build - env: - GOPATH: /home/runner/work/tetragon/tetragon/go - run: | - cd go/src/github.com/cilium/tetragon/ - make tetragon-bpf tester-progs test-compile - make -C tests/vmtests - - - name: Split tests - run: | - # see testfile below - cd go/src/github.com/cilium/tetragon/ - go run ./tools/split-tetragon-gotests -ci-run 1 - - - name: tar build - run: | - cd go/src/github.com/cilium/ - tar cz --exclude='tetragon/.git' -f /tmp/tetragon.tar ./tetragon - - - name: upload build - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 - with: - name: tetragon-build - path: /tmp/tetragon.tar - retention-days: 5 - test: - strategy: - fail-fast: false - matrix: - kernel: - - '5.15' - - '5.10' - - '5.4' - - '4.19' - group: - - 0 - concurrency: - group: ${{ github.ref }}-vmtest-${{ matrix.kernel }}-${{ matrix.group }} - cancel-in-progress: true - needs: build - name: Test kernel ${{ matrix.kernel }} / test group ${{ matrix.group }} - runs-on: ubuntu-latest-4cores-16gb - timeout-minutes: 60 - steps: - - name: Install VM test dependencies - run: | - sudo apt-get -qy update - sudo apt-cache search qemu - sudo apt-get -qy install mmdebstrap libguestfs-tools qemu-utils qemu-system-x86 cpu-checker qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst virt-manager - - - name: Make kernel accessible - run: | - sudo chmod go+rX -R /boot/ - - - name: download build data - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: tetragon-build - - - name: extract build data - # NB: currently, due to how tests work, we need to extract to the same path. - run: | - mkdir -p go/src/github.com/cilium/ - tar xf tetragon.tar -C go/src/github.com/cilium - - - name: test kernel ${{ matrix.kernel }} - if: ${{ matrix.kernel != '4.19' }} - run: | - cd go/src/github.com/cilium/tetragon - ./tests/vmtests/fetch-data.sh ${{ matrix.kernel }} - sudo ./tests/vmtests/tetragon-vmtests-run \ - --kernel tests/vmtests/test-data/kernels/${{ matrix.kernel }}/boot/vmlinuz* \ - --base tests/vmtests/test-data/images/base.qcow2 \ - --testsfile ./tests/vmtests/test-group-${{ matrix.group }} - - - name: test kernel ${{ matrix.kernel }} with btf file - if: ${{ matrix.kernel == '4.19' }} - run: | - cd go/src/github.com/cilium/tetragon - ./tests/vmtests/fetch-data.sh ${{ matrix.kernel }} - sudo ./tests/vmtests/tetragon-vmtests-run \ - --kernel tests/vmtests/test-data/kernels/${{ matrix.kernel }}/boot/vmlinuz* \ - --btf-file tests/vmtests/test-data/kernels/${{ matrix.kernel }}/boot/btf-* \ - --base tests/vmtests/test-data/images/base.qcow2 \ - --testsfile ./tests/vmtests/test-group-${{ matrix.group }} - - - name: Chmod test results on failure or cancelation - if: failure() || cancelled() - run: | - sudo chmod -R go+rX go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-* - - - name: Upload test results on failure or cancelation - if: failure() || cancelled() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 - with: - name: tetragon-vmtests-${{ matrix.kernel }}-${{ matrix.group }}-results - path: go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-* - retention-days: 5 - post-test: - runs-on: ubuntu-latest - needs: [test] - if: success() - steps: - - name: Create truncated build file - run: | - touch /tmp/tetragon.tar - - name: Upload truncated file - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 - with: - name: tetragon-build - path: /tmp/tetragon.tar - retention-days: 1 diff --git a/Dockerfile b/Dockerfile index 8a3efaaa47d..b31279e9497 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ RUN make tetragon-bpf LOCAL_CLANG=1 TARGET_ARCH=$TARGETARCH # Second builder (cross-)compile: # - tetragon (pkg/bpf uses CGO, so a gcc cross compiler is needed) # - tetra -FROM --platform=$BUILDPLATFORM quay.io/cilium/cilium-builder:832f86bb0f7c7129c1536d5620174deeec645117@sha256:6dbac9f9eba3e20f8edad4676689aa8c11b172035fe5e25b533552f42dea4e9a as tetragon-builder +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.6@sha256:cfc9d1b07b1ef4f7a4571f0b60a99646a92ef76adb7d9943f4cb7b606c6554e2 as tetragon-builder WORKDIR /go/src/github.com/cilium/tetragon ARG TETRAGON_VERSION TARGETARCH BUILDARCH RUN apt-get update diff --git a/Dockerfile.operator b/Dockerfile.operator index 318c2658c2e..3091efcf962 100644 --- a/Dockerfile.operator +++ b/Dockerfile.operator @@ -4,7 +4,7 @@ # SPDX-License-Identifier: Apache-2.0 ARG BASE_IMAGE=scratch -ARG GOLANG_IMAGE=quay.io/cilium/cilium-builder:832f86bb0f7c7129c1536d5620174deeec645117@sha256:6dbac9f9eba3e20f8edad4676689aa8c11b172035fe5e25b533552f42dea4e9a +ARG GOLANG_IMAGE=docker.io/library/golang:1.20.6@sha256:cfc9d1b07b1ef4f7a4571f0b60a99646a92ef76adb7d9943f4cb7b606c6554e2 ARG ALPINE_IMAGE=docker.io/library/alpine:3.18.2@sha256:82d1e9d7ed48a7523bdebc18cf6290bdb97b82302a8a9c27d4fe885949ea94d1 # BUILDPLATFORM is an automatic platform ARG enabled by Docker BuildKit. diff --git a/Makefile.cli b/Makefile.cli index f8c883aa74d..d1fe1ac4aa6 100644 --- a/Makefile.cli +++ b/Makefile.cli @@ -2,6 +2,8 @@ # Copyright Authors of Tetragon GO_BUILD = CGO_ENABLED=0 $(GO) build -tags standalone +# renovate: datasource=docker +GO_IMAGE = docker.io/library/golang:1.20.6-alpine TARGET=tetra RELEASE_UID ?= $(shell id -u) @@ -11,7 +13,7 @@ cli-release: docker run \ --rm \ --workdir /tetragon \ - --volume `pwd`:/tetragon docker.io/library/golang:1.19.0-alpine3.16 \ + --volume `pwd`:/tetragon $(GO_IMAGE) \ sh -c "apk add --no-cache make git setpriv && \ /usr/bin/setpriv --reuid=$(RELEASE_UID) --regid=$(RELEASE_GID) --clear-groups \ make GOCACHE=/tmp/cache cli-local-release VERSION=${VERSION}" diff --git a/api/go.mod b/api/go.mod index acb43fd4ee0..47e66edebec 100644 --- a/api/go.mod +++ b/api/go.mod @@ -1,6 +1,6 @@ module github.com/cilium/tetragon/api -go 1.18 +go 1.20 require ( github.com/cilium/tetragon v0.0.0-00010101000000-000000000000 diff --git a/api/vendor/modules.txt b/api/vendor/modules.txt index 019dfb0c54a..42a6e4140c7 100644 --- a/api/vendor/modules.txt +++ b/api/vendor/modules.txt @@ -1,5 +1,5 @@ # github.com/cilium/tetragon v0.0.0-00010101000000-000000000000 => ../../tetragon -## explicit; go 1.19 +## explicit; go 1.20 github.com/cilium/tetragon/pkg/matchers/bytesmatcher github.com/cilium/tetragon/pkg/matchers/listmatcher github.com/cilium/tetragon/pkg/matchers/stringmatcher diff --git a/go.mod b/go.mod index 8d56c17930f..87e238d0e59 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/cilium/tetragon -go 1.19 +go 1.20 require ( github.com/cilium/cilium v1.13.4 diff --git a/pkg/k8s/go.mod b/pkg/k8s/go.mod index 213645dae11..3fef786c6d9 100644 --- a/pkg/k8s/go.mod +++ b/pkg/k8s/go.mod @@ -1,6 +1,6 @@ module github.com/cilium/tetragon/pkg/k8s -go 1.19 +go 1.20 require ( github.com/blang/semver/v4 v4.0.0 diff --git a/vendor/modules.txt b/vendor/modules.txt index e34a17cb390..8659af49c7a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -148,13 +148,13 @@ github.com/cilium/little-vm-helper/pkg/runner ## explicit; go 1.13 github.com/cilium/lumberjack/v2 # github.com/cilium/tetragon/api v0.0.0-00010101000000-000000000000 => ./api -## explicit; go 1.18 +## explicit; go 1.20 github.com/cilium/tetragon/api/v1/tetragon github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/yaml github.com/cilium/tetragon/api/v1/tetragon/codegen/helpers # github.com/cilium/tetragon/pkg/k8s v0.0.0-00010101000000-000000000000 => ./pkg/k8s -## explicit; go 1.19 +## explicit; go 1.20 github.com/cilium/tetragon/pkg/k8s/apis/cilium.io github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1