2022-03-17 05:37:08 -04:00
|
|
|
# syntax=docker/dockerfile:1
|
2021-12-16 15:15:53 -05:00
|
|
|
|
update go to go1.20.6
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved
Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6
These minor releases include 1 security fixes following the security policy:
net/http: insufficient sanitization of Host header
The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.
Thanks to Bartek Nowotarski for reporting this issue.
Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374
[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 680fafdc9caadcabe90b51d752ea8e379239b62e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-13 10:53:08 -04:00
|
|
|
ARG GO_VERSION=1.20.6
|
2023-06-14 07:30:40 -04:00
|
|
|
ARG ALPINE_VERSION=3.17
|
2021-12-16 15:15:53 -05:00
|
|
|
ARG MODOUTDATED_VERSION=v0.8.0
|
|
|
|
|
2022-12-04 08:01:30 -05:00
|
|
|
FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
|
2021-12-16 15:15:53 -05:00
|
|
|
RUN apk add --no-cache bash git rsync
|
|
|
|
WORKDIR /src
|
|
|
|
|
|
|
|
FROM base AS vendored
|
2023-06-02 07:12:35 -04:00
|
|
|
ENV GOPROXY=https://proxy.golang.org|direct
|
2021-12-16 15:15:53 -05:00
|
|
|
RUN --mount=target=/context \
|
|
|
|
--mount=target=.,type=tmpfs \
|
|
|
|
--mount=target=/go/pkg/mod,type=cache <<EOT
|
|
|
|
set -e
|
|
|
|
rsync -a /context/. .
|
|
|
|
./scripts/vendor update
|
|
|
|
mkdir /out
|
|
|
|
cp -r vendor.mod vendor.sum vendor /out
|
|
|
|
EOT
|
|
|
|
|
|
|
|
FROM scratch AS update
|
|
|
|
COPY --from=vendored /out /out
|
|
|
|
|
|
|
|
FROM vendored AS validate
|
|
|
|
RUN --mount=target=/context \
|
|
|
|
--mount=target=.,type=tmpfs <<EOT
|
|
|
|
set -e
|
|
|
|
rsync -a /context/. .
|
|
|
|
git add -A
|
|
|
|
rm -rf vendor
|
|
|
|
cp -rf /out/* .
|
|
|
|
./scripts/vendor validate
|
|
|
|
EOT
|
|
|
|
|
|
|
|
FROM psampaz/go-mod-outdated:${MODOUTDATED_VERSION} AS go-mod-outdated
|
|
|
|
FROM base AS outdated
|
|
|
|
RUN --mount=target=.,rw \
|
|
|
|
--mount=target=/go/pkg/mod,type=cache \
|
|
|
|
--mount=from=go-mod-outdated,source=/home/go-mod-outdated,target=/usr/bin/go-mod-outdated \
|
|
|
|
./scripts/vendor outdated
|