2021-12-07 08:50:16 -05:00
name : test
2022-08-18 14:03:28 -04:00
concurrency :
group : ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress : true
2021-12-07 08:50:16 -05:00
on :
workflow_dispatch :
push :
branches :
- 'master'
- '[0-9]+.[0-9]{2}'
tags :
- 'v*'
pull_request :
jobs :
ctn :
2022-08-20 09:55:20 -04:00
runs-on : ubuntu-20.04
2021-12-07 08:50:16 -05:00
steps :
-
name : Checkout
2022-08-20 09:55:20 -04:00
uses : actions/checkout@v3
2021-12-07 08:50:16 -05:00
-
name : Set up Docker Buildx
2022-08-20 09:55:20 -04:00
uses : docker/setup-buildx-action@v2
2021-12-07 08:50:16 -05:00
-
name : Test
2022-08-20 09:55:20 -04:00
uses : docker/bake-action@v2
2021-12-07 08:50:16 -05:00
with :
targets : test-coverage
-
name : Send to Codecov
2022-08-20 09:55:20 -04:00
uses : codecov/codecov-action@v3
2021-12-07 08:50:16 -05:00
with :
file : ./build/coverage/coverage.txt
host :
runs-on : ${{ matrix.os }}
env :
GOPATH : ${{ github.workspace }}
GOBIN : ${{ github.workspace }}/bin
GO111MODULE : auto
strategy :
fail-fast : false
matrix :
os :
2022-08-20 09:55:20 -04:00
- macos-11
# - windows-2022 # FIXME: some tests are failing on the Windows runner, as well as on Appveyor since June 24, 2018: https://ci.appveyor.com/project/docker/cli/history
2021-12-07 08:50:16 -05:00
steps :
-
name : Prepare git
if : matrix.os == 'windows-latest'
run : |
git config --system core.autocrlf false
git config --system core.eol lf
-
name : Checkout
2022-08-20 09:55:20 -04:00
uses : actions/checkout@v3
2021-12-07 08:50:16 -05:00
with :
path : ${{ env.GOPATH }}/src/github.com/docker/cli
-
name : Set up Go
2022-08-20 09:55:20 -04:00
uses : actions/setup-go@v3
2021-12-07 08:50:16 -05:00
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:19:38 -04:00
go-version : 1.19 .1
2021-12-07 08:50:16 -05:00
-
name : Test
run : |
go test -coverprofile=/tmp/coverage.txt $(go list ./... | grep -vE '/vendor/|/e2e/')
go tool cover -func=/tmp/coverage.txt
working-directory : ${{ env.GOPATH }}/src/github.com/docker/cli
shell : bash
-
name : Send to Codecov
2022-08-20 09:55:20 -04:00
uses : codecov/codecov-action@v3
2021-12-07 08:50:16 -05:00
with :
file : /tmp/coverage.txt
working-directory : ${{ env.GOPATH }}/src/github.com/docker/cli
