circleci-public / cimg-go Goto Github PK
View Code? Open in Web Editor NEWThe CircleCI Go (Golang) Docker Convenience Image.
Home Page: https://circleci.com/developer/images/image/cimg/go
License: MIT License
The CircleCI Go (Golang) Docker Convenience Image.
Home Page: https://circleci.com/developer/images/image/cimg/go
License: MIT License
We’ve noticed an issue when using an unpinned (minor) version of your cimg/go/
image (e.g: 1.17
). We are reasonably confident this relates to dependencies in your docker image, and nothing on our end.
The latest minor version resolves to 1.17.9
, which is producing this error in our CCI pipeline (where we are docker-compose
:ing):
[+] Building 0.0s (0/0)
listing workers for Build: failed to list workers: Unavailable: connection error: desc = "transport: Error while dialing unable to upgrade to h2c, received 404"
This error is consistent with messages in your public forums, and seems to be a “sort of” known issue (though there’s no CCI :ack: on the issue!).
Our workaround is to pin the minor version to 1.17.8
, which resolves the error. But this creates a problem for our migration to 1.18 - which is also producing the aforementioned error.
go
image should not break our pipeline when minor version isn't manually pinnedgo
1.18
should be unaffected by CCI images.go1.19.1 and others are now out.
Describe the Feature Request
This is a Go vulnerability scanning tool. It just hit v1.0.0 and is made by Google thus virtually 1st-party.
Is your feature request related to a particular problem?
This aids users in security scanning for their Go code.
How will this feature request benefit CircleCI jobs using this image?
This aids users in security scanning for their Go code.
Describe the solution you would like to see
Explained fairly well above. Here is the announcement blog post: https://go.dev/blog/govulncheck?linkId=8881038
Describe alternatives you have considered
There are others out there, sure, but this being 1st party lends itself to inclusion IMO.
Because the user doesn't exist, using golangci/golangci-lint
directly for lint steps when using this executor (or the go orb) for other steps doesn't work too well. It would be nice to add the option to have a golangci-lint run step in the go orb as well.
This is Ok for projects without private dependencies (i.e., just run the golangci-lint image separately without using the cache etc. from this step), but with more complicated setups, it would be nice to have golangci-lint baked in.
Would it be possible to bake that into this image, since I imagine it's a common toolset people would like to use (only challenge might be keeping the version up to date)
We suggest running git submodule update --recursive
when I think it should be git submodule update --init
.
Hi,
Since the new base image cimg:2021.12 has docker compose v2, Is there a plan to update?
Source:
https://discuss.circleci.com/t/docker-compose-v2-now-in-cimg-base/42184
Unlike the other 15+ images we have in Convenience Images, the Go team releases the first minor release series without the 0 patch number. This causes the rendering of the tag to show up incorrectly in the DevHub.
This needs to be either fixed here or in the indexer.
For example, the latest Go release is 1.18
and not 1.18.0
which our build system is struggling with.
$GOPATH
is unset during image build, and because of that, $PATH
would be wrong as well.
Expected (let's assume that GOPATH='/go'
)
$ echo $PATH
/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Actual:
$ echo $PATH
/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Notice that /bin
is duplicated.
Maybe we can do the following:
go version
Please see https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM
In particular, golang/go#62198 is very very bad.
Issue with cimg/go:1.16, cimg/go:1.17:
Using SSH Config Dir '/home/circleci/.ssh'
git version 2.34.1
Cloning git repository
mkdir: cannot create directory ‘/go’: Permission denied
exit status 1
CircleCI received exit code 1
Similar issue when using cimg/go:1.16-browsers
Unable to create directory '/go/src/github.com/HolimaX/libcontimig': mkdir /go: permission denied
We use the current
tag on cimg/node
and find it very useful to ensure we're always 100% up to date on the latest releases. As we use Dependabot on our dockerfiles, but Dependabot can't keep track of the images referenced in our CircleCI config of course.
Could you please add an equivalent current
or latest
tag to this one?
Obviously it would be expected that breaking changes etc could break our builds, but that's totally fine - that's what we'd want it to do, same as with Node 👍
Thanks
Hey all, mostly a feature request I guess, but it'd be nice if 1.17 could also be published as 1.17.0 (and future 1.X.0 releases) so that we could consume 1.17 images without automatically being upgraded to the latest patch release. This is the same behaviour that golang
currently follows.
Side note: Your docs currently say that 1.17.0 is a valid tag, but it's not.
We use CircleCI images for linting issues in CI. Since introducing generics we have been having problems with golangci-lint
version to 1.51.1
which local testing suggests are resolved in version 1.51.2
. But CircleCI images having the older version are forcing use the older version leading us to disable linters such gocritic
.
I can open a PR if required 🙂
When running golangci-lint with cimg/go:1.20.0, i got pack error.
go 1.20 seems to be supported since golangic-lint v1.51.0.
https://github.com/golangci/golangci-lint/releases/tag/v1.51.0
... and there's no image available here. Why do new Go versions work immediately on GitHub Actions, but not on CircleCI?
Currently go 1.17rc1 is available as a preview for the upcoming release. Providing images with beta and rc versions would be very convenient for the users who want to test their projects against the upcoming versions.
Without such images the users have to either not use cimg at all, or have different workflows for stable and preview versions of Go.
Builds running on cimg/go:1.13
failing with
#!/bin/bash -eo pipefail
go mod download
go: writing go.mod cache: mkdir /go/pkg: permission denied
...
you get a security update, you get a security update, everyone gets a security update!
Operating System: OSX Monterey 12.0.1, Intel chip
I can't run golangci-lint with cimg/go:1.19.0.
docker run -it cimg/go:1.19.0
circleci@61aaede53bc0:~/project$ golangci-lint version
panic: load embedded ruleguard rules: rules/rules.go:13: can't load fmt
goroutine 1 [running]:
github.com/go-critic/go-critic/checkers.init.22()
github.com/go-critic/[email protected]/checkers/embedded_rules.go:47 +0x4b4
These Go releases contain fixes for a number of CVEs, see https://github.com/golang/go/issues?q=milestone%3AGo1.18.4+label%3ACherryPickApproved for details.
Any idea on the ETA for images using 1.14.14 and 1.15.7?
Release: https://github.com/golang/go/releases/tag/go1.14.14 and https://github.com/golang/go/releases/tag/go1.15.7
At the time of writing this, golangci-lint
has bumped up to v1.45.2
to support Go 1.18.
go1.17.7 has fixes for some rather critical correctness issues on ARM64. thanks! binaries should be out shortly for https://github.com/golang/go/tree/go1.17.7
add PR and ISSUE templates in a .github folder. Would love to take this up.
So I've been trying to upgrade to cimg from circleci/golang
for a hour ish now, hunted down the source of a lot of my problems to this image being based on cimg/base:2020.06
which is ubuntu 18.04. (fzf
is only available in the 19 and up ubuntu repos)
Could y'all add a variant of this image based on cimg/base:2020.08-20.04
? I don't think I've missed a release of this based on that version of ubuntu.
Thanks
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
Dockerfile.template
cimg/base 2024.07
Dockerfile.template
gotestyourself/gotestsum 1.12.0
golangci/golangci-lint 1.59.1
golang/vuln 1.1.3
Hi,
I see apt lists are being cleared at build time, which makes the image non-extendable, as it becomes impossible to install additional packages.
My repository relies on libxml2-dev to run, and I would like to be able to add a - run: sudo apt-get install libxml2-dev
to my CircleCI config, but I can't due to the apt list being cleared.
I would like to build against the new Go release https://github.com/golang/go/releases/tag/go1.15.1
Are you planning to provide a cimg/go
container for 1.15.1 anytime soon?
Hello there!
This may already be on your radar, but the available cimg/go
images have an OpenSSL vulnerability that we're hoping to patch in our build pipeline. This is from a scan of the current 1.18
tag (I believe it's 1.18.0):
✗ High severity vulnerability found in openssl
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-2426343
Introduced through: ca-certificates@20210119~20.04.2, meta-common-packages@meta, openssl/[email protected]
From: ca-certificates@20210119~20.04.2 > [email protected]
From: meta-common-packages@meta > openssl/[email protected]
From: openssl/[email protected]
Image layer: Introduced by your base image (ubuntu:20.04)
Fixed in: 1.1.1f-1ubuntu2.12
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.