Giter Site home page Giter Site logo

circleci-public / cimg-go Goto Github PK

View Code? Open in Web Editor NEW
17.0 14.0 24.0 362 KB

The CircleCI Go (Golang) Docker Convenience Image.

Home Page: https://circleci.com/developer/images/image/cimg/go

License: MIT License

Dockerfile 89.84% Shell 10.16%
cimg circleci golang docker circleci-cimg convenience-image

cimg-go's Issues

[1.17] Unpinned minor version breaking pipeline

Description

We’ve noticed an issue when using an unpinned (minor) version of your cimg/go/ image (e.g: 1.17). We are reasonably confident this relates to dependencies in your docker image, and nothing on our end.

The latest minor version resolves to 1.17.9 , which is producing this error in our CCI pipeline (where we are docker-compose:ing):

[+] Building 0.0s (0/0)
listing workers for Build: failed to list workers: Unavailable: connection error: desc = "transport: Error while dialing unable to upgrade to h2c, received 404"

This error is consistent with messages in your public forums, and seems to be a “sort of” known issue (though there’s no CCI :ack: on the issue!).

Manual workaround (short-term fix)

Our workaround is to pin the minor version to 1.17.8, which resolves the error. But this creates a problem for our migration to 1.18 - which is also producing the aforementioned error.

Expected Behaviour

  • CCI's go image should not break our pipeline when minor version isn't manually pinned
  • Our migration to go 1.18 should be unaffected by CCI images.

Feature Request: Govulncheck

Describe the Feature Request
This is a Go vulnerability scanning tool. It just hit v1.0.0 and is made by Google thus virtually 1st-party.

Is your feature request related to a particular problem?
This aids users in security scanning for their Go code.

How will this feature request benefit CircleCI jobs using this image?
This aids users in security scanning for their Go code.

Describe the solution you would like to see
Explained fairly well above. Here is the announcement blog post: https://go.dev/blog/govulncheck?linkId=8881038

Describe alternatives you have considered
There are others out there, sure, but this being 1st party lends itself to inclusion IMO.

add golangci-lint

Because the user doesn't exist, using golangci/golangci-lint directly for lint steps when using this executor (or the go orb) for other steps doesn't work too well. It would be nice to add the option to have a golangci-lint run step in the go orb as well.

This is Ok for projects without private dependencies (i.e., just run the golangci-lint image separately without using the cache etc. from this step), but with more complicated setups, it would be nice to have golangci-lint baked in.

Would it be possible to bake that into this image, since I imagine it's a common toolset people would like to use (only challenge might be keeping the version up to date)

Fix submodule command

We suggest running git submodule update --recursive when I think it should be git submodule update --init.

Go patch 0 releases don't get generated correctly

Unlike the other 15+ images we have in Convenience Images, the Go team releases the first minor release series without the 0 patch number. This causes the rendering of the tag to show up incorrectly in the DevHub.

This needs to be either fixed here or in the indexer.

For example, the latest Go release is 1.18 and not 1.18.0 which our build system is struggling with.

$GOPATH is unset

$GOPATH is unset during image build, and because of that, $PATH would be wrong as well.

Expected (let's assume that GOPATH='/go')

$ echo $PATH
/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Actual:

$ echo $PATH
/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Notice that /bin is duplicated.

Basic testing

Maybe we can do the following:

  • try running the image
  • try running go version
  • try building a hello work Go app

Permission denied error with cimg/go:1.16, cimg/go:1.16-browsers, cimg/go:1.17

Issue with cimg/go:1.16, cimg/go:1.17:

Using SSH Config Dir '/home/circleci/.ssh'
git version 2.34.1
Cloning git repository
mkdir: cannot create directory ‘/go’: Permission denied

exit status 1
CircleCI received exit code 1


Similar issue when using cimg/go:1.16-browsers

Unable to create directory '/go/src/github.com/HolimaX/libcontimig': mkdir /go: permission denied

Add a latest/current tag

We use the current tag on cimg/node and find it very useful to ensure we're always 100% up to date on the latest releases. As we use Dependabot on our dockerfiles, but Dependabot can't keep track of the images referenced in our CircleCI config of course.

Could you please add an equivalent current or latest tag to this one?

Obviously it would be expected that breaking changes etc could break our builds, but that's totally fine - that's what we'd want it to do, same as with Node 👍

Thanks

1.17 should be published as 1.17.0

Hey all, mostly a feature request I guess, but it'd be nice if 1.17 could also be published as 1.17.0 (and future 1.X.0 releases) so that we could consume 1.17 images without automatically being upgraded to the latest patch release. This is the same behaviour that golang currently follows.

Side note: Your docs currently say that 1.17.0 is a valid tag, but it's not.

Update `golangci-lint` version to 1.51.2

We use CircleCI images for linting issues in CI. Since introducing generics we have been having problems with golangci-lint version to 1.51.1 which local testing suggests are resolved in version 1.51.2. But CircleCI images having the older version are forcing use the older version leading us to disable linters such gocritic.

I can open a PR if required 🙂

Go 1.20 was released...

... and there's no image available here. Why do new Go versions work immediately on GitHub Actions, but not on CircleCI?

Publish images for Go beta and RC versions

Currently go 1.17rc1 is available as a preview for the upcoming release. Providing images with beta and rc versions would be very convenient for the users who want to test their projects against the upcoming versions.

Without such images the users have to either not use cimg at all, or have different workflows for stable and preview versions of Go.

Failed to download go dependencies

Builds running on cimg/go:1.13 failing with

#!/bin/bash -eo pipefail
go mod download
go: writing go.mod cache: mkdir /go/pkg: permission denied
...

golangci-lint error in cimg-go:1.19

Meta:

Operating System: OSX Monterey 12.0.1, Intel chip

Current behavior:

I can't run golangci-lint with cimg/go:1.19.0.

docker run -it cimg/go:1.19.0

circleci@61aaede53bc0:~/project$ golangci-lint version
panic: load embedded ruleguard rules: rules/rules.go:13: can't load fmt

goroutine 1 [running]:
github.com/go-critic/go-critic/checkers.init.22()
	github.com/go-critic/[email protected]/checkers/embedded_rules.go:47 +0x4b4

publish images based on Ubuntu 20.04

So I've been trying to upgrade to cimg from circleci/golang for a hour ish now, hunted down the source of a lot of my problems to this image being based on cimg/base:2020.06 which is ubuntu 18.04. (fzf is only available in the 19 and up ubuntu repos)

Could y'all add a variant of this image based on cimg/base:2020.08-20.04 ? I don't think I've missed a release of this based on that version of ubuntu.

Thanks

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

dockerfile
Dockerfile.template
  • cimg/base 2024.07
regex
Dockerfile.template
  • gotestyourself/gotestsum 1.12.0
  • golangci/golangci-lint 1.59.1
  • golang/vuln 1.1.3

  • Check this box to trigger a request for Renovate to run again on this repository

Stop clearing apt lists

Hi,

I see apt lists are being cleared at build time, which makes the image non-extendable, as it becomes impossible to install additional packages.

My repository relies on libxml2-dev to run, and I would like to be able to add a - run: sudo apt-get install libxml2-dev to my CircleCI config, but I can't due to the apt list being cleared.

OpenSSL CVE in the Go images

Hello there!

This may already be on your radar, but the available cimg/go images have an OpenSSL vulnerability that we're hoping to patch in our build pipeline. This is from a scan of the current 1.18 tag (I believe it's 1.18.0):

✗ High severity vulnerability found in openssl
  Description: Loop with Unreachable Exit Condition ('Infinite Loop')
  Info: https://snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-2426343
  Introduced through: ca-certificates@20210119~20.04.2, meta-common-packages@meta, openssl/[email protected]
  From: ca-certificates@20210119~20.04.2 > [email protected]
  From: meta-common-packages@meta > openssl/[email protected]
  From: openssl/[email protected]
  Image layer: Introduced by your base image (ubuntu:20.04)
  Fixed in: 1.1.1f-1ubuntu2.12

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.