-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Upgrade to go 1.22.2, g/g 1.92.2, and refresh indirect dependencies in go.mod #789
Conversation
Introduced a new `registry` package containing `OperatorRegistry`. Additionally, created a subpackage `registry/resource` contains OperatorContext and Operator interface to address cyclic import issues
- Replaced flow package with OperatorTask in Sync method. - Enhanced error handling using multierror for aggregating multiple task errors.
Skipping CI for Draft Pull Request. |
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
- | RSA Private Key | e2bfea3 | charts/druid/resources/server.key | View secret | |
- | RSA Private Key | e2bfea3 | charts/druid/resources/ca.key | View secret | |
- | RSA Private Key | e2bfea3 | charts/druid/templates/secret-server-tls-crt.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
Note: we could probably just run a regex to find all instances of where a new variable is declared inside the loop to deal with the Regex for |
@shreyas-s-rao go1.22.3 got released on 2024-05-07. If it's not too much effort for you, maybe the patch version could be changed from 2 to 3 in this PR to make use of security and bug fixes in the compiler, runtime and net/http. |
@renormalize thanks for the information. I'll make both the changes you've suggested once #777 gets merged, because I anyway need to do some rebasing at that point of time, so I'll touch the code then. |
Yeah sure, I was just informing you in advance. Thanks! |
go1.22.4 has now been released. Once the refactor is merged, we could use go1.22.4 directly in this PR. |
Closing this PR in favour of PR: #834 |
How to categorize this PR?
/area quality dev-productivity
/kind impediment enhancement
What this PR does / why we need it:
Upgrades to go v1.22.2, and updates g/g dependency to v1.92.2 (latest version atm), and fix linter errors.
Additionally, indirect dependency
k8s.io/autoscaler
was at an old version, and was not compatible with gardener/gardener dependencies, causing improper imports when checking out both etcd-druid and gardener repos on the same machine. This has now been fixed, by refreshing all indirect dependencies, which causedk8s.io/autoscaler
to be updated tok8s.io/autoscaler/vertical-pod-autoscaler v1.0.0
.Which issue(s) this PR fixes:
Fixes #778 #788
Special notes for your reviewer:
/hold
To be rebased after #777 is merged.
Ignore all commits expect the last 2, since this PR is based on #777 branch, not master (for ease of rebasing in the future).
Release note: