ci/dependabot updates

[cpanato]

• make sure CI install the correct go
• group dependabot updates

/assign @aojea @BenTheElder

[BenTheElder]

/hold

we can't just upgrade to 1.22 because of the toolchain changes

there's a pending PR in #3335 that resolves those

[BenTheElder]

this will actually cause us to use go 1.16 because of toolchains :-)

[BenTheElder]

can you rebase this to remove the merge commit? it will make bisecting less confusing.

we could do squash merging, except this PR has multiple unrelated changes

[cpanato]

can you rebase this to remove the merge commit? it will make bisecting less confusing.

we could do squash merging, except this PR has multiple unrelated changes

that was weird, i swear i did a rebase this morning, but i can be wrong, missing coffee lol

but rebase is done now :)

[BenTheElder]

thanks.

Seems we shouldn't switch to 1.22 yet: https://github.com/opencontainers/runc/pull/4240/files https://kubernetes.slack.com/archives/CHGFYJVAN/p1712086885304549

[cpanato]

we can hold or close this pr

[BenTheElder]

sigh: #3335 (comment)

maybe we can merge the rest without the go bump?

we may have to roll back go temporarily even for 1.21

[cpanato]

ok will remove the go bump

[cpanato]

@BenTheElder PTAL

[BenTheElder]

cc @aojea
sorry, I'm out of time / closing tabs on my way to vacation, got distracted by broken build, security patching, etc...

[aojea]

we already setup go from the makefile

kind/Makefile

Line 37 in 915b13a

PATH:=$(shell . hack/build/setup-go.sh && echo "$${PATH}")

kind/hack/build/setup-go.sh

Lines 19 to 40 in 915b13a

	# read go-version file unless GO_VERSION is set
	# override GOTOOLCHAIN unless set as well
	. ./hack/build/gotoolchain.sh
	# we don't actually care where the .env files are
	# however, GIMME_SILENT_ENV doesn't trigger re-generating a .env if it
	# already exists and isn't "silent" (no `go version` command in it)
	# so we fix that by changing where the .env is written, ensuring ours
	# is generated from this repo and silent.
	export GIMME_ENV_PREFIX=./bin/.gimme/
	export GIMME_SILENT_ENV=y
	# only setup go if we haven't set FORCE_HOST_GO, or `go version` doesn't match
	# go version output looks like:
	# go version go1.14.5 darwin/amd64
	if ! ([ -n "${FORCE_HOST_GO:-}" ] || \
	(command -v go >/dev/null && [ "$(go version | cut -d' ' -f3)" = "go${GO_VERSION}" ])); then
	# eval because the output of this is shell to set PATH etc.
	eval "$(hack/third_party/gimme/gimme "${GO_VERSION}")"
	fi
	# force go modules

I assume this does not harm and saves some time

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea, cpanato

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [aojea]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[BenTheElder]

/hold cancel