-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Docker image to Debian bookworm and get CI tests to pass #893
base: main
Are you sure you want to change the base?
Update Docker image to Debian bookworm and get CI tests to pass #893
Conversation
The --secret-keyring option has been silently ignored since GPG v2.1, so it never did anything anyways, and in more recent builds this now generates a console warning. We should simply remove it. This should be fine so long as we are making use of the --homedir option to prevent unexpected changes to the user's GPG keyring.
This was deprecated in Go 1.5, and I think it now exists as a builtin command.
This seems to be the latest and greatest we can build cleanly with go1.16, so that's what we will use until we tackle an update of the Circle CI environment.
Just don't pay too much attention to the results, due to some makefile jankiness they don't actually trigger an error if the results are unclean. But that can be a cleanup job for another commit.
It seems that the make's $(shell ...) function is not evaluated quite when we expect it, freuqently leading to the check of the linter results occuring before we even run the linter. To avoid this problem, we should try escaping the dollar-sign so that the underlying shell does the grep command substitution instead of make. This fixes the bug where you see a spurious warning about /tmp/autograph-golint.txt not existing and a failure to catch linter errors in CI.
Same bugfix as in 12a0f30 but this time applied to the staticcheck target. After merging this the CI job should fail if this check detects an issue.
As per the Circle CI docs, this interprets these paths relative to the working_directory, which should always be in a writeable location for the runner's user. By default, I think this is the project checkout dir.
This used to pass only because of the broken vendoring of the verifier/contentsignature package, and the tests were written to match the stale vendored version.
Oh, this repo is a squash and merge one! Could you split this up into smaller PRs? I'd rather us not have to revert all of this work just because one commit had a problem. Some of these also feel totally separable like the docker-compose changes. (Edited later: Also, since the PR checks for merging only run on the whole set, it's not guaranteed to the reviewers that individual commits are revertable if they're problematic) |
Also, this patch rules |
I am switching this back to a draft, and I will split it up into multiple PR's that are a little more digestable. |
This is trying to see what happens if we update the Docker image on which autograph is built from
golang:1.16.10-buster
to something a bit more recent. In this case I chosedebian:bookworm
since it's the current stable release of Debian.So far, this PR can be divided up into three epochs:
Because one of my objectives of this work was to get the CI tests passing again, I have uncovered a bunch of broken tests and linting errors which have accumulated in the absence of working tests. So this has kind of turned into a large pull request. If this is too much to digest in one PR, let me know and I can make an effort to break it up into smaller pieces.