diff --git a/.github/workflows/pb-create-package.yml b/.github/workflows/pb-create-package.yml index 3500d6b..2babb59 100644 --- a/.github/workflows/pb-create-package.yml +++ b/.github/workflows/pb-create-package.yml @@ -16,48 +16,30 @@ jobs: password: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_PASSWORD }} registry: docker.io username: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_USERNAME }} - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v6 with: - go-version: "1.22" + go-version: "1.26" - name: Install create-package run: | #!/usr/bin/env bash - set -euo pipefail - go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/create-package@latest - - uses: buildpacks/github-actions/setup-tools@v5.6.0 + - uses: buildpacks/github-actions/setup-tools@v5.12.0 with: - crane-version: 0.19.1 + crane-version: 0.20.3 yj-version: 5.1.0 - - name: Install pack - run: | - #!/usr/bin/env bash - # this is coming from a copy of https://github.com/buildpacks/pack/actions/runs/8118576298 stored on box - # TODO to revisit when the official one is out - set -euo pipefail - - echo "Installing pack experimental" - - mkdir -p "${HOME}"/bin - echo "${HOME}/bin" >> "${GITHUB_PATH}" - - curl -L "https://github.com/buildpacks/pack/releases/download/v0.36.0/pack-v0.36.0-linux.tgz" | tar xvz -C "${HOME}/bin" - chmod +x "${HOME}"/bin/pack + - uses: buildpacks/github-actions/setup-pack@v5.12.0 + with: + pack-version: 0.40.2 - name: Enable pack Experimental - if: ${{ false }} run: | #!/usr/bin/env bash - set -euo pipefail - echo "Enabling pack experimental features" - - mkdir -p "${HOME}"/.pack - echo "experimental = true" >> "${HOME}"/.pack/config.toml - - uses: actions/checkout@v4 + pack config experimental true + - uses: actions/checkout@v6 - if: ${{ false }} - uses: actions/cache@v4 + uses: actions/cache@v5 with: key: ${{ runner.os }}-go-${{ hashFiles('**/buildpack.toml', '**/package.toml') }} path: |- @@ -68,20 +50,15 @@ jobs: id: version run: | #!/usr/bin/env bash - set -euo pipefail - if [[ ${GITHUB_REF:-} != "refs/"* ]]; then echo "GITHUB_REF set to [${GITHUB_REF:-}], but that is unexpected. It should start with 'refs/*'" exit 255 fi - if [[ ${GITHUB_REF} =~ refs/tags/v([0-9]+\.[0-9]+\.[0-9]+) ]]; then VERSION=${BASH_REMATCH[1]} - MAJOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 }')" MINOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 "." $2 }')" - echo "version-major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" echo "version-minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT" elif [[ ${GITHUB_REF} =~ refs/heads/(.+) ]]; then @@ -89,7 +66,6 @@ jobs: else VERSION=$(git rev-parse --short HEAD) fi - echo "version=${VERSION}" >> "$GITHUB_OUTPUT" echo "Selected ${VERSION} from * ref: ${GITHUB_REF} @@ -98,16 +74,13 @@ jobs: - name: Create Package run: | #!/usr/bin/env bash - set -euo pipefail - # With Go 1.20, we need to set this so that we produce statically compiled binaries # # Starting with Go 1.20, Go will produce binaries that are dynamically linked against libc # which can cause compatibility issues. The compiler links against libc on the build system # but that may be newer than on the stacks we support. export CGO_ENABLED=0 - if [[ "${INCLUDE_DEPENDENCIES}" == "true" ]]; then create-package \ --source "${SOURCE_PATH:-.}" \ @@ -121,7 +94,6 @@ jobs: --destination "${HOME}"/buildpack \ --version "${VERSION}" fi - PACKAGE_FILE="${SOURCE_PATH:-.}/package.toml" if [ -f "${PACKAGE_FILE}" ]; then cp "${PACKAGE_FILE}" "${HOME}/buildpack/package.toml" @@ -136,35 +108,28 @@ jobs: id: package run: |- #!/usr/bin/env bash - set -euo pipefail - COMPILED_BUILDPACK="${HOME}/buildpack" - # create-package puts the buildpack here, we need to run from that directory # for component buildpacks so that pack doesn't need a package.toml cd "${COMPILED_BUILDPACK}" CONFIG="" if [ -f "${COMPILED_BUILDPACK}/package.toml" ]; then - CONFIG="--config ${COMPILED_BUILDPACK}/package.toml" + CONFIG="--config ${COMPILED_BUILDPACK}/package.toml --flatten" fi - PACKAGE_LIST=($PACKAGES) # Extract first repo (Docker Hub) as the main to package & register PACKAGE=${PACKAGE_LIST[0]} - if [[ "${PUBLISH:-x}" == "true" ]]; then pack -v buildpack package \ "${PACKAGE}:${VERSION}" ${CONFIG} \ --publish - if [[ -n ${VERSION_MINOR:-} && -n ${VERSION_MAJOR:-} ]]; then crane tag "${PACKAGE}:${VERSION}" "${VERSION_MINOR}" crane tag "${PACKAGE}:${VERSION}" "${VERSION_MAJOR}" fi crane tag "${PACKAGE}:${VERSION}" latest echo "digest=$(crane digest "${PACKAGE}:${VERSION}")" >> "$GITHUB_OUTPUT" - # copy to other repositories specified for P in "${PACKAGE_LIST[@]}" do @@ -177,11 +142,15 @@ jobs: crane tag "${P}:${VERSION}" latest fi done - else - pack -v buildpack package \ - "${PACKAGE}:${VERSION}" ${CONFIG} \ - --format "${FORMAT}" $([ -n "$TTL_SH_PUBLISH" ] && [ "$TTL_SH_PUBLISH" = "true" ] && echo "--publish") + if [ -n "$TTL_SH_PUBLISH" ] && [ "$TTL_SH_PUBLISH" = "true" ]; then + TAG="${PACKAGE}-$(mktemp -u XXXXX | awk '{print tolower($0)}'):${VERSION}" + pack -v buildpack package "${TAG}" ${CONFIG} --format "${FORMAT}" --publish + else + TAG="${PACKAGE}:${VERSION}" + pack -v buildpack package "${TAG}" ${CONFIG} --format "${FORMAT}" + fi + echo "ttl-image-tag=${TAG:-}" >> "$GITHUB_OUTPUT" fi env: PACKAGES: docker.io/initializbuildpacks/ca-certificates @@ -192,16 +161,12 @@ jobs: - name: Update release with digest run: | #!/usr/bin/env bash - set -euo pipefail - PAYLOAD=$(cat "${GITHUB_EVENT_PATH}") - RELEASE_ID=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.id') RELEASE_TAG_NAME=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.tag_name') RELEASE_NAME=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.name') RELEASE_BODY=$(jq -n -r --argjson PAYLOAD "${PAYLOAD}" '$PAYLOAD.release.body') - gh api \ --method PATCH \ "/repos/:owner/:repo/releases/${RELEASE_ID}" \ @@ -212,7 +177,7 @@ jobs: DIGEST: ${{ steps.package.outputs.digest }} GITHUB_TOKEN: ${{ secrets.PAT }} - if: ${{ true }} - uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:5.6.0 + uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:5.12.0 with: address: docker.io/initializbuildpacks/ca-certificates@${{ steps.package.outputs.digest }} id: initializ-buildpacks/ca-certificates diff --git a/.github/workflows/pb-tests.yml b/.github/workflows/pb-tests.yml index 3f2fddb..d0d3621 100644 --- a/.github/workflows/pb-tests.yml +++ b/.github/workflows/pb-tests.yml @@ -15,43 +15,29 @@ jobs: runs-on: - ubuntu-latest steps: - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v6 with: - go-version: "1.22" + go-version: "1.26" - name: Install create-package run: | #!/usr/bin/env bash - set -euo pipefail - go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/create-package@latest - - name: Install pack - run: | - #!/usr/bin/env bash - # this is coming from a copy of https://github.com/buildpacks/pack/actions/runs/8118576298 stored on box - # TODO to revisit when the official one is out - set -euo pipefail - - echo "Installing pack experimental" - - mkdir -p "${HOME}"/bin - echo "${HOME}/bin" >> "${GITHUB_PATH}" - - curl -L "https://ent.box.com/shared/static/j4d1bfe9uk1sb0i7zjvci0md9xmy41u4" -o ${HOME}/bin/pack - chmod +x "${HOME}"/bin/pack + - uses: buildpacks/github-actions/setup-tools@v5.12.0 + with: + crane-version: 0.20.3 + yj-version: 5.1.0 + - uses: buildpacks/github-actions/setup-pack@v5.12.0 + with: + pack-version: 0.40.2 - name: Enable pack Experimental - if: ${{ false }} run: | #!/usr/bin/env bash - set -euo pipefail - echo "Enabling pack experimental features" - - mkdir -p "${HOME}"/.pack - echo "experimental = true" >> "${HOME}"/.pack/config.toml - - uses: actions/checkout@v4 - - uses: actions/cache@v4 + pack config experimental true + - uses: actions/checkout@v6 + - uses: actions/cache@v5 with: key: ${{ runner.os }}-go-${{ hashFiles('**/buildpack.toml', '**/package.toml') }} path: |- @@ -62,20 +48,15 @@ jobs: id: version run: | #!/usr/bin/env bash - set -euo pipefail - if [[ ${GITHUB_REF:-} != "refs/"* ]]; then echo "GITHUB_REF set to [${GITHUB_REF:-}], but that is unexpected. It should start with 'refs/*'" exit 255 fi - if [[ ${GITHUB_REF} =~ refs/tags/v([0-9]+\.[0-9]+\.[0-9]+) ]]; then VERSION=${BASH_REMATCH[1]} - MAJOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 }')" MINOR_VERSION="$(echo "${VERSION}" | awk -F '.' '{print $1 "." $2 }')" - echo "version-major=${MAJOR_VERSION}" >> "$GITHUB_OUTPUT" echo "version-minor=${MINOR_VERSION}" >> "$GITHUB_OUTPUT" elif [[ ${GITHUB_REF} =~ refs/heads/(.+) ]]; then @@ -83,7 +64,6 @@ jobs: else VERSION=$(git rev-parse --short HEAD) fi - echo "version=${VERSION}" >> "$GITHUB_OUTPUT" echo "Selected ${VERSION} from * ref: ${GITHUB_REF} @@ -92,16 +72,13 @@ jobs: - name: Create Package run: | #!/usr/bin/env bash - set -euo pipefail - # With Go 1.20, we need to set this so that we produce statically compiled binaries # # Starting with Go 1.20, Go will produce binaries that are dynamically linked against libc # which can cause compatibility issues. The compiler links against libc on the build system # but that may be newer than on the stacks we support. export CGO_ENABLED=0 - if [[ "${INCLUDE_DEPENDENCIES}" == "true" ]]; then create-package \ --source "${SOURCE_PATH:-.}" \ @@ -115,7 +92,6 @@ jobs: --destination "${HOME}"/buildpack \ --version "${VERSION}" fi - PACKAGE_FILE="${SOURCE_PATH:-.}/package.toml" if [ -f "${PACKAGE_FILE}" ]; then cp "${PACKAGE_FILE}" "${HOME}/buildpack/package.toml" @@ -128,35 +104,28 @@ jobs: - name: Package Buildpack run: |- #!/usr/bin/env bash - set -euo pipefail - COMPILED_BUILDPACK="${HOME}/buildpack" - # create-package puts the buildpack here, we need to run from that directory # for component buildpacks so that pack doesn't need a package.toml cd "${COMPILED_BUILDPACK}" CONFIG="" if [ -f "${COMPILED_BUILDPACK}/package.toml" ]; then - CONFIG="--config ${COMPILED_BUILDPACK}/package.toml" + CONFIG="--config ${COMPILED_BUILDPACK}/package.toml --flatten" fi - PACKAGE_LIST=($PACKAGES) # Extract first repo (Docker Hub) as the main to package & register PACKAGE=${PACKAGE_LIST[0]} - if [[ "${PUBLISH:-x}" == "true" ]]; then pack -v buildpack package \ "${PACKAGE}:${VERSION}" ${CONFIG} \ --publish - if [[ -n ${VERSION_MINOR:-} && -n ${VERSION_MAJOR:-} ]]; then crane tag "${PACKAGE}:${VERSION}" "${VERSION_MINOR}" crane tag "${PACKAGE}:${VERSION}" "${VERSION_MAJOR}" fi crane tag "${PACKAGE}:${VERSION}" latest echo "digest=$(crane digest "${PACKAGE}:${VERSION}")" >> "$GITHUB_OUTPUT" - # copy to other repositories specified for P in "${PACKAGE_LIST[@]}" do @@ -169,11 +138,15 @@ jobs: crane tag "${P}:${VERSION}" latest fi done - else - pack -v buildpack package \ - "${PACKAGE}:${VERSION}" ${CONFIG} \ - --format "${FORMAT}" $([ -n "$TTL_SH_PUBLISH" ] && [ "$TTL_SH_PUBLISH" = "true" ] && echo "--publish") + if [ -n "$TTL_SH_PUBLISH" ] && [ "$TTL_SH_PUBLISH" = "true" ]; then + TAG="${PACKAGE}-$(mktemp -u XXXXX | awk '{print tolower($0)}'):${VERSION}" + pack -v buildpack package "${TAG}" ${CONFIG} --format "${FORMAT}" --publish + else + TAG="${PACKAGE}:${VERSION}" + pack -v buildpack package "${TAG}" ${CONFIG} --format "${FORMAT}" + fi + echo "ttl-image-tag=${TAG:-}" >> "$GITHUB_OUTPUT" fi env: FORMAT: image @@ -185,26 +158,22 @@ jobs: runs-on: - ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/cache@v4 + - uses: actions/checkout@v6 + - uses: actions/cache@v5 with: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} path: ${{ env.HOME }}/go/pkg/mod restore-keys: ${{ runner.os }}-go- - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v6 with: - go-version: "1.22" + go-version: "1.26" - name: Install richgo run: | #!/usr/bin/env bash - set -euo pipefail - echo "Installing richgo ${RICHGO_VERSION}" - mkdir -p "${HOME}"/bin echo "${HOME}/bin" >> "${GITHUB_PATH}" - curl \ --location \ --show-error \ @@ -216,9 +185,7 @@ jobs: - name: Run Tests run: | #!/usr/bin/env bash - set -euo pipefail - richgo test ./... env: RICHGO_FORCE_COLOR: "1" diff --git a/cacerts/build.go b/cacerts/build.go index 3703a7e..bcf5fd3 100644 --- a/cacerts/build.go +++ b/cacerts/build.go @@ -19,7 +19,7 @@ package cacerts import ( "errors" "fmt" - "io/ioutil" + "os" "sort" "strings" @@ -48,7 +48,10 @@ func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) { return libcnb.BuildResult{}, fmt.Errorf("unable to create configuration resolver\n%w", err) } - certDir, err := ioutil.TempDir("", "ca-certificates") + certDir, err := os.MkdirTemp("", "ca-certificates") + if err != nil { + return libcnb.BuildResult{}, fmt.Errorf("unable to create temp directory\n%w", err) + } var certPaths []string var contributedHelper bool @@ -70,15 +73,12 @@ func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) { if contributedHelper { continue } - h, be := libpak.NewHelperLayer( + h := libpak.NewHelperLayerContributor( context.Buildpack, ExecutableCACertsHelper, ) h.Logger = b.Logger result.Layers = append(result.Layers, h) - if be.Name != "" { - result.BOM.Entries = append(result.BOM.Entries, be) - } contributedHelper = true default: return libcnb.BuildResult{}, fmt.Errorf("received unexpected buildpack plan entry %q", e.Name) diff --git a/cacerts/build_test.go b/cacerts/build_test.go index 2b94922..002611a 100644 --- a/cacerts/build_test.go +++ b/cacerts/build_test.go @@ -17,7 +17,6 @@ package cacerts_test import ( - "io/ioutil" "os" "path/filepath" "testing" @@ -40,7 +39,7 @@ func testBuild(t *testing.T, context spec.G, it spec.S) { it.Before(func() { var err error - ctx.Layers.Path, err = ioutil.TempDir("", "build-layers") + ctx.Layers.Path, err = os.MkdirTemp("", "build-layers") Expect(err).NotTo(HaveOccurred()) build = cacerts.Build{} @@ -149,8 +148,6 @@ func testBuild(t *testing.T, context spec.G, it spec.S) { helperLayer, ok := result.Layers[0].(libpak.HelperLayerContributor) Expect(ok).To(BeTrue()) Expect(helperLayer.Name()).To(Equal("helper")) - Expect(len(result.BOM.Entries)).To(Equal(1)) - Expect(result.BOM.Entries[0].Name).To(Equal("helper")) }) it("contributes helper for API 0.7+", func() { var err error @@ -163,7 +160,6 @@ func testBuild(t *testing.T, context spec.G, it spec.S) { helperLayer, ok := result.Layers[0].(libpak.HelperLayerContributor) Expect(ok).To(BeTrue()) Expect(helperLayer.Name()).To(Equal("helper")) - Expect(len(result.BOM.Entries)).To(Equal(1)) }) }) diff --git a/cacerts/certs.go b/cacerts/certs.go index a530060..d06d79c 100644 --- a/cacerts/certs.go +++ b/cacerts/certs.go @@ -25,7 +25,6 @@ import ( "encoding/pem" "errors" "fmt" - "io/ioutil" "os" "path/filepath" "regexp" @@ -55,7 +54,7 @@ func GenerateHashLinks(dir string, certPaths []string) error { hashes := map[uint32][]string{} sort.Strings(certPaths) for _, path := range certPaths { - raw, err := ioutil.ReadFile(path) + raw, err := os.ReadFile(path) if err != nil { return fmt.Errorf("failed to read file at path %q\n%w", path, err) } @@ -175,7 +174,7 @@ func SplitCerts(path string, certDir string) ([]string, error) { var block *pem.Block var rest []byte - raw, err := ioutil.ReadFile(path) + raw, err := os.ReadFile(path) if err != nil { return nil, fmt.Errorf("failed to read file at path %q\n%w", path, err) } @@ -190,7 +189,7 @@ func SplitCerts(path string, certDir string) ([]string, error) { } for ind := 0; block != nil; ind++ { newCertPath := filepath.Join(certDir, fmt.Sprintf("cert_%d_%s", ind, filepath.Base(path))) - if os.WriteFile(newCertPath, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: block.Bytes}), 0777); err != nil { + if err = os.WriteFile(newCertPath, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: block.Bytes}), 0777); err != nil { return nil, fmt.Errorf("failed to write extra certficate to file\n%w", err) } paths = append(paths, newCertPath) diff --git a/cacerts/certs_test.go b/cacerts/certs_test.go index c578efd..2f55951 100644 --- a/cacerts/certs_test.go +++ b/cacerts/certs_test.go @@ -21,7 +21,6 @@ import ( "encoding/asn1" "encoding/pem" "errors" - "io/ioutil" "os" "path/filepath" "testing" @@ -42,7 +41,7 @@ func testCerts(t *testing.T, context spec.G, it spec.S) { it.Before(func() { var err error - dir, err = ioutil.TempDir("", "hash-links-test") + dir, err = os.MkdirTemp("", "hash-links-test") Expect(err).NotTo(HaveOccurred()) }) @@ -57,23 +56,23 @@ func testCerts(t *testing.T, context spec.G, it spec.S) { filepath.Join("testdata", "SecureTrust_CA_Duplicate.pem"), }) Expect(err).NotTo(HaveOccurred()) - fis, err := ioutil.ReadDir(dir) + fis, err := os.ReadDir(dir) Expect(err).NotTo(HaveOccurred()) Expect(len(fis)).To(Equal(3)) - Expect(fis[0].Mode() & os.ModeType).To(Equal(os.ModeSymlink)) + Expect(fis[0].Type() & os.ModeType).To(Equal(os.ModeSymlink)) target, err := os.Readlink(filepath.Join(dir, fis[0].Name())) Expect(err).NotTo(HaveOccurred()) Expect(target).To(Equal("testdata/Go_Daddy_Class_2_CA.pem")) Expect(fis[0].Name()).To(Equal("f081611a.0")) - Expect(fis[1].Mode() & os.ModeType).To(Equal(os.ModeSymlink)) + Expect(fis[1].Type() & os.ModeType).To(Equal(os.ModeSymlink)) target, err = os.Readlink(filepath.Join(dir, fis[1].Name())) Expect(err).NotTo(HaveOccurred()) Expect(target).To(Equal("testdata/SecureTrust_CA.pem")) Expect(fis[1].Name()).To(Equal("f39fc864.0")) - Expect(fis[2].Mode() & os.ModeType).To(Equal(os.ModeSymlink)) + Expect(fis[2].Type() & os.ModeType).To(Equal(os.ModeSymlink)) target, err = os.Readlink(filepath.Join(dir, fis[2].Name())) Expect(err).NotTo(HaveOccurred()) Expect(target).To(Equal("testdata/SecureTrust_CA_Duplicate.pem")) @@ -91,7 +90,7 @@ func testCerts(t *testing.T, context spec.G, it spec.S) { context("SubjectNameHash", func() { it("matches openssl", func() { - raw, err := ioutil.ReadFile(filepath.Join("testdata", "Go_Daddy_Class_2_CA.pem")) + raw, err := os.ReadFile(filepath.Join("testdata", "Go_Daddy_Class_2_CA.pem")) Expect(err).NotTo(HaveOccurred()) block, rest := pem.Decode(raw) Expect(rest).To(BeEmpty()) @@ -103,7 +102,7 @@ func testCerts(t *testing.T, context spec.G, it spec.S) { // openssl x509 -hash -in ./cacerts/testdata/Go_Daddy_Class_2_CA.pem -> f081611a Expect(hash).To(Equal(uint32(0xF081611A))) - raw, err = ioutil.ReadFile(filepath.Join("testdata", "SecureTrust_CA.pem")) + raw, err = os.ReadFile(filepath.Join("testdata", "SecureTrust_CA.pem")) Expect(err).NotTo(HaveOccurred()) block, rest = pem.Decode(raw) Expect(rest).To(BeEmpty()) @@ -121,7 +120,7 @@ func testCerts(t *testing.T, context spec.G, it spec.S) { context("cert contains non-UTF8String values", func() { var subject []byte it.Before(func() { - raw, err := ioutil.ReadFile(filepath.Join("testdata", "Go_Daddy_Class_2_CA.pem")) + raw, err := os.ReadFile(filepath.Join("testdata", "Go_Daddy_Class_2_CA.pem")) Expect(err).NotTo(HaveOccurred()) block, rest := pem.Decode(raw) Expect(rest).To(BeEmpty()) @@ -191,7 +190,7 @@ func testCerts(t *testing.T, context spec.G, it spec.S) { var dir string it.Before(func() { var err error - dir, err = ioutil.TempDir("", "multi-certs") + dir, err = os.MkdirTemp("", "multi-certs") Expect(err).NotTo(HaveOccurred()) }) diff --git a/cacerts/detect_test.go b/cacerts/detect_test.go index 46ebf28..3e190aa 100644 --- a/cacerts/detect_test.go +++ b/cacerts/detect_test.go @@ -95,7 +95,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { context("BP_ENABLE_RUNTIME_CERT_BINDING is set to false", func() { var result libcnb.DetectResult it.Before(func() { - os.Setenv("BP_ENABLE_RUNTIME_CERT_BINDING", "false") + Expect(os.Setenv("BP_ENABLE_RUNTIME_CERT_BINDING", "false")).To(Succeed()) //nolint:errcheck var err error result, err = detect.Detect(ctx) @@ -103,7 +103,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { }) it.After(func() { - os.Unsetenv("BP_ENABLE_RUNTIME_CERT_BINDING") + Expect(os.Unsetenv("BP_ENABLE_RUNTIME_CERT_BINDING")).To(Succeed()) //nolint:errcheck }) it("detect passes", func() { @@ -136,7 +136,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { context("BP_RUNTIME_CERT_BINDING_DISABLED is set to true", func() { var result libcnb.DetectResult it.Before(func() { - os.Setenv("BP_RUNTIME_CERT_BINDING_DISABLED", "true") + Expect(os.Setenv("BP_RUNTIME_CERT_BINDING_DISABLED", "true")).To(Succeed()) //nolint:errcheck var err error result, err = detect.Detect(ctx) @@ -144,7 +144,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { }) it.After(func() { - os.Unsetenv("BP_RUNTIME_CERT_BINDING_DISABLED") + Expect(os.Unsetenv("BP_RUNTIME_CERT_BINDING_DISABLED")).To(Succeed()) //nolint:errcheck }) it("detect passes", func() { @@ -215,7 +215,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { context("BP_ENABLE_RUNTIME_CERT_BINDING is set to false", func() { var result libcnb.DetectResult it.Before(func() { - os.Setenv("BP_ENABLE_RUNTIME_CERT_BINDING", "false") + _ = os.Setenv("BP_ENABLE_RUNTIME_CERT_BINDING", "false") var err error result, err = detect.Detect(ctx) @@ -223,7 +223,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { }) it.After(func() { - os.Unsetenv("BP_ENABLE_RUNTIME_CERT_BINDING") + _ = os.Unsetenv("BP_ENABLE_RUNTIME_CERT_BINDING") }) it("detect passes", func() { @@ -244,7 +244,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { context("BP_RUNTIME_CERT_BINDING_DISABLED is set to true", func() { var result libcnb.DetectResult it.Before(func() { - os.Setenv("BP_RUNTIME_CERT_BINDING_DISABLED", "true") + _ = os.Setenv("BP_RUNTIME_CERT_BINDING_DISABLED", "true") var err error result, err = detect.Detect(ctx) @@ -252,7 +252,7 @@ func testDetect(t *testing.T, context spec.G, it spec.S) { }) it.After(func() { - os.Unsetenv("BP_RUNTIME_CERT_BINDING_DISABLED") + _ = os.Unsetenv("BP_RUNTIME_CERT_BINDING_DISABLED") }) it("detect passes", func() { diff --git a/cacerts/execd.go b/cacerts/execd.go index db291f9..2f43245 100644 --- a/cacerts/execd.go +++ b/cacerts/execd.go @@ -18,7 +18,6 @@ package cacerts import ( "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -58,7 +57,7 @@ func (e *ExecD) Execute() (map[string]string, error) { if len(paths) == 0 { return env, nil } - certDir, err := ioutil.TempDir("", "ca-certificates") + certDir, err := os.MkdirTemp("", "ca-certificates") if err != nil { return nil, fmt.Errorf("failed to create temp dir\n%w", err) } diff --git a/cacerts/trusted_ca_certs_test.go b/cacerts/trusted_ca_certs_test.go index 4d6a0ad..fdf0780 100644 --- a/cacerts/trusted_ca_certs_test.go +++ b/cacerts/trusted_ca_certs_test.go @@ -17,7 +17,6 @@ package cacerts_test import ( - "io/ioutil" "os" "path/filepath" "testing" @@ -48,10 +47,10 @@ func testTrustedCACerts(t *testing.T, context spec.G, it spec.S) { it.Before(func() { var err error - certsDir, err = ioutil.TempDir("", "ca-cert-files") + certsDir, err = os.MkdirTemp("", "ca-cert-files") Expect(err).NotTo(HaveOccurred()) - layerDir, err = ioutil.TempDir("", "ca-certs-layer") + layerDir, err = os.MkdirTemp("", "ca-certs-layer") Expect(err).NotTo(HaveOccurred()) layers := &libcnb.Layers{Path: layerDir} @@ -73,7 +72,7 @@ func testTrustedCACerts(t *testing.T, context spec.G, it spec.S) { for _, caCert := range caCertsList { Expect(os.MkdirAll(filepath.Dir(caCert), 0755)).ToNot(HaveOccurred()) - Expect(ioutil.WriteFile(caCert, []byte{}, 0644)).ToNot(HaveOccurred()) + Expect(os.WriteFile(caCert, []byte{}, 0644)).ToNot(HaveOccurred()) } trustedCAs = cacerts.NewTrustedCACerts(caCertsList, false) diff --git a/go.mod b/go.mod index dd832f2..2bc505e 100644 --- a/go.mod +++ b/go.mod @@ -1,26 +1,27 @@ module github.com/initializ-buildpacks/ca-certificates/v3 -go 1.24.1 +go 1.26.1 require ( - github.com/buildpacks/libcnb v1.30.3 - github.com/onsi/gomega v1.33.1 - github.com/paketo-buildpacks/libpak v1.70.0 + github.com/buildpacks/libcnb v1.30.4 + github.com/onsi/gomega v1.40.0 + github.com/paketo-buildpacks/libpak v1.73.0 github.com/sclevine/spec v1.4.0 ) require ( - github.com/BurntSushi/toml v1.4.0 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/creack/pty v1.1.21 // indirect - github.com/google/go-cmp v0.6.0 // indirect + github.com/BurntSushi/toml v1.6.0 // indirect + github.com/Masterminds/semver/v3 v3.5.0 // indirect + github.com/creack/pty v1.1.24 // indirect + github.com/google/go-cmp v0.7.0 // indirect github.com/heroku/color v0.0.6 // indirect github.com/imdario/mergo v0.3.16 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect + github.com/kr/text v0.2.0 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.22 // indirect github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/text v0.33.0 // indirect ) diff --git a/go.sum b/go.sum index 1da6327..22fac64 100644 --- a/go.sum +++ b/go.sum @@ -1,62 +1,61 @@ -github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= -github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/buildpacks/libcnb v1.30.3 h1:JtFMFPO2450uDLzpE1b50TvmM1GEZa8YT9cQ2ZZtHqA= -github.com/buildpacks/libcnb v1.30.3/go.mod h1:JPb1vC7HQcGK0oONfqJvsYzOjw3be+WBbQ0KYOIhNvA= -github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= -github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/Masterminds/semver/v3 v3.5.0 h1:kQceYJfbupGfZOKZQg0kou0DgAKhzDg2NZPAwZ/2OOE= +github.com/Masterminds/semver/v3 v3.5.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/buildpacks/libcnb v1.30.4 h1:Jp6cJxYsZQgqix+lpRdSpjHt5bv5yCJqgkw9zWmS6xU= +github.com/buildpacks/libcnb v1.30.4/go.mod h1:vjEDAlK3/Rf67AcmBzphXoqIlbdFgBNUK5d8wjreJbY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= +github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= -github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/heroku/color v0.0.6 h1:UTFFMrmMLFcL3OweqP1lAdp8i1y/9oHqkeHjQ/b/Ny0= github.com/heroku/color v0.0.6/go.mod h1:ZBvOcx7cTF2QKOv4LbmoBtNl5uB17qWxGuzZrsi1wLU= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww= +github.com/jarcoal/httpmock v1.3.1/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4= +github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4= github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= -github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= -github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= -github.com/paketo-buildpacks/libpak v1.70.0 h1:J2Vo4lkqfrkEhOsbJbTpAHjRCszEprHjdnrLlLkL3c8= -github.com/paketo-buildpacks/libpak v1.70.0/go.mod h1:VJpKQDq1ajyi3JIjfqIyg1Dgf/ayd4jzkO38bbqgQLc= +github.com/onsi/gomega v1.40.0 h1:Vtol0e1MghCD2ZVIilPDIg44XSL9l2QAn8ZNaljWcJc= +github.com/onsi/gomega v1.40.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= +github.com/paketo-buildpacks/libpak v1.73.0 h1:OgdkOn4VLIzRo0WcSx1iRmqeLrcMAZbIk7pOOJSyl5Q= +github.com/paketo-buildpacks/libpak v1.73.0/go.mod h1:EY01BAEtNPT1kI+/OTGTAkitNzKiFzCTGAmxapBUPJ4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= -google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= -google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= +golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= +google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= +google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=