diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 8c30b89fbba..082de0e1b10 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -37,8 +37,19 @@ jobs: run_test_workflow: - "!?(site|release-notes)/**" + # Dedicated job to store go modules in cache due to the write permissions + go-mod-download: + runs-on: ubuntu-22.04 + permissions: + actions: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: ./tools/github-actions/go-mod-download + lint: runs-on: ubuntu-22.04 + needs: + - go-mod-download steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./tools/github-actions/setup-deps @@ -50,6 +61,8 @@ jobs: gen-check: runs-on: ubuntu-22.04 + needs: + - go-mod-download steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./tools/github-actions/setup-deps @@ -57,6 +70,8 @@ jobs: license-check: runs-on: ubuntu-latest + needs: + - go-mod-download steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./tools/github-actions/setup-deps @@ -69,6 +84,7 @@ jobs: id-token: write # for fetching OIDC token needs: - changes + - go-mod-download if: ${{ github.event_name != 'pull_request' || needs.changes.outputs.run_test_workflow == 'true' }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -107,7 +123,7 @@ jobs: build: runs-on: ubuntu-latest - needs: [changes, lint, gen-check, license-check, coverage-test] + needs: [changes, go-mod-download, lint, gen-check, license-check, coverage-test] if: ${{ github.event_name != 'pull_request' || needs.changes.outputs.run_test_workflow == 'true' }} steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -126,6 +142,7 @@ jobs: runs-on: ubuntu-latest needs: - changes + - go-mod-download - build if: ${{ github.event_name != 'pull_request' || needs.changes.outputs.run_test_workflow == 'true' }} strategy: @@ -179,6 +196,7 @@ jobs: runs-on: ubuntu-latest needs: - changes + - go-mod-download - build if: ${{ github.event_name != 'pull_request' || needs.changes.outputs.run_test_workflow == 'true' }} strategy: @@ -242,6 +260,7 @@ jobs: needs: - build - changes + - go-mod-download # There's a different workflow for benchmark-test on push. # So we need to check if this is a pull request and changes. if: ${{ github.event_name == 'pull_request' && needs.changes.outputs.run_test_workflow == 'true' }} @@ -276,6 +295,7 @@ jobs: needs: - build - changes + - go-mod-download steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./tools/github-actions/setup-deps diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f1b71766bae..25009bdb4b8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -15,6 +15,15 @@ permissions: jobs: + # Dedicated job to store go modules in cache due to the write permissions + go-mod-download: + runs-on: ubuntu-22.04 + permissions: + actions: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: ./tools/github-actions/go-mod-download + analyze: name: Analyze runs-on: 'ubuntu-22.04' @@ -29,7 +38,8 @@ jobs: matrix: language: - go - + needs: + - go-mod-download steps: - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 1d297bf8ab3..06adb09ba48 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -17,8 +17,19 @@ permissions: contents: read jobs: + # Dedicated job to store go modules in cache due to the write permissions + go-mod-download: + runs-on: ubuntu-22.04 + permissions: + actions: write + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: ./tools/github-actions/go-mod-download + docs-lint: runs-on: ubuntu-22.04 + needs: + - go-mod-download steps: - name: Check out code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index 52cf37d1033..08f36d72649 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -56,8 +56,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= -github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= +github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ= +github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= diff --git a/go.mod b/go.mod index b9e21b1ea04..c77e1435b9f 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/go-openapi/strfmt v0.24.0 github.com/go-openapi/validate v0.25.0 github.com/golang/protobuf v1.5.4 - github.com/google/cel-go v0.26.0 + github.com/google/cel-go v0.26.1 github.com/google/go-cmp v0.7.0 github.com/google/go-containerregistry v0.20.6 github.com/klauspost/compress v1.18.1 @@ -80,7 +80,7 @@ require ( k8s.io/klog/v2 v2.130.1 k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 k8s.io/kubectl v0.34.1 - k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 sigs.k8s.io/controller-runtime v0.22.3 sigs.k8s.io/gateway-api v1.4.0 sigs.k8s.io/kubectl-validate v0.0.5-0.20250915070809-d2f2d68fba09 diff --git a/go.sum b/go.sum index e6b8f4b58d2..e0f2a859f0c 100644 --- a/go.sum +++ b/go.sum @@ -309,8 +309,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= -github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= +github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ= +github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -928,8 +928,8 @@ k8s.io/kubectl v0.34.1 h1:1qP1oqT5Xc93K+H8J7ecpBjaz511gan89KO9Vbsh/OI= k8s.io/kubectl v0.34.1/go.mod h1:JRYlhJpGPyk3dEmJ+BuBiOB9/dAvnrALJEiY/C5qa6A= k8s.io/metrics v0.34.1 h1:374Rexmp1xxgRt64Bi0TsjAM8cA/Y8skwCoPdjtIslE= k8s.io/metrics v0.34.1/go.mod h1:Drf5kPfk2NJrlpcNdSiAAHn/7Y9KqxpRNagByM7Ei80= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= periph.io/x/host/v3 v3.8.5 h1:g4g5xE1XZtDiGl1UAJaUur1aT7uNiFLMkyMEiZ7IHII= diff --git a/tools/github-actions/go-mod-download/action.yaml b/tools/github-actions/go-mod-download/action.yaml new file mode 100644 index 00000000000..9ed5971a5cb --- /dev/null +++ b/tools/github-actions/go-mod-download/action.yaml @@ -0,0 +1,16 @@ +name: go-mod-download +description: Install host system dependencies + +runs: + using: composite + steps: + - uses: ./tools/github-actions/setup-deps + - name: Download Go modules + shell: bash + run: | + set -euo pipefail + find . -name go.mod -print | sort | while read -r mod; do + dir=$(dirname "$mod") + echo "Downloading Go modules in ${dir:-.}" + (cd "${dir:-.}" && go mod download) + done diff --git a/tools/github-actions/setup-deps/action.yaml b/tools/github-actions/setup-deps/action.yaml index 2202ac9ac7c..0d79dd98a1b 100644 --- a/tools/github-actions/setup-deps/action.yaml +++ b/tools/github-actions/setup-deps/action.yaml @@ -6,7 +6,8 @@ runs: steps: - shell: bash run: sudo apt-get install libbtrfs-dev -y - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5.0.1 + - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version-file: go.mod cache: true + cache-dependency-path: "**/go.sum" diff --git a/tools/make/golang.mk b/tools/make/golang.mk index ad38fd6ebf7..1ea3e676218 100644 --- a/tools/make/golang.mk +++ b/tools/make/golang.mk @@ -14,7 +14,7 @@ ifeq ($(origin GOBIN), undefined) GOBIN := $(GOPATH)/bin endif -GO_VERSION = $(shell grep -oE "^go [[:digit:]]*\.[[:digit:]]*" go.mod | cut -d' ' -f2) +GO_VERSION = $(shell grep -oE "^go [[:digit:]]*\.[[:digit:]]*\.[[:digit:]]*" go.mod | cut -d' ' -f2) # Build the target binary in target platform. # The pattern of build.% is `build.{Platform}.{Command}`.