2022-08-26 02:09:48 +00:00
# reusable workflow
2022-08-30 11:33:23 +00:00
name : .windows
2022-05-19 19:19:00 +00:00
2022-09-10 13:07:46 +00:00
# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
2022-05-19 19:19:00 +00:00
on :
2022-08-26 02:09:48 +00:00
workflow_call :
inputs :
os :
required : true
type : string
send_coverage :
required : false
type : boolean
default : false
2022-05-19 19:19:00 +00:00
env :
Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
From the mailing list:
We have just released Go versions 1.19.2 and 1.18.7, minor point releases.
These minor releases include 3 security fixes following the security policy:
- archive/tar: unbounded memory consumption when reading headers
Reader.Read did not set a limit on the maximum size of file headers.
A maliciously crafted archive could cause Read to allocate unbounded
amounts of memory, potentially causing resource exhaustion or panics.
Reader.Read now limits the maximum size of header blocks to 1 MiB.
Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.
This is CVE-2022-2879 and Go issue https://go.dev/issue/54853.
- net/http/httputil: ReverseProxy should not forward unparseable query parameters
Requests forwarded by ReverseProxy included the raw query parameters from the
inbound request, including unparseable parameters rejected by net/http. This
could permit query parameter smuggling when a Go proxy forwards a parameter
with an unparseable value.
ReverseProxy will now sanitize the query parameters in the forwarded query
when the outbound request's Form field is set after the ReverseProxy.Director
function returns, indicating that the proxy has parsed the query parameters.
Proxies which do not parse query parameters continue to forward the original
query parameters unchanged.
Thanks to Gal Goldstein (Security Researcher, Oxeye) and
Daniel Abeles (Head of Research, Oxeye) for reporting this issue.
This is CVE-2022-2880 and Go issue https://go.dev/issue/54663.
- regexp/syntax: limit memory used by parsing regexps
The parsed regexp representation is linear in the size of the input,
but in some cases the constant factor can be as high as 40,000,
making relatively small regexps consume much larger amounts of memory.
Each regexp being parsed is now limited to a 256 MB memory footprint.
Regular expressions whose representation would use more space than that
are now rejected. Normal use of regular expressions is unaffected.
Thanks to Adam Korczynski (ADA Logics) and OSS-Fuzz for reporting this issue.
This is CVE-2022-41715 and Go issue https://go.dev/issue/55949.
View the release notes for more information: https://go.dev/doc/devel/release#go1.19.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-04 18:41:45 +00:00
GO_VERSION : 1.19 .2
2022-06-16 20:47:36 +00:00
GOTESTLIST_VERSION : v0.2.0
2022-06-06 14:11:47 +00:00
TESTSTAT_VERSION : v0.1.3
2022-05-19 19:19:00 +00:00
WINDOWS_BASE_IMAGE : mcr.microsoft.com/windows/servercore
WINDOWS_BASE_TAG_2019 : ltsc2019
WINDOWS_BASE_TAG_2022 : ltsc2022
TEST_IMAGE_NAME : moby:test
TEST_CTN_NAME : moby
DOCKER_BUILDKIT : 0
2022-08-26 02:09:48 +00:00
ITG_CLI_MATRIX_SIZE : 6
2022-05-19 19:19:00 +00:00
jobs :
build :
2022-08-26 02:09:48 +00:00
runs-on : ${{ inputs.os }}
2022-05-19 19:19:00 +00:00
env :
GOPATH : ${{ github.workspace }}\go
GOBIN : ${{ github.workspace }}\go\bin
BIN_OUT : ${{ github.workspace }}\out
defaults :
run :
working-directory : ${{ env.GOPATH }}/src/github.com/docker/docker
steps :
-
name : Checkout
uses : actions/checkout@v3
with :
path : ${{ env.GOPATH }}/src/github.com/docker/docker
-
name : Env
run : |
Get-ChildItem Env : | Out-String
-
name : Init
run : |
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
2022-08-26 02:09:48 +00:00
If ("${{ inputs.os }}" -eq "windows-2019") {
2022-05-19 19:19:00 +00:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
2022-08-26 02:09:48 +00:00
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
2022-05-19 19:19:00 +00:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
-
name : Cache
uses : actions/cache@v3
with :
path : |
~\AppData\Local\go-build
~\go\pkg\mod
${{ github.workspace }}\go-build
${{ env.GOPATH }}\pkg\mod
2022-08-26 02:09:48 +00:00
key : ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
2022-05-19 19:19:00 +00:00
restore-keys : |
2022-08-26 02:09:48 +00:00
${{ inputs.os }}-${{ github.job }}-
2022-05-19 19:19:00 +00:00
-
name : Docker info
run : |
docker info
-
name : Build base image
run : |
docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-
name : Build binaries
run : |
& docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -Daemon -Client
-
name : Copy artifacts
run : |
New-Item -ItemType "directory" -Path "${{ env.BIN_OUT }}"
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\docker.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\dockerd.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\bin\gotestsum.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd-shim-runhcs-v1.exe" ${{ env.BIN_OUT }}\
-
name : Upload artifacts
uses : actions/upload-artifact@v3
with :
2022-08-26 02:09:48 +00:00
name : build-${{ inputs.os }}
2022-05-19 19:19:00 +00:00
path : ${{ env.BIN_OUT }}/*
if-no-files-found : error
retention-days : 2
2022-04-22 20:51:22 +00:00
unit-test :
2022-08-26 02:09:48 +00:00
runs-on : ${{ inputs.os }}
2022-04-22 20:51:22 +00:00
env :
GOPATH : ${{ github.workspace }}\go
GOBIN : ${{ github.workspace }}\go\bin
defaults :
run :
working-directory : ${{ env.GOPATH }}/src/github.com/docker/docker
steps :
-
name : Checkout
uses : actions/checkout@v3
with :
path : ${{ env.GOPATH }}/src/github.com/docker/docker
-
name : Env
run : |
Get-ChildItem Env : | Out-String
-
name : Init
run : |
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
2022-05-19 19:19:51 +00:00
New-Item -ItemType "directory" -Path "bundles"
2022-08-26 02:09:48 +00:00
If ("${{ inputs.os }}" -eq "windows-2019") {
2022-04-22 20:51:22 +00:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
2022-08-26 02:09:48 +00:00
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
2022-04-22 20:51:22 +00:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
-
name : Cache
uses : actions/cache@v3
with :
path : |
~\AppData\Local\go-build
~\go\pkg\mod
${{ github.workspace }}\go-build
${{ env.GOPATH }}\pkg\mod
2022-08-26 02:09:48 +00:00
key : ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
2022-04-22 20:51:22 +00:00
restore-keys : |
2022-08-26 02:09:48 +00:00
${{ inputs.os }}-${{ github.job }}-
2022-04-22 20:51:22 +00:00
-
name : Docker info
run : |
docker info
-
name : Build base image
run : |
docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-
name : Test
run : |
& docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
2022-05-19 19:19:51 +00:00
-v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
-v "${{ env.GOPATH }}\src\github.com\docker\docker\bundles:C:\gopath\src\github.com\docker\docker\bundles" `
${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -TestUnit
-
name : Send to Codecov
2022-08-26 02:09:48 +00:00
if : inputs.send_coverage
2022-05-19 19:19:51 +00:00
uses : codecov/codecov-action@v3
with :
working-directory : ${{ env.GOPATH }}\src\github.com\docker\docker
directory : bundles
env_vars : RUNNER_OS
flags : unit
-
name : Upload reports
2022-05-31 17:40:15 +00:00
if : always()
2022-05-19 19:19:51 +00:00
uses : actions/upload-artifact@v3
with :
2022-08-26 02:09:48 +00:00
name : ${{ inputs.os }}-unit-reports
2022-05-19 19:19:51 +00:00
path : ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
2022-05-12 11:21:48 +00:00
2022-06-06 14:11:47 +00:00
unit-test-report :
runs-on : ubuntu-latest
if : always()
needs :
- unit-test
steps :
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 20:33:13 +00:00
go-version : ${{ env.GO_VERSION }}
2022-06-06 14:11:47 +00:00
-
name : Download artifacts
uses : actions/download-artifact@v3
with :
2022-08-26 02:09:48 +00:00
name : ${{ inputs.os }}-unit-reports
2022-06-06 14:11:47 +00:00
path : /tmp/artifacts
-
name : Install teststat
run : |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name : Create summary
run : |
teststat -markdown $(find /tmp/artifacts -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
2022-06-16 20:47:36 +00:00
integration-test-prepare :
runs-on : ubuntu-latest
outputs :
matrix : ${{ steps.tests.outputs.matrix }}
steps :
-
name : Checkout
uses : actions/checkout@v3
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 20:33:13 +00:00
go-version : ${{ env.GO_VERSION }}
2022-06-16 20:47:36 +00:00
-
name : Install gotestlist
run :
go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-
name : Create matrix
id : tests
working-directory : ./integration-cli
run : |
# Distribute integration-cli tests for the matrix in integration-test job.
# Also prepend ./... to the matrix. This is a special case to run "Test integration" step exclusively.
2022-08-26 02:09:48 +00:00
matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} ./...)"
2022-06-16 20:47:36 +00:00
matrix="$(echo "$matrix" | jq -c '. |= ["./..."] + .')"
echo "::set-output name=matrix::$matrix"
-
name : Show matrix
run : |
echo ${{ steps.tests.outputs.matrix }}
2022-05-12 11:21:48 +00:00
integration-test :
2022-08-26 02:09:48 +00:00
runs-on : ${{ inputs.os }}
2022-05-12 11:21:48 +00:00
needs :
- build
2022-06-16 20:47:36 +00:00
- integration-test-prepare
2022-05-12 11:21:48 +00:00
strategy :
fail-fast : false
matrix :
runtime :
- builtin
- containerd
2022-06-16 20:47:36 +00:00
test : ${{ fromJson(needs.integration-test-prepare.outputs.matrix) }}
2022-05-12 11:21:48 +00:00
env :
GOPATH : ${{ github.workspace }}\go
GOBIN : ${{ github.workspace }}\go\bin
BIN_OUT : ${{ github.workspace }}\out
defaults :
run :
working-directory : ${{ env.GOPATH }}/src/github.com/docker/docker
steps :
-
name : Checkout
uses : actions/checkout@v3
with :
path : ${{ env.GOPATH }}/src/github.com/docker/docker
-
name : Env
run : |
Get-ChildItem Env : | Out-String
-
name : Download artifacts
uses : actions/download-artifact@v3
with :
2022-08-26 02:09:48 +00:00
name : build-${{ inputs.os }}
2022-05-12 11:21:48 +00:00
path : ${{ env.BIN_OUT }}
-
name : Init
run : |
2022-05-31 17:40:15 +00:00
New-Item -ItemType "directory" -Path "bundles"
2022-08-26 02:09:48 +00:00
If ("${{ inputs.os }}" -eq "windows-2019") {
2022-05-12 11:21:48 +00:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
2022-08-26 02:09:48 +00:00
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
2022-05-12 11:21:48 +00:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
Write-Output "${{ env.BIN_OUT }}" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
-
# removes docker service that is currently installed on the runner. we
# could use Uninstall-Package but not yet available on Windows runners.
# more info: https://github.com/actions/virtual-environments/blob/d3a5bad25f3b4326c5666bab0011ac7f1beec95e/images/win/scripts/Installers/Install-Docker.ps1#L11
name : Removing current daemon
run : |
if (Get-Service docker -ErrorAction SilentlyContinue) {
$dockerVersion = (docker version -f "{{.Server.Version}}")
Write-Host "Current installed Docker version: $dockerVersion"
# remove service
Stop-Service -Force -Name docker
Remove-Service -Name docker
# removes event log entry. we could use "Remove-EventLog -LogName -Source docker"
2022-08-26 02:09:48 +00:00
# but this cmd is not available atm
2022-05-12 11:21:48 +00:00
$ErrorActionPreference = "SilentlyContinue"
& reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\docker" /f 2>&1 | Out-Null
$ErrorActionPreference = "Stop"
Write-Host "Service removed"
}
-
name : Starting containerd
if : matrix.runtime == 'containerd'
run : |
Write-Host "Generating config"
& "${{ env.BIN_OUT }}\containerd.exe" config default | Out-File "$env:TEMP\ctn.toml" -Encoding ascii
Write-Host "Creating service"
New-Item -ItemType Directory "$env:TEMP\ctn-root" -ErrorAction SilentlyContinue | Out-Null
New-Item -ItemType Directory "$env:TEMP\ctn-state" -ErrorAction SilentlyContinue | Out-Null
Start-Process -Wait "${{ env.BIN_OUT }}\containerd.exe" `
-ArgumentList "--log-level=debug", `
"--config=$env:TEMP\ctn.toml" , `
"--address=\\.\pipe\containerd-containerd" , `
"--root=$env:TEMP\ctn-root" , `
"--state=$env:TEMP\ctn-state" , `
"--log-file=$env:TEMP\ctn.log" , `
"--register-service"
Write-Host "Starting service"
Start-Service -Name containerd
Start-Sleep -Seconds 5
Write-Host "Service started successfully!"
-
name : Starting test daemon
run : |
Write-Host "Creating service"
If ("${{ matrix.runtime }}" -eq "containerd") {
$runtimeArg="--containerd=\\.\pipe\containerd-containerd"
echo "DOCKER_WINDOWS_CONTAINERD_RUNTIME=1" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
New-Item -ItemType Directory "$env:TEMP\moby-root" -ErrorAction SilentlyContinue | Out-Null
New-Item -ItemType Directory "$env:TEMP\moby-exec" -ErrorAction SilentlyContinue | Out-Null
Start-Process -Wait -NoNewWindow "${{ env.BIN_OUT }}\dockerd" `
-ArgumentList $runtimeArg, "--debug", `
"--host=npipe:////./pipe/docker_engine" , `
"--data-root=$env:TEMP\moby-root" , `
"--exec-root=$env:TEMP\moby-exec" , `
"--pidfile=$env:TEMP\docker.pid" , `
"--register-service"
Write-Host "Starting service"
Start-Service -Name docker
Write-Host "Service started successfully!"
-
name : Waiting for test daemon to start
run : |
$tries=20
Write-Host "Waiting for the test daemon to start..."
While ($true) {
$ErrorActionPreference = "SilentlyContinue"
& "${{ env.BIN_OUT }}\docker" version
$ErrorActionPreference = "Stop"
If ($LastExitCode -eq 0) {
break
}
$tries--
If ($tries -le 0) {
Throw "Failed to get a response from the daemon"
}
Write-Host -NoNewline "."
Start-Sleep -Seconds 1
}
Write-Host "Test daemon started and replied!"
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Docker info
run : |
& "${{ env.BIN_OUT }}\docker" info
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Building contrib/busybox
run : |
& "${{ env.BIN_OUT }}\docker" build -t busybox `
--build-arg WINDOWS_BASE_IMAGE `
--build-arg WINDOWS_BASE_IMAGE_TAG `
.\contrib\busybox\
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : List images
run : |
& "${{ env.BIN_OUT }}\docker" images
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 20:33:13 +00:00
go-version : ${{ env.GO_VERSION }}
2022-05-12 11:21:48 +00:00
-
2022-06-16 20:47:36 +00:00
name : Test integration
if : matrix.test == './...'
2022-05-12 11:21:48 +00:00
run : |
.\hack\make.ps1 -TestIntegration
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
GO111MODULE : "off"
TEST_CLIENT_BINARY : ${{ env.BIN_OUT }}\docker
-
2022-06-16 20:47:36 +00:00
name : Test integration-cli
if : matrix.test != './...'
2022-05-12 11:21:48 +00:00
run : |
2022-06-06 13:36:12 +00:00
.\hack\make.ps1 -TestIntegrationCli
2022-05-12 11:21:48 +00:00
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
GO111MODULE : "off"
TEST_CLIENT_BINARY : ${{ env.BIN_OUT }}\docker
2022-06-06 13:36:12 +00:00
INTEGRATION_TESTRUN : ${{ matrix.test }}
2022-05-19 19:19:51 +00:00
-
name : Send to Codecov
2022-08-26 02:09:48 +00:00
if : inputs.send_coverage
2022-05-19 19:19:51 +00:00
uses : codecov/codecov-action@v3
with :
working-directory : ${{ env.GOPATH }}\src\github.com\docker\docker
directory : bundles
env_vars : RUNNER_OS
flags : integration,${{ matrix.runtime }}
2022-05-12 11:21:48 +00:00
-
name : Docker info
run : |
& "${{ env.BIN_OUT }}\docker" info
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Stop containerd
if : always() && matrix.runtime == 'containerd'
run : |
$ErrorActionPreference = "SilentlyContinue"
Stop-Service -Force -Name containerd
$ErrorActionPreference = "Stop"
-
name : Containerd logs
if : always() && matrix.runtime == 'containerd'
run : |
2022-05-31 17:40:15 +00:00
Copy-Item "$env:TEMP\ctn.log" -Destination ".\bundles\containerd.log"
2022-05-12 11:21:48 +00:00
Get-Content "$env:TEMP\ctn.log" | Out-Host
-
name : Stop daemon
if : always()
run : |
$ErrorActionPreference = "SilentlyContinue"
Stop-Service -Force -Name docker
$ErrorActionPreference = "Stop"
-
# as the daemon is registered as a service we have to check the event
# logs against the docker provider.
name : Daemon event logs
if : always()
run : |
Get-WinEvent -ea SilentlyContinue `
-FilterHashtable @{ProviderName= "docker"; LogName = "application"} |
Sort-Object @{Expression="TimeCreated";Descending=$false} |
2022-08-23 17:29:00 +00:00
ForEach-Object {"$($_.TimeCreated.ToUniversalTime().ToString("o")) [$($_.LevelDisplayName)] $($_.Message)"} |
Tee-Object -file ".\bundles\daemon.log"
2022-05-31 17:40:15 +00:00
-
name : Upload reports
if : always()
uses : actions/upload-artifact@v3
with :
2022-08-26 02:09:48 +00:00
name : ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
2022-05-31 17:40:15 +00:00
path : ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
2022-06-06 14:11:47 +00:00
integration-test-report :
runs-on : ubuntu-latest
if : always()
needs :
- integration-test
strategy :
fail-fast : false
matrix :
runtime :
- builtin
- containerd
steps :
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 20:33:13 +00:00
go-version : ${{ env.GO_VERSION }}
2022-06-06 14:11:47 +00:00
-
name : Download artifacts
uses : actions/download-artifact@v3
with :
2022-08-26 02:09:48 +00:00
name : ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
2022-06-06 14:11:47 +00:00
path : /tmp/artifacts
-
name : Install teststat
run : |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name : Create summary
run : |
teststat -markdown $(find /tmp/artifacts -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
