2022-08-25 22:09:48 -04:00
# reusable workflow
2022-08-30 07:33:23 -04:00
name : .windows
2022-05-19 15:19:00 -04:00
2022-09-10 09:07:46 -04:00
# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
2022-05-19 15:19:00 -04:00
on :
2022-08-25 22:09:48 -04:00
workflow_call :
inputs :
os :
required : true
type : string
send_coverage :
required : false
type : boolean
default : false
2022-05-19 15:19:00 -04:00
env :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1eadbdd9fadca31c02b6f0aebfbbab4d8c6cf716)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:33:13 -04:00
GO_VERSION : 1.19 .1
2022-06-16 16:47:36 -04:00
GOTESTLIST_VERSION : v0.2.0
2022-06-06 10:11:47 -04:00
TESTSTAT_VERSION : v0.1.3
2022-05-19 15:19:00 -04:00
WINDOWS_BASE_IMAGE : mcr.microsoft.com/windows/servercore
WINDOWS_BASE_TAG_2019 : ltsc2019
WINDOWS_BASE_TAG_2022 : ltsc2022
TEST_IMAGE_NAME : moby:test
TEST_CTN_NAME : moby
DOCKER_BUILDKIT : 0
2022-08-25 22:09:48 -04:00
ITG_CLI_MATRIX_SIZE : 6
2022-05-19 15:19:00 -04:00
jobs :
build :
2022-08-25 22:09:48 -04:00
runs-on : ${{ inputs.os }}
2022-05-19 15:19:00 -04:00
env :
GOPATH : ${{ github.workspace }}\go
GOBIN : ${{ github.workspace }}\go\bin
BIN_OUT : ${{ github.workspace }}\out
defaults :
run :
working-directory : ${{ env.GOPATH }}/src/github.com/docker/docker
steps :
-
name : Checkout
uses : actions/checkout@v3
with :
path : ${{ env.GOPATH }}/src/github.com/docker/docker
-
name : Env
run : |
Get-ChildItem Env : | Out-String
-
name : Init
run : |
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
2022-08-25 22:09:48 -04:00
If ("${{ inputs.os }}" -eq "windows-2019") {
2022-05-19 15:19:00 -04:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
2022-08-25 22:09:48 -04:00
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
2022-05-19 15:19:00 -04:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
-
name : Cache
uses : actions/cache@v3
with :
path : |
~\AppData\Local\go-build
~\go\pkg\mod
${{ github.workspace }}\go-build
${{ env.GOPATH }}\pkg\mod
2022-08-25 22:09:48 -04:00
key : ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
2022-05-19 15:19:00 -04:00
restore-keys : |
2022-08-25 22:09:48 -04:00
${{ inputs.os }}-${{ github.job }}-
2022-05-19 15:19:00 -04:00
-
name : Docker info
run : |
docker info
-
name : Build base image
run : |
docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-
name : Build binaries
run : |
& docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
-v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -Daemon -Client
-
name : Copy artifacts
run : |
New-Item -ItemType "directory" -Path "${{ env.BIN_OUT }}"
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\docker.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\src\github.com\docker\docker\bundles\dockerd.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\gopath\bin\gotestsum.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd.exe" ${{ env.BIN_OUT }}\
docker cp "${{ env.TEST_CTN_NAME }}`:c`:\containerd\bin\containerd-shim-runhcs-v1.exe" ${{ env.BIN_OUT }}\
-
name : Upload artifacts
uses : actions/upload-artifact@v3
with :
2022-08-25 22:09:48 -04:00
name : build-${{ inputs.os }}
2022-05-19 15:19:00 -04:00
path : ${{ env.BIN_OUT }}/*
if-no-files-found : error
retention-days : 2
2022-04-22 16:51:22 -04:00
unit-test :
2022-08-25 22:09:48 -04:00
runs-on : ${{ inputs.os }}
2022-04-22 16:51:22 -04:00
env :
GOPATH : ${{ github.workspace }}\go
GOBIN : ${{ github.workspace }}\go\bin
defaults :
run :
working-directory : ${{ env.GOPATH }}/src/github.com/docker/docker
steps :
-
name : Checkout
uses : actions/checkout@v3
with :
path : ${{ env.GOPATH }}/src/github.com/docker/docker
-
name : Env
run : |
Get-ChildItem Env : | Out-String
-
name : Init
run : |
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go-build"
New-Item -ItemType "directory" -Path "${{ github.workspace }}\go\pkg\mod"
2022-05-19 15:19:51 -04:00
New-Item -ItemType "directory" -Path "bundles"
2022-08-25 22:09:48 -04:00
If ("${{ inputs.os }}" -eq "windows-2019") {
2022-04-22 16:51:22 -04:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
2022-08-25 22:09:48 -04:00
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
2022-04-22 16:51:22 -04:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
-
name : Cache
uses : actions/cache@v3
with :
path : |
~\AppData\Local\go-build
~\go\pkg\mod
${{ github.workspace }}\go-build
${{ env.GOPATH }}\pkg\mod
2022-08-25 22:09:48 -04:00
key : ${{ inputs.os }}-${{ github.job }}-${{ hashFiles('**/vendor.sum') }}
2022-04-22 16:51:22 -04:00
restore-keys : |
2022-08-25 22:09:48 -04:00
${{ inputs.os }}-${{ github.job }}-
2022-04-22 16:51:22 -04:00
-
name : Docker info
run : |
docker info
-
name : Build base image
run : |
docker pull ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }}
docker tag ${{ env.WINDOWS_BASE_IMAGE }}:${{ env.WINDOWS_BASE_IMAGE_TAG }} microsoft/windowsservercore
docker build --build-arg GO_VERSION -t ${{ env.TEST_IMAGE_NAME }} -f Dockerfile.windows .
-
name : Test
run : |
& docker run --name ${{ env.TEST_CTN_NAME }} -e "DOCKER_GITCOMMIT=${{ github.sha }}" `
2022-05-19 15:19:51 -04:00
-v "${{ github.workspace }}\go-build:C:\Users\ContainerAdministrator\AppData\Local\go-build" `
-v "${{ github.workspace }}\go\pkg\mod:C:\gopath\pkg\mod" `
-v "${{ env.GOPATH }}\src\github.com\docker\docker\bundles:C:\gopath\src\github.com\docker\docker\bundles" `
${{ env.TEST_IMAGE_NAME }} hack\make.ps1 -TestUnit
-
name : Send to Codecov
2022-08-25 22:09:48 -04:00
if : inputs.send_coverage
2022-05-19 15:19:51 -04:00
uses : codecov/codecov-action@v3
with :
working-directory : ${{ env.GOPATH }}\src\github.com\docker\docker
directory : bundles
env_vars : RUNNER_OS
flags : unit
-
name : Upload reports
2022-05-31 13:40:15 -04:00
if : always()
2022-05-19 15:19:51 -04:00
uses : actions/upload-artifact@v3
with :
2022-08-25 22:09:48 -04:00
name : ${{ inputs.os }}-unit-reports
2022-05-19 15:19:51 -04:00
path : ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
2022-05-12 07:21:48 -04:00
2022-06-06 10:11:47 -04:00
unit-test-report :
runs-on : ubuntu-latest
if : always()
needs :
- unit-test
steps :
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1eadbdd9fadca31c02b6f0aebfbbab4d8c6cf716)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:33:13 -04:00
go-version : ${{ env.GO_VERSION }}
2022-06-06 10:11:47 -04:00
-
name : Download artifacts
uses : actions/download-artifact@v3
with :
2022-08-25 22:09:48 -04:00
name : ${{ inputs.os }}-unit-reports
2022-06-06 10:11:47 -04:00
path : /tmp/artifacts
-
name : Install teststat
run : |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name : Create summary
run : |
teststat -markdown $(find /tmp/artifacts -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
2022-06-16 16:47:36 -04:00
integration-test-prepare :
runs-on : ubuntu-latest
outputs :
matrix : ${{ steps.tests.outputs.matrix }}
steps :
-
name : Checkout
uses : actions/checkout@v3
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1eadbdd9fadca31c02b6f0aebfbbab4d8c6cf716)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:33:13 -04:00
go-version : ${{ env.GO_VERSION }}
2022-06-16 16:47:36 -04:00
-
name : Install gotestlist
run :
go install github.com/crazy-max/gotestlist/cmd/gotestlist@${{ env.GOTESTLIST_VERSION }}
-
name : Create matrix
id : tests
working-directory : ./integration-cli
run : |
# Distribute integration-cli tests for the matrix in integration-test job.
# Also prepend ./... to the matrix. This is a special case to run "Test integration" step exclusively.
2022-08-25 22:09:48 -04:00
matrix="$(gotestlist -d ${{ env.ITG_CLI_MATRIX_SIZE }} ./...)"
2022-06-16 16:47:36 -04:00
matrix="$(echo "$matrix" | jq -c '. |= ["./..."] + .')"
echo "::set-output name=matrix::$matrix"
-
name : Show matrix
run : |
echo ${{ steps.tests.outputs.matrix }}
2022-05-12 07:21:48 -04:00
integration-test :
2022-08-25 22:09:48 -04:00
runs-on : ${{ inputs.os }}
2022-05-12 07:21:48 -04:00
needs :
- build
2022-06-16 16:47:36 -04:00
- integration-test-prepare
2022-05-12 07:21:48 -04:00
strategy :
fail-fast : false
matrix :
runtime :
- builtin
- containerd
2022-06-16 16:47:36 -04:00
test : ${{ fromJson(needs.integration-test-prepare.outputs.matrix) }}
2022-05-12 07:21:48 -04:00
env :
GOPATH : ${{ github.workspace }}\go
GOBIN : ${{ github.workspace }}\go\bin
BIN_OUT : ${{ github.workspace }}\out
defaults :
run :
working-directory : ${{ env.GOPATH }}/src/github.com/docker/docker
steps :
-
name : Checkout
uses : actions/checkout@v3
with :
path : ${{ env.GOPATH }}/src/github.com/docker/docker
-
name : Env
run : |
Get-ChildItem Env : | Out-String
-
name : Download artifacts
uses : actions/download-artifact@v3
with :
2022-08-25 22:09:48 -04:00
name : build-${{ inputs.os }}
2022-05-12 07:21:48 -04:00
path : ${{ env.BIN_OUT }}
-
name : Init
run : |
2022-05-31 13:40:15 -04:00
New-Item -ItemType "directory" -Path "bundles"
2022-08-25 22:09:48 -04:00
If ("${{ inputs.os }}" -eq "windows-2019") {
2022-05-12 07:21:48 -04:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2019 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
2022-08-25 22:09:48 -04:00
} ElseIf ("${{ inputs.os }}" -eq "windows-2022") {
2022-05-12 07:21:48 -04:00
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
Write-Output "${{ env.BIN_OUT }}" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
-
# removes docker service that is currently installed on the runner. we
# could use Uninstall-Package but not yet available on Windows runners.
# more info: https://github.com/actions/virtual-environments/blob/d3a5bad25f3b4326c5666bab0011ac7f1beec95e/images/win/scripts/Installers/Install-Docker.ps1#L11
name : Removing current daemon
run : |
if (Get-Service docker -ErrorAction SilentlyContinue) {
$dockerVersion = (docker version -f "{{.Server.Version}}")
Write-Host "Current installed Docker version: $dockerVersion"
# remove service
Stop-Service -Force -Name docker
Remove-Service -Name docker
# removes event log entry. we could use "Remove-EventLog -LogName -Source docker"
2022-08-25 22:09:48 -04:00
# but this cmd is not available atm
2022-05-12 07:21:48 -04:00
$ErrorActionPreference = "SilentlyContinue"
& reg delete "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\docker" /f 2>&1 | Out-Null
$ErrorActionPreference = "Stop"
Write-Host "Service removed"
}
-
name : Starting containerd
if : matrix.runtime == 'containerd'
run : |
Write-Host "Generating config"
& "${{ env.BIN_OUT }}\containerd.exe" config default | Out-File "$env:TEMP\ctn.toml" -Encoding ascii
Write-Host "Creating service"
New-Item -ItemType Directory "$env:TEMP\ctn-root" -ErrorAction SilentlyContinue | Out-Null
New-Item -ItemType Directory "$env:TEMP\ctn-state" -ErrorAction SilentlyContinue | Out-Null
Start-Process -Wait "${{ env.BIN_OUT }}\containerd.exe" `
-ArgumentList "--log-level=debug", `
"--config=$env:TEMP\ctn.toml" , `
"--address=\\.\pipe\containerd-containerd" , `
"--root=$env:TEMP\ctn-root" , `
"--state=$env:TEMP\ctn-state" , `
"--log-file=$env:TEMP\ctn.log" , `
"--register-service"
Write-Host "Starting service"
Start-Service -Name containerd
Start-Sleep -Seconds 5
Write-Host "Service started successfully!"
-
name : Starting test daemon
run : |
Write-Host "Creating service"
If ("${{ matrix.runtime }}" -eq "containerd") {
$runtimeArg="--containerd=\\.\pipe\containerd-containerd"
echo "DOCKER_WINDOWS_CONTAINERD_RUNTIME=1" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
}
New-Item -ItemType Directory "$env:TEMP\moby-root" -ErrorAction SilentlyContinue | Out-Null
New-Item -ItemType Directory "$env:TEMP\moby-exec" -ErrorAction SilentlyContinue | Out-Null
Start-Process -Wait -NoNewWindow "${{ env.BIN_OUT }}\dockerd" `
-ArgumentList $runtimeArg, "--debug", `
"--host=npipe:////./pipe/docker_engine" , `
"--data-root=$env:TEMP\moby-root" , `
"--exec-root=$env:TEMP\moby-exec" , `
"--pidfile=$env:TEMP\docker.pid" , `
"--register-service"
Write-Host "Starting service"
Start-Service -Name docker
Write-Host "Service started successfully!"
-
name : Waiting for test daemon to start
run : |
$tries=20
Write-Host "Waiting for the test daemon to start..."
While ($true) {
$ErrorActionPreference = "SilentlyContinue"
& "${{ env.BIN_OUT }}\docker" version
$ErrorActionPreference = "Stop"
If ($LastExitCode -eq 0) {
break
}
$tries--
If ($tries -le 0) {
Throw "Failed to get a response from the daemon"
}
Write-Host -NoNewline "."
Start-Sleep -Seconds 1
}
Write-Host "Test daemon started and replied!"
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Docker info
run : |
& "${{ env.BIN_OUT }}\docker" info
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Building contrib/busybox
run : |
& "${{ env.BIN_OUT }}\docker" build -t busybox `
--build-arg WINDOWS_BASE_IMAGE `
--build-arg WINDOWS_BASE_IMAGE_TAG `
.\contrib\busybox\
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : List images
run : |
& "${{ env.BIN_OUT }}\docker" images
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1eadbdd9fadca31c02b6f0aebfbbab4d8c6cf716)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:33:13 -04:00
go-version : ${{ env.GO_VERSION }}
2022-05-12 07:21:48 -04:00
-
2022-06-16 16:47:36 -04:00
name : Test integration
if : matrix.test == './...'
2022-05-12 07:21:48 -04:00
run : |
.\hack\make.ps1 -TestIntegration
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
GO111MODULE : "off"
TEST_CLIENT_BINARY : ${{ env.BIN_OUT }}\docker
-
2022-06-16 16:47:36 -04:00
name : Test integration-cli
if : matrix.test != './...'
2022-05-12 07:21:48 -04:00
run : |
2022-06-06 09:36:12 -04:00
.\hack\make.ps1 -TestIntegrationCli
2022-05-12 07:21:48 -04:00
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
GO111MODULE : "off"
TEST_CLIENT_BINARY : ${{ env.BIN_OUT }}\docker
2022-06-06 09:36:12 -04:00
INTEGRATION_TESTRUN : ${{ matrix.test }}
2022-05-19 15:19:51 -04:00
-
name : Send to Codecov
2022-08-25 22:09:48 -04:00
if : inputs.send_coverage
2022-05-19 15:19:51 -04:00
uses : codecov/codecov-action@v3
with :
working-directory : ${{ env.GOPATH }}\src\github.com\docker\docker
directory : bundles
env_vars : RUNNER_OS
flags : integration,${{ matrix.runtime }}
2022-05-12 07:21:48 -04:00
-
name : Docker info
run : |
& "${{ env.BIN_OUT }}\docker" info
env :
DOCKER_HOST : npipe:////./pipe/docker_engine
-
name : Stop containerd
if : always() && matrix.runtime == 'containerd'
run : |
$ErrorActionPreference = "SilentlyContinue"
Stop-Service -Force -Name containerd
$ErrorActionPreference = "Stop"
-
name : Containerd logs
if : always() && matrix.runtime == 'containerd'
run : |
2022-05-31 13:40:15 -04:00
Copy-Item "$env:TEMP\ctn.log" -Destination ".\bundles\containerd.log"
2022-05-12 07:21:48 -04:00
Get-Content "$env:TEMP\ctn.log" | Out-Host
-
name : Stop daemon
if : always()
run : |
$ErrorActionPreference = "SilentlyContinue"
Stop-Service -Force -Name docker
$ErrorActionPreference = "Stop"
-
# as the daemon is registered as a service we have to check the event
# logs against the docker provider.
name : Daemon event logs
if : always()
run : |
Get-WinEvent -ea SilentlyContinue `
-FilterHashtable @{ProviderName= "docker"; LogName = "application"} |
Select-Object -Property TimeCreated, @{N='Detailed Message'; E={$_.Message}} |
Sort-Object @{Expression="TimeCreated";Descending=$false} |
2022-05-31 13:40:15 -04:00
Select-Object -ExpandProperty 'Detailed Message' | Tee-Object -file ".\bundles\daemon.log"
-
name : Upload reports
if : always()
uses : actions/upload-artifact@v3
with :
2022-08-25 22:09:48 -04:00
name : ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
2022-05-31 13:40:15 -04:00
path : ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
2022-06-06 10:11:47 -04:00
integration-test-report :
runs-on : ubuntu-latest
if : always()
needs :
- integration-test
strategy :
fail-fast : false
matrix :
runtime :
- builtin
- containerd
steps :
-
name : Set up Go
uses : actions/setup-go@v3
with :
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1eadbdd9fadca31c02b6f0aebfbbab4d8c6cf716)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:33:13 -04:00
go-version : ${{ env.GO_VERSION }}
2022-06-06 10:11:47 -04:00
-
name : Download artifacts
uses : actions/download-artifact@v3
with :
2022-08-25 22:09:48 -04:00
name : ${{ inputs.os }}-integration-reports-${{ matrix.runtime }}
2022-06-06 10:11:47 -04:00
path : /tmp/artifacts
-
name : Install teststat
run : |
go install github.com/vearutop/teststat@${{ env.TESTSTAT_VERSION }}
-
name : Create summary
run : |
teststat -markdown $(find /tmp/artifacts -type f -name '*.json' -print0 | xargs -0) >> $GITHUB_STEP_SUMMARY
