don't pin chainguard-dev/actions (#2025)

* don't pin chainguard-dev/actions

Signed-off-by: Jason Hall <[email protected]>

* these too

Signed-off-by: Jason Hall <[email protected]>

* Update style.yaml

* update go versions

Signed-off-by: Jason Hall <[email protected]>

* use latest go everywhere

Signed-off-by: Jason Hall <[email protected]>

---------

Signed-off-by: Jason Hall <[email protected]>

.github/workflows/boilerplate.yaml

@@ -27,7 +27,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v4
 
-      - uses: chainguard-dev/actions/boilerplate@5e21cb47971231c078a677dfe89a348371cb880c # main
+      - uses: chainguard-dev/actions/boilerplate@main
         with:
           extension: ${{ matrix.extension }}
           language: ${{ matrix.language }}

.github/workflows/build.yaml

@@ -10,16 +10,11 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
 
-    strategy:
-      matrix:
-        go-version: [1.19, 1.20]
-
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
+          go-version-file: go.mod
 
       - run: |
           go build ./...

.github/workflows/bump-deps.yaml

@@ -21,8 +21,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: 1.19
-        check-latest: true
+        go-version-file: go.mod
 
     - run: ./hack/bump-deps.sh
     - name: Create Pull Request

.github/workflows/donotsubmit.yaml

@@ -12,4 +12,4 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    - uses: chainguard-dev/actions/donotsubmit@5e21cb47971231c078a677dfe89a348371cb880c # main
+    - uses: chainguard-dev/actions/donotsubmit@main

.github/workflows/e2e.yaml

@@ -19,8 +19,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-go@v5
       with:
-        go-version: 1.19
-        check-latest: true
+        go-version-file: go.mod
 
     - name: crane append to an image, set the entrypoint, run it locally, roundtrip it
       shell: bash
@@ -29,6 +28,7 @@ jobs:
 
         # Setup local registry
         go run ./cmd/registry &
+        sleep 3
 
         base=alpine
         platform=linux/amd64
@@ -82,13 +82,13 @@ jobs:
         ./app/crane pull --platform=linux/arm64 --format=oci $remote $distroless
         ./app/crane push $distroless $local
         diff <(./app/crane manifest --platform linux/arm64 $remote) <(./app/crane manifest $local)
-                
+
     - name: crane pull image, and export it from stdin to filesystem tar to stdout
       shell: bash
       run: |
         set -euxo pipefail
-        
+
         ./app/crane pull ubuntu ubuntu.tar
         ./app/crane export - - < ubuntu.tar > filesystem.tar
         ls -la *.tar
-        
+

.github/workflows/ecr-auth.yaml

@@ -21,8 +21,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-          check-latest: true
+          go-version-file: go.mod
 
       - name: Install krane
         working-directory: ./cmd/krane
@@ -61,8 +60,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-          check-latest: true
+          go-version-file: go.mod
 
       - name: Install crane
         working-directory: ./cmd/crane

.github/workflows/ghcr-auth.yaml

@@ -17,8 +17,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-          check-latest: true
+          go-version-file: go.mod
 
       - name: Install krane
         working-directory: ./cmd/krane
@@ -44,4 +43,4 @@ jobs:
           if [[ "$CRED1" == "$CRED2" ]] ; then
             echo "credentials are cached by infrastructure"
           fi
-          
+

.github/workflows/presubmit.yaml

@@ -29,6 +29,5 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-          check-latest: true
+          go-version-file: go.mod
       - run: ./hack/presubmit.sh

.github/workflows/style.yaml

@@ -10,12 +10,11 @@ jobs:
     name: check goimports
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-          check-latest: true
-      - uses: actions/checkout@v4
-      - uses: chainguard-dev/actions/goimports@5e21cb47971231c078a677dfe89a348371cb880c # main
+          go-version-file: go.mod
+      - uses: chainguard-dev/actions/goimports@main
 
   lint:
     name: Lint
@@ -25,12 +24,11 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-          check-latest: true
+          go-version-file: go.mod
 
       - uses: golangci/[email protected]
         with:
-          version: v1.51.2
+          version: v1.61.0
 
       - uses: reviewdog/action-misspell@v1
         if: ${{ always() }}
@@ -40,10 +38,10 @@ jobs:
           locale: "US"
           exclude: ./vendor/*
 
-      - uses: chainguard-dev/actions/trailing-space@5e21cb47971231c078a677dfe89a348371cb880c # main
+      - uses: chainguard-dev/actions/trailing-space@main
         if: ${{ always() }}
 
-      - uses: chainguard-dev/actions/eof-newline@5e21cb47971231c078a677dfe89a348371cb880c # main
+      - uses: chainguard-dev/actions/eof-newline@main
         if: ${{ always() }}
 
       - uses: get-woke/woke-action-reviewdog@v0

.github/workflows/test.yaml

@@ -7,21 +7,14 @@ on:
     branches: ['main']
 
 jobs:
-
   test:
-    strategy:
-      matrix:
-        go-version: [1.19, '1.20']
-
     name: Unit Tests
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: ${{ matrix.go-version }}
-          check-latest: true
+          go-version-file: go.mod
 
       - run: go test -coverprofile=coverage.txt -covermode=atomic -race ./...
 

.golangci.yaml

@@ -1,11 +1,10 @@
 run:
   timeout: 5m
 
-  skip-dirs:
+issues:
+  exclude-dirs:
     - internal
     - pkg/registry
-
-issues:
   exclude-rules:
     - path: test # Excludes /test, *_test.go etc.
       linters:
@@ -35,6 +34,8 @@ linters:
 
 linters-settings:
   depguard:
-    include-go-root: true
-    packages-with-error-message:
-    - crypto/sha256: "use crypto.SHA256 instead"
+    rules:
+      main:
+        deny:
+          - pkg: "crypto/sha256"
+            desc: use crypto.SHA256 instead

cmd/crane/cmd/append.go

@@ -45,7 +45,7 @@ If the base image is a Windows base image (i.e., its config.OS is "windows"),
 the contents of the tarballs will be modified to be suitable for a Windows
 container image.`,
 		Args: cobra.NoArgs,
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			var base v1.Image
 			var err error
 

cmd/crane/cmd/auth.go

@@ -211,7 +211,7 @@ func NewCmdAuthLogin(argv ...string) *cobra.Command {
 		Short:   "Log in to a registry",
 		Example: eg,
 		Args:    cobra.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, args []string) error {
 			reg, err := name.NewRegistry(args[0])
 			if err != nil {
 				return err
@@ -285,7 +285,7 @@ func NewCmdAuthLogout(argv ...string) *cobra.Command {
 		Short:   "Log out of a registry",
 		Example: eg,
 		Args:    cobra.ExactArgs(1),
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(_ *cobra.Command, args []string) error {
 			reg, err := name.NewRegistry(args[0])
 			if err != nil {
 				return err

cmd/crane/cmd/root.go

@@ -56,7 +56,7 @@ func New(use, short string, options []crane.Option) *cobra.Command {
 		RunE:              func(cmd *cobra.Command, _ []string) error { return cmd.Usage() },
 		DisableAutoGenTag: true,
 		SilenceUsage:      true,
-		PersistentPreRun: func(cmd *cobra.Command, args []string) {
+		PersistentPreRun: func(cmd *cobra.Command, _ []string) {
 			options = append(options, crane.WithContext(cmd.Context()))
 			// TODO(jonjohnsonjr): crane.Verbose option?
 			if verbose {

cmd/crane/cmd/validate.go

@@ -33,8 +33,8 @@ func NewCmdValidate(options *[]crane.Option) *cobra.Command {
 	validateCmd := &cobra.Command{
 		Use:   "validate",
 		Short: "Validate that an image is well-formed",
-		Args:  cobra.ExactArgs(0),
-		RunE: func(cmd *cobra.Command, args []string) error {
+		Args:  cobra.NoArgs,
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			if tarballPath != "" {
 				img, err := tarball.ImageFromPath(tarballPath, nil)
 				if err != nil {

cmd/krane/go.mod

@@ -1,6 +1,6 @@
 module github.com/google/go-containerregistry/cmd/krane
 
-go 1.18
+go 1.23.0
 
 replace github.com/google/go-containerregistry => ../../
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/google/go-containerregistry
 
-go 1.18
+go 1.23.0
 
 require (
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3

hack/presubmit.sh

@@ -26,7 +26,7 @@ export PATH="${PATH}:${TMP_DIR}/bin"
 export GOPATH="${TMP_DIR}"
 pushd ${TMP_DIR}
 trap popd EXIT
-go install honnef.co/go/tools/cmd/staticcheck@v0.3.3
+go install honnef.co/go/tools/cmd/staticcheck@latest
 popd
 
 pushd ${PROJECT_ROOT}

pkg/authn/k8schain/go.mod

@@ -1,6 +1,6 @@
 module github.com/google/go-containerregistry/pkg/authn/k8schain
 
-go 1.18
+go 1.23.0
 
 replace (
 	github.com/google/go-containerregistry => ../../../