From e7fdae35d226b862382a58316816839ae6aeb7ee Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Mon, 25 May 2026 10:00:58 +0800 Subject: [PATCH 1/5] update deps --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 0751c0e6..6b061eb8 100644 --- a/go.mod +++ b/go.mod @@ -17,10 +17,10 @@ require ( github.com/prometheus/client_golang v1.23.2 github.com/testcontainers/testcontainers-go v0.41.0 github.com/testcontainers/testcontainers-go/modules/postgres v0.41.0 - golang.org/x/crypto v0.49.0 - golang.org/x/image v0.37.0 - golang.org/x/term v0.41.0 - golang.org/x/text v0.35.0 + golang.org/x/crypto v0.51.0 + golang.org/x/image v0.41.0 + golang.org/x/term v0.43.0 + golang.org/x/text v0.37.0 gopkg.in/yaml.v3 v3.0.1 // Application code uses v3; Prometheus uses v2 (go.yaml.in/yaml/v2) internally - both versions coexist safely gorm.io/driver/postgres v1.6.0 gorm.io/gorm v1.31.1 @@ -90,7 +90,7 @@ require ( go.opentelemetry.io/otel/trace v1.42.0 // indirect go.yaml.in/yaml/v2 v2.4.4 // indirect; Required by prometheus/client_golang; no type conflicts with our gopkg.in/yaml.v3 usage golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.42.0 // indirect + golang.org/x/sys v0.45.0 // indirect golang.org/x/time v0.15.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c // indirect @@ -104,5 +104,5 @@ require ( github.com/xyproto/randomstring v1.2.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 // indirect go.opentelemetry.io/proto/otlp v1.10.0 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/net v0.55.0 // indirect ) diff --git a/go.sum b/go.sum index c26fb4f3..42c623ca 100644 --- a/go.sum +++ b/go.sum @@ -202,24 +202,24 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= -golang.org/x/image v0.37.0 h1:ZiRjArKI8GwxZOoEtUfhrBtaCN+4b/7709dlT6SSnQA= -golang.org/x/image v0.37.0/go.mod h1:/3f6vaXC+6CEanU4KJxbcUZyEePbyKbaLoDOe4ehFYY= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= +golang.org/x/image v0.41.0 h1:8wS72eGJMJaBxK6okTzd4WaXumUlTVlb753MlsSvTCo= +golang.org/x/image v0.41.0/go.mod h1:uIc348UZMSvS5Z65CVZ7iDPaNobNFEPeJ4kbqTOszmA= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= +golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c h1:OyQPd6I3pN/9gDxz6L13kYGJgqkpdrAohJRBeXyxlgI= From f879793cc114c069f17e2e184fbe84b5e3baf71b Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Mon, 25 May 2026 10:31:19 +0800 Subject: [PATCH 2/5] update deps --- .github/workflows/base-images.yml | 4 +- .github/workflows/deploy.yml | 4 +- .github/workflows/gofmt.yml | 8 +- .github/workflows/tests.yml | 6 +- database/connection_test.go | 2 +- database/seeder/importer/runner_test.go | 2 +- database/seeder/seeds/seeder_test.go | 2 +- docker-compose.yml | 24 ++-- go.mod | 54 ++++----- go.sum | 116 ++++++++------------ infra/docker/base-images/Dockerfile.builder | 4 +- infra/docker/base-images/Dockerfile.runtime | 2 +- infra/docker/dockerfile-api | 4 +- infra/makefile/app.mk | 2 +- infra/makefile/build.mk | 6 +- infra/metrics/README.md | 8 +- internal/testutil/dbtest/helpers.go | 2 +- metal/cli/clitest/helpers.go | 2 +- pkg/endpoint/scope_api_error.go | 30 ++--- 19 files changed, 129 insertions(+), 153 deletions(-) diff --git a/.github/workflows/base-images.yml b/.github/workflows/base-images.yml index af61127b..1ee58710 100644 --- a/.github/workflows/base-images.yml +++ b/.github/workflows/base-images.yml @@ -12,10 +12,10 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker with Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: driver: docker diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d30f2172..5e9e689f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -28,14 +28,14 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set Image Tag id: set-tag run: echo "IMAGE_TAG=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT - name: Set up Docker with Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: driver: docker diff --git a/.github/workflows/gofmt.yml b/.github/workflows/gofmt.yml index b035e0ee..77620289 100644 --- a/.github/workflows/gofmt.yml +++ b/.github/workflows/gofmt.yml @@ -14,18 +14,18 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go-version: [1.26.1] + go-version: [1.26.3] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name || github.repository }} ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }} fetch-depth: 0 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} @@ -34,7 +34,7 @@ jobs: - name: Commit Formatting Changes if: github.event.pull_request.head.repo.full_name == github.repository - uses: stefanzweifel/git-auto-commit-action@v6.0.1 + uses: stefanzweifel/git-auto-commit-action@v7.1.0 with: commit_message: apply coding style fixes commit_options: '--no-verify' diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9bf9f8dc..a62d9b2b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,14 +11,14 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go-version: [1.26.1] + go-version: [1.26.3] steps: - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Cache Go modules uses: actions/cache@v4 diff --git a/database/connection_test.go b/database/connection_test.go index 14186f8b..496b2a08 100644 --- a/database/connection_test.go +++ b/database/connection_test.go @@ -62,7 +62,7 @@ func setupPostgresConnection(t *testing.T, models ...interface{}) (*database.Con UserName: "test", UserPassword: "secret", DatabaseName: "testdb", - Port: port.Int(), + Port: int(port.Num()), Host: host, DriverName: database.DriverName, SSLMode: "disable", diff --git a/database/seeder/importer/runner_test.go b/database/seeder/importer/runner_test.go index 819cc721..7a96ef4a 100644 --- a/database/seeder/importer/runner_test.go +++ b/database/seeder/importer/runner_test.go @@ -738,7 +738,7 @@ func setupPostgresConnection(t *testing.T) (*database.Connection, *env.Environme UserName: "test", UserPassword: "secret", DatabaseName: "testdb", - Port: port.Int(), + Port: int(port.Num()), Host: host, DriverName: database.DriverName, SSLMode: "disable", diff --git a/database/seeder/seeds/seeder_test.go b/database/seeder/seeds/seeder_test.go index 9bac900b..01cba14b 100644 --- a/database/seeder/seeds/seeder_test.go +++ b/database/seeder/seeds/seeder_test.go @@ -55,7 +55,7 @@ func testConnection(t *testing.T, e *env.Environment) *database.Connection { UserName: "test", UserPassword: "secret", DatabaseName: "testdb", - Port: port.Int(), + Port: int(port.Num()), Host: host, DriverName: database.DriverName, SSLMode: "disable", diff --git a/docker-compose.yml b/docker-compose.yml index 92091a37..6951a8dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -108,7 +108,7 @@ services: - caddy_net prometheus: - image: prom/prometheus:v3.8.1@sha256:2b6f734e372c1b4717008f7d0a0152316aedd4d13ae17ef1e3268dbfaf68041b + image: prom/prometheus:v3.11.3@sha256:e4254400b85610324913f0dc4acf92603d9984e7519414c5a12811aa6146acc3 profiles: ["prod"] container_name: oullin_prometheus restart: unless-stopped @@ -147,7 +147,7 @@ services: memory: 256M prometheus_local: - image: prom/prometheus:v3.8.1@sha256:2b6f734e372c1b4717008f7d0a0152316aedd4d13ae17ef1e3268dbfaf68041b + image: prom/prometheus:v3.11.3@sha256:e4254400b85610324913f0dc4acf92603d9984e7519414c5a12811aa6146acc3 profiles: ["local"] container_name: oullin_prometheus_local restart: unless-stopped @@ -186,7 +186,7 @@ services: memory: 256M postgres_exporter: - image: prometheuscommunity/postgres-exporter:v0.18.0@sha256:3a9be51b73ac4f007cec8a36d824253c0607d065196072b61d8808714d7e8044 + image: prometheuscommunity/postgres-exporter:v0.19.1@sha256:e96064f876226d94bb6ce48a4c4b3dd76edba91168ec1ab024e5c4b959310b0f profiles: ["prod"] container_name: oullin_postgres_exporter restart: unless-stopped @@ -221,7 +221,7 @@ services: memory: 32M postgres_exporter_local: - image: prometheuscommunity/postgres-exporter:v0.18.0@sha256:3a9be51b73ac4f007cec8a36d824253c0607d065196072b61d8808714d7e8044 + image: prometheuscommunity/postgres-exporter:v0.19.1@sha256:e96064f876226d94bb6ce48a4c4b3dd76edba91168ec1ab024e5c4b959310b0f profiles: ["local"] container_name: oullin_postgres_exporter_local restart: unless-stopped @@ -256,7 +256,7 @@ services: memory: 32M grafana: - image: grafana/grafana:12.3.1@sha256:2175aaa91c96733d86d31cf270d5310b278654b03f5718c59de12a865380a31f + image: grafana/grafana:13.0.1-security-01@sha256:2d1f9ae67c1778d33e291d4c3c759cd8b650e67491f02533499eb950e075eeb5 profiles: ["prod"] container_name: oullin_grafana restart: unless-stopped @@ -295,7 +295,7 @@ services: memory: 128M grafana_local: - image: grafana/grafana:12.3.1@sha256:2175aaa91c96733d86d31cf270d5310b278654b03f5718c59de12a865380a31f + image: grafana/grafana:13.0.1-security-01@sha256:2d1f9ae67c1778d33e291d4c3c759cd8b650e67491f02533499eb950e075eeb5 profiles: ["local"] container_name: oullin_grafana_local restart: unless-stopped @@ -344,7 +344,7 @@ services: dockerfile: ./infra/docker/dockerfile-api target: builder args: - - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.1-alpine3.23-r3} + - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.3-alpine3.23-r3} volumes: - .:/app - go_mod_cache:/go/pkg/mod @@ -357,7 +357,7 @@ services: GOPATH: /go GOMODCACHE: /go/pkg/mod GOCACHE: /tmp/go-build - GOTOOLCHAIN: ${GO_LOCAL_TOOLCHAIN:-go1.26.1} + GOTOOLCHAIN: ${GO_LOCAL_TOOLCHAIN:-go1.26.3} ENV_DB_HOST: api-db ENV_SPA_DIR: ${ENV_SPA_DIR} ENV_DB_PORT: ${ENV_DB_PORT:-5432} @@ -386,7 +386,7 @@ services: - ${API_LOGS_PATH:-./storage/logs/api}:/app/storage/logs environment: CGO_ENABLED: 1 - GOTOOLCHAIN: ${GO_LOCAL_TOOLCHAIN:-go1.26.1} + GOTOOLCHAIN: ${GO_LOCAL_TOOLCHAIN:-go1.26.3} # --- This ensures the Go web server listens for connections from other # containers (like Caddy), not just from within itself. ENV_APP_LOGS_DIR: /app/storage/logs/logs_%s.log @@ -396,7 +396,7 @@ services: context: . dockerfile: ./infra/docker/dockerfile-api args: - - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.1-alpine3.23-r3} + - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.3-alpine3.23-r3} - APP_VERSION=0.0.0.1 - APP_HOST_PORT=${ENV_HTTP_PORT} - APP_USER=${ENV_DOCKER_USER} @@ -461,10 +461,10 @@ services: # Ensure the database always restarts on server reboot or crash. restart: always - # Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + # Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure # consistent checksum behaviour (initdb enables checksums by default in PG 18). # This matches the version used in test environments for consistency. - image: postgres:18.1-alpine@sha256:6723ec6d445fe51c6d097b9248f8a4b793255853524839fca1b2d69a435b6072 + image: postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88 container_name: oullin_db env_file: diff --git a/go.mod b/go.mod index 6b061eb8..b2e6c50a 100644 --- a/go.mod +++ b/go.mod @@ -1,23 +1,23 @@ module github.com/oullin -go 1.26.1 +go 1.26.3 require ( github.com/DATA-DOG/go-sqlmock v1.5.2 - github.com/andybalholm/brotli v1.2.0 + github.com/andybalholm/brotli v1.2.1 github.com/chai2010/webp v1.4.0 github.com/felixge/httpsnoop v1.0.4 github.com/gen2brain/avif v0.4.4 - github.com/getsentry/sentry-go v0.43.0 - github.com/go-playground/validator/v10 v10.30.1 + github.com/getsentry/sentry-go v0.46.2 + github.com/go-playground/validator/v10 v10.30.2 github.com/google/uuid v1.6.0 github.com/joho/godotenv v1.5.1 - github.com/klauspost/compress v1.18.4 - github.com/lib/pq v1.11.2 + github.com/klauspost/compress v1.18.6 + github.com/lib/pq v1.12.3 github.com/prometheus/client_golang v1.23.2 - github.com/testcontainers/testcontainers-go v0.41.0 - github.com/testcontainers/testcontainers-go/modules/postgres v0.41.0 - golang.org/x/crypto v0.51.0 + github.com/testcontainers/testcontainers-go v0.42.0 + github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0 + golang.org/x/crypto v0.52.0 golang.org/x/image v0.41.0 golang.org/x/term v0.43.0 golang.org/x/text v0.37.0 @@ -40,8 +40,7 @@ require ( github.com/cpuguy83/dockercfg v0.3.2 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/docker v28.5.2+incompatible // indirect - github.com/docker/go-connections v0.6.0 // indirect + github.com/docker/go-connections v0.7.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/ebitengine/purego v0.10.0 // indirect github.com/gabriel-vasile/mimetype v1.4.13 // indirect @@ -52,57 +51,50 @@ require ( github.com/go-playground/universal-translator v0.18.1 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect - github.com/jackc/pgx/v5 v5.8.0 // indirect + github.com/jackc/pgx/v5 v5.9.2 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect github.com/leodido/go-urn v1.4.0 // indirect - github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 // indirect + github.com/lufia/plan9stats v0.0.0-20260330125221-c963978e514e // indirect github.com/magiconair/properties v1.8.10 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/go-archive v0.2.0 // indirect - github.com/moby/patternmatcher v0.6.0 // indirect + github.com/moby/patternmatcher v0.6.1 // indirect github.com/moby/sys/sequential v0.6.0 // indirect github.com/moby/sys/user v0.4.0 // indirect github.com/moby/sys/userns v0.1.0 // indirect github.com/moby/term v0.5.2 // indirect - github.com/morikuni/aec v1.1.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect - github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/common v0.67.5 // indirect github.com/prometheus/procfs v0.20.1 // indirect - github.com/shirou/gopsutil/v4 v4.26.2 // indirect + github.com/shirou/gopsutil/v4 v4.26.4 // indirect github.com/sirupsen/logrus v1.9.4 // indirect github.com/stretchr/testify v1.11.1 // indirect github.com/tetratelabs/wazero v1.11.0 // indirect - github.com/tklauser/go-sysconf v0.3.16 // indirect - github.com/tklauser/numcpus v0.11.0 // indirect + github.com/tklauser/go-sysconf v0.4.0 // indirect + github.com/tklauser/numcpus v0.12.0 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect - go.opentelemetry.io/otel v1.42.0 // indirect - go.opentelemetry.io/otel/metric v1.42.0 // indirect - go.opentelemetry.io/otel/trace v1.42.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect + go.opentelemetry.io/otel v1.43.0 // indirect + go.opentelemetry.io/otel/metric v1.43.0 // indirect + go.opentelemetry.io/otel/trace v1.43.0 // indirect go.yaml.in/yaml/v2 v2.4.4 // indirect; Required by prometheus/client_golang; no type conflicts with our gopkg.in/yaml.v3 usage golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.45.0 // indirect - golang.org/x/time v0.15.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c // indirect google.golang.org/protobuf v1.36.11 // indirect ) require ( - github.com/creack/pty v1.1.24 // indirect github.com/go-errors/errors v1.5.1 // indirect - github.com/stretchr/objx v0.5.3 // indirect + github.com/moby/moby/api v1.54.2 // indirect + github.com/moby/moby/client v0.4.1 // indirect github.com/xyproto/randomstring v1.2.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 // indirect - go.opentelemetry.io/proto/otlp v1.10.0 // indirect - golang.org/x/net v0.55.0 // indirect + pgregory.net/rapid v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 42c623ca..2ad6c3ea 100644 --- a/go.sum +++ b/go.sum @@ -8,14 +8,12 @@ github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7Oputl github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ= -github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY= +github.com/andybalholm/brotli v1.2.1 h1:R+f5xP285VArJDRgowrfb9DqL18yVK0gKAW/F+eTWro= +github.com/andybalholm/brotli v1.2.1/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= -github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/webp v1.4.0 h1:6DA2pkkRUPnbOHvvsmGI3He1hBKf/bkRlniAiSGuEko= @@ -37,10 +35,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM= -github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= -github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= +github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c= +github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU= @@ -51,8 +47,8 @@ github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9 github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s= github.com/gen2brain/avif v0.4.4 h1:Ga/ss7qcWWQm2bxFpnjYjhJsNfZrWs5RsyklgFjKRSE= github.com/gen2brain/avif v0.4.4/go.mod h1:/XCaJcjZraQwKVhpu9aEd9aLOssYOawLvhMBtmHVGqk= -github.com/getsentry/sentry-go v0.43.0 h1:XbXLpFicpo8HmBDaInk7dum18G9KSLcjZiyUKS+hLW4= -github.com/getsentry/sentry-go v0.43.0/go.mod h1:XDotiNZbgf5U8bPDUAfvcFmOnMQQceESxyKaObSssW0= +github.com/getsentry/sentry-go v0.46.2 h1:1jhYwrKGa3sIpo/y5iDNXS5wDoT7I1KNzMHrnK6ojns= +github.com/getsentry/sentry-go v0.46.2/go.mod h1:evVbw2qotNUdYG8KxXbAdjOQWWvWIwKxpjdZZIvcIPw= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -69,20 +65,18 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w= -github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM= +github.com/go-playground/validator/v10 v10.30.2 h1:JiFIMtSSHb2/XBUbWM4i/MpeQm9ZK2xqPNk8vgvu5JQ= +github.com/go-playground/validator/v10 v10.30.2/go.mod h1:mAf2pIOVXjTEBrwUMGKkCWKKPs9NheYGabeB04txQSc= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo= -github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw= +github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw= +github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= @@ -92,8 +86,8 @@ github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE= -github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c= -github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao= +github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -102,10 +96,10 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= -github.com/lib/pq v1.11.2 h1:x6gxUeu39V0BHZiugWe8LXZYZ+Utk7hSJGThs8sdzfs= -github.com/lib/pq v1.11.2/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA= -github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88 h1:PTw+yKnXcOFCR6+8hHTyWBeQ/P4Nb7dd4/0ohEcWQuM= -github.com/lufia/plan9stats v0.0.0-20260216142805-b3301c5f2a88/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg= +github.com/lib/pq v1.12.3 h1:tTWxr2YLKwIvK90ZXEw8GP7UFHtcbTtty8zsI+YjrfQ= +github.com/lib/pq v1.12.3/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA= +github.com/lufia/plan9stats v0.0.0-20260330125221-c963978e514e h1:Q6MvJtQK/iRcRtzAscm/zF23XxJlbECiGPyRicsX+Ak= +github.com/lufia/plan9stats v0.0.0-20260330125221-c963978e514e/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg= github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE= github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mdelapenya/tlscert v0.2.0 h1:7H81W6Z/4weDvZBNOfQte5GpIMo0lGYEeWbkGp5LJHI= @@ -114,10 +108,12 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8= github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU= -github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= -github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= -github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= -github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= +github.com/moby/moby/api v1.54.2 h1:wiat9QAhnDQjA7wk1kh/TqHz2I1uUA7M7t9SAl/JNXg= +github.com/moby/moby/api v1.54.2/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= +github.com/moby/moby/client v0.4.1 h1:DMQgisVoMkmMs7fp3ROSdiBnoAu8+vo3GggFl06M/wY= +github.com/moby/moby/client v0.4.1/go.mod h1:z52C9O2POPOsnxZAy//WtKcQ32P+jT/NGeXu/7nfjGQ= +github.com/moby/patternmatcher v0.6.1 h1:qlhtafmr6kgMIJjKJMDmMWq7WLkKIo23hsrpR3x084U= +github.com/moby/patternmatcher v0.6.1/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= @@ -126,8 +122,6 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= -github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ= -github.com/morikuni/aec v1.1.0/go.mod h1:xDRgiq/iw5l+zkao76YTKzKttOp2cwPEne25HDkJnBw= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -153,8 +147,8 @@ github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEy github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= -github.com/shirou/gopsutil/v4 v4.26.2 h1:X8i6sicvUFih4BmYIGT1m2wwgw2VG9YgrDTi7cIRGUI= -github.com/shirou/gopsutil/v4 v4.26.2/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ= +github.com/shirou/gopsutil/v4 v4.26.4 h1:B4SXVbcwTyrocPHEmWBC4uCYr4Xcu3MK1TXqbprAOWY= +github.com/shirou/gopsutil/v4 v4.26.4/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ= github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -164,50 +158,42 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -github.com/testcontainers/testcontainers-go v0.41.0 h1:mfpsD0D36YgkxGj2LrIyxuwQ9i2wCKAD+ESsYM1wais= -github.com/testcontainers/testcontainers-go v0.41.0/go.mod h1:pdFrEIfaPl24zmBjerWTTYaY0M6UHsqA1YSvsoU40MI= -github.com/testcontainers/testcontainers-go/modules/postgres v0.41.0 h1:AOtFXssrDlLm84A2sTTR/AhvJiYbrIuCO59d+Ro9Tb0= -github.com/testcontainers/testcontainers-go/modules/postgres v0.41.0/go.mod h1:k2a09UKhgSp6vNpliIY0QSgm4Hi7GXVTzWvWgUemu/8= +github.com/testcontainers/testcontainers-go v0.42.0 h1:He3IhTzTZOygSXLJPMX7n44XtK+qhjat1nI9cneBbUY= +github.com/testcontainers/testcontainers-go v0.42.0/go.mod h1:vZjdY1YmUA1qEForxOIOazfsrdyORJAbhi0bp8plN30= +github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0 h1:GCbb1ndrF7OTDiIvxXyItaDab4qkzTFJ48LKFdM7EIo= +github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0/go.mod h1:IRPBaI8jXdrNfD0e4Zm7Fbcgaz5shKxOQv4axiL09xs= github.com/tetratelabs/wazero v1.11.0 h1:+gKemEuKCTevU4d7ZTzlsvgd1uaToIDtlQlmNbwqYhA= github.com/tetratelabs/wazero v1.11.0/go.mod h1:eV28rsN8Q+xwjogd7f4/Pp4xFxO7uOGbLcD/LzB1wiU= -github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA= -github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI= -github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw= -github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ= +github.com/tklauser/go-sysconf v0.4.0 h1:7H0uAN+7RkwWRaxhYXDLqa5V3LPrJeV8wmD9dRUgPQU= +github.com/tklauser/go-sysconf v0.4.0/go.mod h1:8mTNWyog7H+MpKijp4VmKJAd2bbYQ2zuUwkYRbUArPI= +github.com/tklauser/numcpus v0.12.0 h1:NR85qdvHA9pFse3x3weVZ0r0ST8R6l5RHbZrlRaqob4= +github.com/tklauser/numcpus v0.12.0/go.mod h1:ABHeXzJnr/qqwguhClkZKT1/8VABcYrsyUiUGobwWJg= github.com/xyproto/randomstring v1.2.0 h1:y7PXAEBM3XlwJjPG2JQg4voxBYZ4+hPgRdGKCfU8wik= github.com/xyproto/randomstring v1.2.0/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E= github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg= -go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho= -go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 h1:THuZiwpQZuHPul65w4WcwEnkX2QIuMT+UFoOrygtoJw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0/go.mod h1:J2pvYM5NGHofZ2/Ru6zw/TNWnEQp5crgyDeSrYpXkAw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 h1:uLXP+3mghfMf7XmV4PkGfFhFKuNWoCvvx5wP/wOXo0o= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0/go.mod h1:v0Tj04armyT59mnURNUJf7RCKcKzq+lgJs6QSjHjaTc= -go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4= -go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI= -go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo= -go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts= -go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA= -go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc= -go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY= -go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc= -go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= -go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 h1:CqXxU8VOmDefoh0+ztfGaymYbhdB/tT3zs79QaZTNGY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0/go.mod h1:BuhAPThV8PBHBvg8ZzZ/Ok3idOdhWIodywz2xEcRbJo= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= -golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= -golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= +golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= +golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= golang.org/x/image v0.41.0 h1:8wS72eGJMJaBxK6okTzd4WaXumUlTVlb753MlsSvTCo= golang.org/x/image v0.41.0/go.mod h1:uIc348UZMSvS5Z65CVZ7iDPaNobNFEPeJ4kbqTOszmA= -golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= -golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -220,14 +206,6 @@ golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= -golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= -golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= -google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c h1:OyQPd6I3pN/9gDxz6L13kYGJgqkpdrAohJRBeXyxlgI= -google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c/go.mod h1:X2gu9Qwng7Nn009s/r3RUxqkzQNqOrAy79bluY7ojIg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c h1:xgCzyF2LFIO/0X2UAoVRiXKU5Xg6VjToG4i2/ecSswk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= -google.golang.org/grpc v1.79.2 h1:fRMD94s2tITpyJGtBBn7MkMseNpOZU8ZxgC3MMBaXRU= -google.golang.org/grpc v1.79.2/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -242,3 +220,5 @@ gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg= gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= +pgregory.net/rapid v1.3.0 h1:vBvO0VSqti75J1jjYqpgPNBLKMd1+gxa9fYo7vk/Exc= +pgregory.net/rapid v1.3.0/go.mod h1:dPlE4OBBxgXPqkP79flB6sJL1dx5azpI7HQ9MY9Z7uk= diff --git a/infra/docker/base-images/Dockerfile.builder b/infra/docker/base-images/Dockerfile.builder index 41a206de..0d207beb 100644 --- a/infra/docker/base-images/Dockerfile.builder +++ b/infra/docker/base-images/Dockerfile.builder @@ -7,9 +7,9 @@ # against committed SHA256 checksums, and installed via an ephemeral RSA-signed # APKINDEX so `apk add` never contacts the live Alpine package index. -ARG GO_VERSION=1.26.1 +ARG GO_VERSION=1.26.3 ARG GO_IMAGE_VARIANT=alpine3.23 -ARG GO_IMAGE_DIGEST=sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039 +ARG GO_IMAGE_DIGEST=sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d FROM golang:${GO_VERSION}-${GO_IMAGE_VARIANT}@${GO_IMAGE_DIGEST} diff --git a/infra/docker/base-images/Dockerfile.runtime b/infra/docker/base-images/Dockerfile.runtime index f5b67c76..736a03b6 100644 --- a/infra/docker/base-images/Dockerfile.runtime +++ b/infra/docker/base-images/Dockerfile.runtime @@ -8,7 +8,7 @@ # SHA256 checksum verification, ephemeral RSA-signed APKINDEX. ARG ALPINE_VERSION=3.23 -ARG ALPINE_IMAGE_DIGEST=sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 +ARG ALPINE_IMAGE_DIGEST=sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 FROM alpine:${ALPINE_VERSION}@${ALPINE_IMAGE_DIGEST} diff --git a/infra/docker/dockerfile-api b/infra/docker/dockerfile-api index 8173bbde..9305c90a 100644 --- a/infra/docker/dockerfile-api +++ b/infra/docker/dockerfile-api @@ -32,10 +32,10 @@ ARG BINARY_NAME=oullin_api # can work without registry access. CI/maintainers can override these args with # digest-pinned registry references after running `make push-base-images`. # -ARG BASE_IMAGE_VERSION=1.26.1-alpine3.23-r3 +ARG BASE_IMAGE_VERSION=1.26.3-alpine3.23-r3 ARG BUILDER_BASE_IMAGE=oullin-api-builder-base:${BASE_IMAGE_VERSION} ARG RUNTIME_BASE_IMAGE=oullin-api-runtime-base:${BASE_IMAGE_VERSION} -ARG GO_TOOLCHAIN=go1.26.1 +ARG GO_TOOLCHAIN=go1.26.3 # Non-root user/group settings. ARG APP_USER=appuser diff --git a/infra/makefile/app.mk b/infra/makefile/app.mk index 40d8131c..5de80637 100644 --- a/infra/makefile/app.mk +++ b/infra/makefile/app.mk @@ -11,7 +11,7 @@ DB_SECRETS_DIR := $(ROOT_PATH)/database/infra/secrets # "auto" lets the local Go installation download the toolchain required by go.mod, # so developers don't need to install the exact Go version manually. -# Override with a pinned version (e.g., GO_LOCAL_TOOLCHAIN=go1.26.1) for deterministic builds. +# Override with a pinned version (e.g., GO_LOCAL_TOOLCHAIN=go1.26.3) for deterministic builds. # Note: docker-compose reads GO_LOCAL_TOOLCHAIN from the environment separately. GO_LOCAL_TOOLCHAIN ?= auto GOIMPORTS_VERSION ?= v0.43.0 diff --git a/infra/makefile/build.mk b/infra/makefile/build.mk index d9400d89..20abdf12 100644 --- a/infra/makefile/build.mk +++ b/infra/makefile/build.mk @@ -1,12 +1,12 @@ .PHONY: build-local watch-local build-ci build-prod build-release build-deploy build-local-restart build-prod-force build-fresh ensure-caddy-net ensure-base-images ensure-builder-base-image ensure-runtime-base-image build-base-images push-base-images generate-apk-checksums build-cli-docker prewarm-cli-docker BUILD_VERSION ?= latest -BASE_GO_VERSION ?= 1.26.1 +BASE_GO_VERSION ?= 1.26.3 BASE_ALPINE_VERSION ?= 3.23 BASE_IMAGE_REVISION ?= 3 BASE_GO_IMAGE_VARIANT ?= alpine$(BASE_ALPINE_VERSION) -BASE_GO_IMAGE_DIGEST ?= sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039 -BASE_ALPINE_IMAGE_DIGEST ?= sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 +BASE_GO_IMAGE_DIGEST ?= sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d +BASE_ALPINE_IMAGE_DIGEST ?= sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 BASE_APK_BASE_URL ?= https://dl-cdn.alpinelinux.org/alpine/v$(BASE_ALPINE_VERSION)/main BASE_IMAGE_VERSION ?= $(BASE_GO_VERSION)-alpine$(BASE_ALPINE_VERSION)-r$(BASE_IMAGE_REVISION) BUILD_CADDY_NET := caddy_net diff --git a/infra/metrics/README.md b/infra/metrics/README.md index c5b0a18c..06451e6e 100644 --- a/infra/metrics/README.md +++ b/infra/metrics/README.md @@ -81,22 +81,22 @@ The monitoring stack is designed to maintain configuration consistency across lo The following configurations are **identical** across both environments: 1. **Grafana Settings:** - - Same Grafana version (`grafana/grafana:12.3.1`) + - Same Grafana version (`grafana/grafana:13.0.1-security-01`) - Identical security settings (admin user, sign-up disabled, anonymous disabled) - Same dashboard and datasource provisioning structure - Same volume mount paths 2. **Prometheus Core Settings:** - - Same Prometheus version (`prom/prometheus:v3.0.1`) + - Same Prometheus version (`prom/prometheus:v3.11.3`) - Identical scrape interval (15s) and evaluation interval (15s) - Same job structure (caddy, postgresql, api, prometheus) with per-environment targets - Same metrics endpoints and paths 3. **Postgres Exporter:** - - Same exporter version (`prometheuscommunity/postgres-exporter:v0.16.0`) + - Same exporter version (`prometheuscommunity/postgres-exporter:v0.19.1`) - Identical port exposure (9187) - Same entrypoint script and secrets handling - - **Note:** v0.16.0 uses log/slog (stdlib) with new logging format + - **Note:** v0.19.1 uses log/slog (stdlib) with the current logging format #### Environment-Specific Variables diff --git a/internal/testutil/dbtest/helpers.go b/internal/testutil/dbtest/helpers.go index e3e1d27f..642af6a6 100644 --- a/internal/testutil/dbtest/helpers.go +++ b/internal/testutil/dbtest/helpers.go @@ -339,7 +339,7 @@ func newPostgresConnection(t *testing.T, models ...interface{}) (*database.Conne UserName: username, UserPassword: password, DatabaseName: dbname, - Port: port.Int(), + Port: int(port.Num()), Host: host, DriverName: database.DriverName, SSLMode: "disable", diff --git a/metal/cli/clitest/helpers.go b/metal/cli/clitest/helpers.go index a041c837..e1f9769f 100644 --- a/metal/cli/clitest/helpers.go +++ b/metal/cli/clitest/helpers.go @@ -54,7 +54,7 @@ func NewTestConnection(t *testing.T, models ...interface{}) *database.Connection UserName: "test", UserPassword: "secret", DatabaseName: "testdb", - Port: port.Int(), + Port: int(port.Num()), Host: host, DriverName: database.DriverName, SSLMode: "disable", diff --git a/pkg/endpoint/scope_api_error.go b/pkg/endpoint/scope_api_error.go index ca5e3070..450f3e95 100644 --- a/pkg/endpoint/scope_api_error.go +++ b/pkg/endpoint/scope_api_error.go @@ -52,52 +52,56 @@ func (s *ScopeApiError) Enrich() { s.scope.SetTag("http.route", s.request.URL.Path) s.scope.SetRequest(s.request) - s.scope.SetExtra("api_error_status_text", http.StatusText(s.apiErr.Status)) - s.scope.SetExtra("api_error_message", s.apiErr.Message) + context := sentry.Context{ + "api_error_status_text": http.StatusText(s.apiErr.Status), + "api_error_message": s.apiErr.Message, + } if requestID := s.RequestID(); requestID != "" { s.scope.SetTag("http.request_id", requestID) - s.scope.SetExtra("http_request_id", requestID) + context["http_request_id"] = requestID } if s.apiErr.Data != nil { - s.scope.SetExtra("api_error_data", s.apiErr.Data) + context["api_error_data"] = s.apiErr.Data } if s.apiErr.Err != nil { - s.scope.SetExtra("api_error_cause", s.apiErr.Err.Error()) + context["api_error_cause"] = s.apiErr.Err.Error() s.scope.SetTag("api.error.cause_type", fmt.Sprintf("%T", s.apiErr.Err)) - s.scope.SetExtra("api_error_cause_chain", s.buildErrorChain(s.apiErr.Err)) + context["api_error_cause_chain"] = s.buildErrorChain(s.apiErr.Err) } if accountName := s.accountName(); accountName != "" { - s.scope.SetExtra("api_account_name", accountName) + context["api_account_name"] = accountName } if username := s.headerValue(portal.UsernameHeader); username != "" { - s.scope.SetExtra("api_username_header", username) + context["api_username_header"] = username } if origin := portal.IntendedOriginFromHeader(s.request.Header); origin != "" { - s.scope.SetExtra("api_intended_origin", origin) + context["api_intended_origin"] = origin } if ts := s.headerValue(portal.TimestampHeader); ts != "" { - s.scope.SetExtra("api_request_timestamp", ts) + context["api_request_timestamp"] = ts } if nonce := s.headerValue(portal.NonceHeader); nonce != "" { - s.scope.SetExtra("api_request_nonce", nonce) + context["api_request_nonce"] = nonce } if publicKey := s.headerValue(portal.TokenHeader); publicKey != "" { - s.scope.SetExtra("api_public_key", publicKey) + context["api_public_key"] = publicKey } if clientIP := strings.TrimSpace(portal.ParseClientIP(s.request)); clientIP != "" { - s.scope.SetExtra("http_client_ip", clientIP) + context["http_client_ip"] = clientIP } + + s.scope.SetContext("api_error", context) } func (s *ScopeApiError) accountName() string { From 2e39a9727f1ccc98fb833673c9a47d92132540c2 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Mon, 25 May 2026 10:43:17 +0800 Subject: [PATCH 3/5] harden workflow pins --- .github/workflows/base-images.yml | 6 ++++-- .github/workflows/deploy.yml | 10 ++++++---- .github/workflows/gofmt.yml | 6 +++--- .github/workflows/tests.yml | 8 +++++--- docker-compose.yml | 4 ++-- infra/docker/dockerfile-api | 2 +- infra/makefile/build.mk | 2 +- 7 files changed, 22 insertions(+), 16 deletions(-) diff --git a/.github/workflows/base-images.yml b/.github/workflows/base-images.yml index 1ee58710..d0c8e7ac 100644 --- a/.github/workflows/base-images.yml +++ b/.github/workflows/base-images.yml @@ -12,10 +12,12 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Set up Docker with Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 with: driver: docker diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5e9e689f..e940d2ec 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -28,14 +28,16 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Set Image Tag id: set-tag run: echo "IMAGE_TAG=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT - name: Set up Docker with Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 with: driver: docker @@ -47,7 +49,7 @@ jobs: run: make build-ci - name: Log in to GitHub Registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -63,7 +65,7 @@ jobs: steps: - name: SSH and Pull Images on VPS - uses: appleboy/ssh-action@v1.2.2 + uses: appleboy/ssh-action@2ead5e36573f08b82fbfce1504f1a4b05a647c6f # v1.2.2 with: host: ${{ secrets.VPS_HOST }} username: ${{ secrets.VPS_USERNAME }} diff --git a/.github/workflows/gofmt.yml b/.github/workflows/gofmt.yml index 77620289..d7b328cc 100644 --- a/.github/workflows/gofmt.yml +++ b/.github/workflows/gofmt.yml @@ -18,14 +18,14 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name || github.repository }} ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref }} fetch-depth: 0 - name: Install Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version: ${{ matrix.go-version }} @@ -34,7 +34,7 @@ jobs: - name: Commit Formatting Changes if: github.event.pull_request.head.repo.full_name == github.repository - uses: stefanzweifel/git-auto-commit-action@v7.1.0 + uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0 with: commit_message: apply coding style fixes commit_options: '--no-verify' diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a62d9b2b..ad67c306 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,14 +14,16 @@ jobs: go-version: [1.26.3] steps: - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version: ${{ matrix.go-version }} - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false - name: Cache Go modules - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: | ~/go/pkg/mod diff --git a/docker-compose.yml b/docker-compose.yml index 6951a8dd..8818c330 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -344,7 +344,7 @@ services: dockerfile: ./infra/docker/dockerfile-api target: builder args: - - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.3-alpine3.23-r3} + - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.3-alpine3.23-r4} volumes: - .:/app - go_mod_cache:/go/pkg/mod @@ -396,7 +396,7 @@ services: context: . dockerfile: ./infra/docker/dockerfile-api args: - - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.3-alpine3.23-r3} + - BASE_IMAGE_VERSION=${BASE_IMAGE_VERSION:-1.26.3-alpine3.23-r4} - APP_VERSION=0.0.0.1 - APP_HOST_PORT=${ENV_HTTP_PORT} - APP_USER=${ENV_DOCKER_USER} diff --git a/infra/docker/dockerfile-api b/infra/docker/dockerfile-api index 9305c90a..b7e42bf0 100644 --- a/infra/docker/dockerfile-api +++ b/infra/docker/dockerfile-api @@ -32,7 +32,7 @@ ARG BINARY_NAME=oullin_api # can work without registry access. CI/maintainers can override these args with # digest-pinned registry references after running `make push-base-images`. # -ARG BASE_IMAGE_VERSION=1.26.3-alpine3.23-r3 +ARG BASE_IMAGE_VERSION=1.26.3-alpine3.23-r4 ARG BUILDER_BASE_IMAGE=oullin-api-builder-base:${BASE_IMAGE_VERSION} ARG RUNTIME_BASE_IMAGE=oullin-api-runtime-base:${BASE_IMAGE_VERSION} ARG GO_TOOLCHAIN=go1.26.3 diff --git a/infra/makefile/build.mk b/infra/makefile/build.mk index 20abdf12..dca8b644 100644 --- a/infra/makefile/build.mk +++ b/infra/makefile/build.mk @@ -3,7 +3,7 @@ BUILD_VERSION ?= latest BASE_GO_VERSION ?= 1.26.3 BASE_ALPINE_VERSION ?= 3.23 -BASE_IMAGE_REVISION ?= 3 +BASE_IMAGE_REVISION ?= 4 BASE_GO_IMAGE_VARIANT ?= alpine$(BASE_ALPINE_VERSION) BASE_GO_IMAGE_DIGEST ?= sha256:91eda9776261207ea25fd06b5b7fed8d397dd2c0a283e77f2ab6e91bfa71079d BASE_ALPINE_IMAGE_DIGEST ?= sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 From ee04251d4875a61f0438b7cbc50a9451a30b7576 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Mon, 25 May 2026 11:21:16 +0800 Subject: [PATCH 4/5] align test postgres image --- database/connection_test.go | 4 ++-- database/seeder/importer/runner_test.go | 4 ++-- database/seeder/seeds/seeder_test.go | 4 ++-- internal/testutil/dbtest/helpers.go | 4 ++-- metal/cli/clitest/helpers.go | 4 ++-- pkg/middleware/token_middleware_additional_test.go | 4 ++-- pkg/middleware/token_middleware_test.go | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/database/connection_test.go b/database/connection_test.go index 496b2a08..4ba92104 100644 --- a/database/connection_test.go +++ b/database/connection_test.go @@ -34,10 +34,10 @@ func setupPostgresConnection(t *testing.T, models ...interface{}) (*database.Con ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) t.Cleanup(cancel) - // Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure // consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.1-alpine", + "postgres:18.4-alpine", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/database/seeder/importer/runner_test.go b/database/seeder/importer/runner_test.go index 7a96ef4a..7856c1f9 100644 --- a/database/seeder/importer/runner_test.go +++ b/database/seeder/importer/runner_test.go @@ -709,10 +709,10 @@ func setupPostgresConnection(t *testing.T) (*database.Connection, *env.Environme ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) t.Cleanup(cancel) - // Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure // consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.1-alpine", + "postgres:18.4-alpine", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/database/seeder/seeds/seeder_test.go b/database/seeder/seeds/seeder_test.go index 01cba14b..098500b9 100644 --- a/database/seeder/seeds/seeder_test.go +++ b/database/seeder/seeds/seeder_test.go @@ -23,10 +23,10 @@ func testConnection(t *testing.T, e *env.Environment) *database.Connection { ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - // Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure // consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.1-alpine", + "postgres:18.4-alpine", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/internal/testutil/dbtest/helpers.go b/internal/testutil/dbtest/helpers.go index 642af6a6..6d171d0d 100644 --- a/internal/testutil/dbtest/helpers.go +++ b/internal/testutil/dbtest/helpers.go @@ -302,10 +302,10 @@ func newPostgresConnection(t *testing.T, models ...interface{}) (*database.Conne ctx, cancel := context.WithTimeout(context.Background(), timeout) t.Cleanup(cancel) - // Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure // consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.1-alpine", + "postgres:18.4-alpine", postgres.WithUsername(username), postgres.WithPassword(password), postgres.WithDatabase(dbname), diff --git a/metal/cli/clitest/helpers.go b/metal/cli/clitest/helpers.go index e1f9769f..6fdb4d31 100644 --- a/metal/cli/clitest/helpers.go +++ b/metal/cli/clitest/helpers.go @@ -26,10 +26,10 @@ func NewTestConnection(t *testing.T, models ...interface{}) *database.Connection ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - // Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure // consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.1-alpine", + "postgres:18.4-alpine", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/pkg/middleware/token_middleware_additional_test.go b/pkg/middleware/token_middleware_additional_test.go index 232fbbfa..07bcc10f 100644 --- a/pkg/middleware/token_middleware_additional_test.go +++ b/pkg/middleware/token_middleware_additional_test.go @@ -30,10 +30,10 @@ func makeRepo(t *testing.T, account string) (*repository.ApiKeys, *auth.TokenHan ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) defer cancel() - // Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure // consistent checksum behaviour (initdb enables checksums by default in PG 18). pgC, err := postgrescontainer.Run(ctx, - "postgres:18.1-alpine", + "postgres:18.4-alpine", postgrescontainer.WithDatabase("testdb"), postgrescontainer.WithUsername("test"), postgrescontainer.WithPassword("test"), diff --git a/pkg/middleware/token_middleware_test.go b/pkg/middleware/token_middleware_test.go index 565096cc..6316c94e 100644 --- a/pkg/middleware/token_middleware_test.go +++ b/pkg/middleware/token_middleware_test.go @@ -182,10 +182,10 @@ func setupDB(t *testing.T) *database.Connection { ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) t.Cleanup(cancel) - // Pinning to postgres:18.1-alpine to avoid CVE-2025-12817/12818 and ensure + // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure // consistent checksum behaviour (initdb enables checksums by default in PG 18). pgC, err := postgrescontainer.Run(ctx, - "postgres:18.1-alpine", + "postgres:18.4-alpine", postgrescontainer.WithDatabase("testdb"), postgrescontainer.WithUsername("test"), postgrescontainer.WithPassword("secret"), From cc4f2f2ca97f3d1ac54f818df962019deaf10da4 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Mon, 25 May 2026 11:28:39 +0800 Subject: [PATCH 5/5] pin test postgres image digest --- database/connection_test.go | 6 +++--- database/seeder/importer/runner_test.go | 6 +++--- database/seeder/seeds/seeder_test.go | 6 +++--- internal/testutil/dbtest/helpers.go | 6 +++--- metal/cli/clitest/helpers.go | 6 +++--- pkg/middleware/token_middleware_additional_test.go | 6 +++--- pkg/middleware/token_middleware_test.go | 6 +++--- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/database/connection_test.go b/database/connection_test.go index 4ba92104..23ba69b2 100644 --- a/database/connection_test.go +++ b/database/connection_test.go @@ -34,10 +34,10 @@ func setupPostgresConnection(t *testing.T, models ...interface{}) (*database.Con ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) t.Cleanup(cancel) - // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure - // consistent checksum behaviour (initdb enables checksums by default in PG 18). + // Pinning to postgres:18.4-alpine by digest to avoid CVE-2025-12817/12818 + // and ensure consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.4-alpine", + "postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/database/seeder/importer/runner_test.go b/database/seeder/importer/runner_test.go index 7856c1f9..58f87541 100644 --- a/database/seeder/importer/runner_test.go +++ b/database/seeder/importer/runner_test.go @@ -709,10 +709,10 @@ func setupPostgresConnection(t *testing.T) (*database.Connection, *env.Environme ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) t.Cleanup(cancel) - // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure - // consistent checksum behaviour (initdb enables checksums by default in PG 18). + // Pinning to postgres:18.4-alpine by digest to avoid CVE-2025-12817/12818 + // and ensure consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.4-alpine", + "postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/database/seeder/seeds/seeder_test.go b/database/seeder/seeds/seeder_test.go index 098500b9..2ef40c16 100644 --- a/database/seeder/seeds/seeder_test.go +++ b/database/seeder/seeds/seeder_test.go @@ -23,10 +23,10 @@ func testConnection(t *testing.T, e *env.Environment) *database.Connection { ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure - // consistent checksum behaviour (initdb enables checksums by default in PG 18). + // Pinning to postgres:18.4-alpine by digest to avoid CVE-2025-12817/12818 + // and ensure consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.4-alpine", + "postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/internal/testutil/dbtest/helpers.go b/internal/testutil/dbtest/helpers.go index 6d171d0d..f59fe01c 100644 --- a/internal/testutil/dbtest/helpers.go +++ b/internal/testutil/dbtest/helpers.go @@ -302,10 +302,10 @@ func newPostgresConnection(t *testing.T, models ...interface{}) (*database.Conne ctx, cancel := context.WithTimeout(context.Background(), timeout) t.Cleanup(cancel) - // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure - // consistent checksum behaviour (initdb enables checksums by default in PG 18). + // Pinning to postgres:18.4-alpine by digest to avoid CVE-2025-12817/12818 + // and ensure consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.4-alpine", + "postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88", postgres.WithUsername(username), postgres.WithPassword(password), postgres.WithDatabase(dbname), diff --git a/metal/cli/clitest/helpers.go b/metal/cli/clitest/helpers.go index 6fdb4d31..16711ae5 100644 --- a/metal/cli/clitest/helpers.go +++ b/metal/cli/clitest/helpers.go @@ -26,10 +26,10 @@ func NewTestConnection(t *testing.T, models ...interface{}) *database.Connection ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() - // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure - // consistent checksum behaviour (initdb enables checksums by default in PG 18). + // Pinning to postgres:18.4-alpine by digest to avoid CVE-2025-12817/12818 + // and ensure consistent checksum behaviour (initdb enables checksums by default in PG 18). pg, err := postgres.Run(ctx, - "postgres:18.4-alpine", + "postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88", postgres.WithDatabase("testdb"), postgres.WithUsername("test"), postgres.WithPassword("secret"), diff --git a/pkg/middleware/token_middleware_additional_test.go b/pkg/middleware/token_middleware_additional_test.go index 07bcc10f..585c5f66 100644 --- a/pkg/middleware/token_middleware_additional_test.go +++ b/pkg/middleware/token_middleware_additional_test.go @@ -30,10 +30,10 @@ func makeRepo(t *testing.T, account string) (*repository.ApiKeys, *auth.TokenHan ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) defer cancel() - // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure - // consistent checksum behaviour (initdb enables checksums by default in PG 18). + // Pinning to postgres:18.4-alpine by digest to avoid CVE-2025-12817/12818 + // and ensure consistent checksum behaviour (initdb enables checksums by default in PG 18). pgC, err := postgrescontainer.Run(ctx, - "postgres:18.4-alpine", + "postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88", postgrescontainer.WithDatabase("testdb"), postgrescontainer.WithUsername("test"), postgrescontainer.WithPassword("test"), diff --git a/pkg/middleware/token_middleware_test.go b/pkg/middleware/token_middleware_test.go index 6316c94e..fc19c022 100644 --- a/pkg/middleware/token_middleware_test.go +++ b/pkg/middleware/token_middleware_test.go @@ -182,10 +182,10 @@ func setupDB(t *testing.T) *database.Connection { ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) t.Cleanup(cancel) - // Pinning to postgres:18.4-alpine to avoid CVE-2025-12817/12818 and ensure - // consistent checksum behaviour (initdb enables checksums by default in PG 18). + // Pinning to postgres:18.4-alpine by digest to avoid CVE-2025-12817/12818 + // and ensure consistent checksum behaviour (initdb enables checksums by default in PG 18). pgC, err := postgrescontainer.Run(ctx, - "postgres:18.4-alpine", + "postgres:18.4-alpine@sha256:96d56f7f57c6aacd1fcb908bc83b345ec5f83231ee486dd66a1baadce274db88", postgrescontainer.WithDatabase("testdb"), postgrescontainer.WithUsername("test"), postgrescontainer.WithPassword("secret"),