From 6ac74c8e119ff849b6fdca49d3d1eb1cc2fc8a8c Mon Sep 17 00:00:00 2001
From: Zhiying Lin <54013513+zhiying-lin@users.noreply.github.com>
Date: Thu, 9 May 2024 13:19:16 +0800
Subject: [PATCH] fix: upgrade golang version to 1.22.2 for CVE-2023-45288
 (#175)

Co-authored-by: Zhiying Lin <zhiyinglin@microsoft.com>
---
 .github/workflows/build-publish-mcr.yml         | 2 +-
 .github/workflows/e2e-tests.yml                 | 2 +-
 .github/workflows/go.yml                        | 2 +-
 .github/workflows/publish-image.yml             | 2 +-
 .github/workflows/trivy.yml                     | 2 +-
 .github/workflows/unit-integration-tests.yml    | 2 +-
 Makefile                                        | 6 +++---
 docker/hub-net-controller-manager.Dockerfile    | 2 +-
 docker/mcs-controller-manager.Dockerfile        | 2 +-
 docker/member-net-controller-manager.Dockerfile | 2 +-
 go.mod                                          | 2 +-
 11 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/build-publish-mcr.yml b/.github/workflows/build-publish-mcr.yml
index 860fe8b2..09eb88f1 100644
--- a/.github/workflows/build-publish-mcr.yml
+++ b/.github/workflows/build-publish-mcr.yml
@@ -17,7 +17,7 @@ env:
   # `public` indicates images to MCR wil be publicly available, and will be removed in the final MCR images
   REGISTRY_REPO: public/aks/fleet
 
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.22.2'
 
 jobs:
   prepare-variables:
diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml
index 50af4eb1..83069c25 100644
--- a/.github/workflows/e2e-tests.yml
+++ b/.github/workflows/e2e-tests.yml
@@ -14,7 +14,7 @@ permissions:
   contents: read
 
 env:
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.22.2'
 
 jobs:
   detect-noop:
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index a852532d..71359b31 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -14,7 +14,7 @@ on:
 
 env:
   # Common versions
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.22.2'
 
 jobs:
 
diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
index 4621c05f..499101cd 100644
--- a/.github/workflows/publish-image.yml
+++ b/.github/workflows/publish-image.yml
@@ -19,7 +19,7 @@ env:
   REGISTRY: ghcr.io
   IMAGE_VERSION: latest
 
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.22.2'
 
 jobs:
   export-registry:
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 564de60f..d81305b7 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -17,7 +17,7 @@ env:
   MEMBER_NET_CONTROLLER_MANAGER_IMAGE_NAME: member-net-controller-manager
   MCS_CONTROLLER_MANAGER_IMAGE_NAME: mcs-controller-manager
 
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.22.2'
 
 jobs:
   export-registry:
diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml
index d9149352..35f09913 100644
--- a/.github/workflows/unit-integration-tests.yml
+++ b/.github/workflows/unit-integration-tests.yml
@@ -16,7 +16,7 @@ permissions:
   contents: read
 
 env:
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.22.2'
 
 jobs:
   detect-noop:
diff --git a/Makefile b/Makefile
index d5c15013..603a60eb 100644
--- a/Makefile
+++ b/Makefile
@@ -20,11 +20,11 @@ TOOLS_BIN_DIR := $(abspath $(TOOLS_DIR)/bin)
 # Binaries
 # Note: Need to use abspath so we can invoke these from subdirectories
 
-CONTROLLER_GEN_VER := v0.7.0
+CONTROLLER_GEN_VER := v0.15.0
 CONTROLLER_GEN_BIN := controller-gen
 CONTROLLER_GEN := $(abspath $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER))
 
-STATICCHECK_VER := 2023.1
+STATICCHECK_VER := 2023.1.7
 STATICCHECK_BIN := staticcheck
 STATICCHECK := $(abspath $(TOOLS_BIN_DIR)/$(STATICCHECK_BIN)-$(STATICCHECK_VER))
 
@@ -37,7 +37,7 @@ GOLANGCI_LINT_BIN := golangci-lint
 GOLANGCI_LINT := $(abspath $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER))
 
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.24.x
+ENVTEST_K8S_VERSION = 1.28.x
 # ENVTEST_VER is the version of the ENVTEST binary
 # Use a fixed version to avoid Go version conflicts.
 ENVTEST_VER = v0.0.0-20240317073005-bd9ea79e8d18
diff --git a/docker/hub-net-controller-manager.Dockerfile b/docker/hub-net-controller-manager.Dockerfile
index 883e9ed2..01b973ff 100644
--- a/docker/hub-net-controller-manager.Dockerfile
+++ b/docker/hub-net-controller-manager.Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.20 as builder
+FROM golang:1.22.2 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/docker/mcs-controller-manager.Dockerfile b/docker/mcs-controller-manager.Dockerfile
index d2260673..b19a45f4 100644
--- a/docker/mcs-controller-manager.Dockerfile
+++ b/docker/mcs-controller-manager.Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.20 as builder
+FROM golang:1.22.2 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/docker/member-net-controller-manager.Dockerfile b/docker/member-net-controller-manager.Dockerfile
index cf4920a9..b4a72093 100644
--- a/docker/member-net-controller-manager.Dockerfile
+++ b/docker/member-net-controller-manager.Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.20 as builder
+FROM golang:1.22.2 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/go.mod b/go.mod
index b459255a..7195c20a 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module go.goms.io/fleet-networking
 
-go 1.20
+go 1.22.2
 
 require (
 	github.com/google/go-cmp v0.6.0