From ec8fe8248bdc1fbac9793deb8ac29513a0eb475e Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Thu, 17 Jul 2025 12:36:54 +0000 Subject: [PATCH 1/4] fix: push multi-arch images with correct platform --- Makefile.enterprise | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile.enterprise b/Makefile.enterprise index 04e3a4f..faef20c 100644 --- a/Makefile.enterprise +++ b/Makefile.enterprise @@ -64,6 +64,9 @@ $(IMAGES): $(ENTERPRISE_BUILD)/exectrace_$(VERSION)_linux_%.tag: $(ENTERPRISE_BU ) if [[ "$${arch_map[$${arch}]+exists}" != "" ]]; then arch="$${arch_map[$${arch}]}" + else + echo "Unknown arch: $${arch}" + exit 1 fi temp_dir="$$(mktemp -d)" @@ -71,7 +74,9 @@ $(IMAGES): $(ENTERPRISE_BUILD)/exectrace_$(VERSION)_linux_%.tag: $(ENTERPRISE_BU cp "$<" "$${temp_dir}/exectrace" docker build \ + --platform "$${arch}" \ --tag "$${image_tag}" \ + --no-cache \ --build-arg "CODER_VERSION=$(VERSION)" \ "$${temp_dir}" From 16a6211173cba82a6b597bcadf318790dfaf7494 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Thu, 17 Jul 2025 12:42:13 +0000 Subject: [PATCH 2/4] fix: use ubuntu-latest in github actions --- .github/workflows/gen.yml | 2 +- .github/workflows/quality.yml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/gen.yml b/.github/workflows/gen.yml index 79f0228..df10e8f 100644 --- a/.github/workflows/gen.yml +++ b/.github/workflows/gen.yml @@ -28,7 +28,7 @@ permissions: jobs: handler-elf: name: handler-elf - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 8f76e30..dc805c3 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -28,7 +28,7 @@ permissions: jobs: fmt-go: name: fmt/go - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 @@ -46,7 +46,7 @@ jobs: fmt-prettier: name: fmt/prettier - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 @@ -67,7 +67,7 @@ jobs: lint-go: name: lint/go - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 @@ -123,7 +123,7 @@ jobs: lint-c: name: lint/c - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 @@ -141,7 +141,7 @@ jobs: lint-shellcheck: name: lint/shellcheck - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 From e40010ebc46b2ceae5de30532e36fcdab09f7539 Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Thu, 17 Jul 2025 13:03:11 +0000 Subject: [PATCH 3/4] Upgrade to go 1.24, fix build problems --- .github/workflows/enterprise-release.yaml | 10 ++- .github/workflows/enterprise.yaml | 13 +-- .github/workflows/{gen.yml => gen.yaml} | 2 +- .../workflows/{quality.yml => quality.yaml} | 38 +++++---- .golangci.yaml | 85 +++++++------------ bench/go.mod | 2 +- enterprise/go.mod | 2 +- go.mod | 2 +- go.work | 2 +- tracer_linux.go | 2 +- 10 files changed, 69 insertions(+), 89 deletions(-) rename .github/workflows/{gen.yml => gen.yaml} (94%) rename .github/workflows/{quality.yml => quality.yaml} (80%) diff --git a/.github/workflows/enterprise-release.yaml b/.github/workflows/enterprise-release.yaml index a03936e..8e8508c 100644 --- a/.github/workflows/enterprise-release.yaml +++ b/.github/workflows/enterprise-release.yaml @@ -30,7 +30,8 @@ jobs: # Necessary for Docker manifest DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -43,15 +44,16 @@ jobs: run: git fetch --tags --force - name: Docker Login - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/setup-go@v3 + - name: Install Go + uses: actions/setup-go@v5 with: - go-version: "^1.21.9" + go-version: "^1.24.5" - name: Build binaries run: | diff --git a/.github/workflows/enterprise.yaml b/.github/workflows/enterprise.yaml index 4c557f7..77dff1c 100644 --- a/.github/workflows/enterprise.yaml +++ b/.github/workflows/enterprise.yaml @@ -34,10 +34,13 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Go + uses: actions/setup-go@v5 with: - go-version: "^1.21.9" + go-version: "^1.24.5" - name: Echo Go Cache Paths id: go-cache-paths @@ -46,13 +49,13 @@ jobs: echo "::set-output name=go-mod::$(go env GOMODCACHE)" - name: Go Build Cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.**', '**.go') }} - name: Go Mod Cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/gen.yml b/.github/workflows/gen.yaml similarity index 94% rename from .github/workflows/gen.yml rename to .github/workflows/gen.yaml index df10e8f..3337ce0 100644 --- a/.github/workflows/gen.yml +++ b/.github/workflows/gen.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Run make run: make diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yaml similarity index 80% rename from .github/workflows/quality.yml rename to .github/workflows/quality.yaml index dc805c3..a4a8313 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yaml @@ -31,12 +31,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: - go-version: "^1.21.9" + go-version: "^1.24.5" - name: Run make fmt/go run: make fmt/go @@ -49,12 +49,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install Node.js - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: - node-version: "18" + node-version: "22" - name: Install prettier run: npm install --global prettier @@ -70,17 +70,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: - go-version: "^1.21.9" + go-version: "^1.24.5" - name: Install golangci-lint run: | - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \ - | sh -s -- -b $(go env GOPATH)/bin v1.57.2 + go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.8 # Linting needs to be done on each build variation of GOOS. - name: Run make lint/go/linux @@ -95,10 +94,13 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Go + uses: actions/setup-go@v5 with: - go-version: "^1.21.9" + go-version: "^1.24.5" - name: Echo Go Cache Paths id: go-cache-paths @@ -107,13 +109,13 @@ jobs: echo "::set-output name=go-mod::$(go env GOMODCACHE)" - name: Go Build Cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.**', '**.go') }} - name: Go Mod Cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} @@ -126,7 +128,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Run make lint/c run: make lint/c @@ -144,7 +146,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install shellcheck run: sudo apt install -y shellcheck diff --git a/.golangci.yaml b/.golangci.yaml index 0db4a80..9d4eec1 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -5,12 +5,19 @@ # - removed testpackage linters-settings: + dupl: + # goal: 100 + threshold: 412 + exhaustruct: include: # Gradually extend to cover more of the codebase. - 'httpmw\.\w+' + # We want to enforce all values are specified when inserting or updating + # a database row. Ref: #993 + - 'github.com/coder/coder/v2/coderd/database\.[^G][^e][^t]\w+Params' gocognit: - min-complexity: 46 # Min code complexity (def 30). + min-complexity: 300 goconst: min-len: 4 # Min length of string consts (def 3). @@ -20,30 +27,19 @@ linters-settings: enabled-checks: # - appendAssign # - appendCombine - #- argOrder # - assignOp # - badCall - #- badCond - badLock - badRegexp - boolExprSimplify # - builtinShadow - builtinShadowDecl - #- captLocal - #- caseOrder - #- codegenComment # - commentedOutCode - commentedOutImport - #- commentFormatting - #- defaultCaseOrder - deferUnlambda # - deprecatedComment # - docStub - #- dupArg - #- dupBranchBody - #- dupCase - dupImport - #- dupSubExpr # - elseif - emptyFallthrough # - emptyStringTest @@ -52,8 +48,6 @@ linters-settings: # - exitAfterDefer # - exposedSyncMutex # - filepathJoin - #- flagDeref - #- flagName - hexLiteral # - httpNoBody # - hugeParam @@ -61,55 +55,40 @@ linters-settings: # - importShadow - indexAlloc - initClause - #- mapKey - methodExprCall # - nestingReduce - #- newDeref - nilValReturn # - octalLiteral - #- offBy1 # - paramTypeCombine # - preferStringWriter # - preferWriteByte # - ptrToRefParam # - rangeExprCopy # - rangeValCopy - #- regexpMust - regexpPattern # - regexpSimplify - #- ruleguard - #- singleCaseSwitch - #- sloppyLen + # - ruleguard # - sloppyReassign - #- sloppyTypeAssert - sortSlice - sprintfQuotedString - sqlQuery # - stringConcatSimplify # - stringXbytes # - suspiciousSorting - #- switchTrue - truncateCmp - typeAssertChain # - typeDefFirst - #- typeSwitchVar # - typeUnparen - #- underef # - unlabelStmt # - unlambda # - unnamedResult # - unnecessaryBlock # - unnecessaryDefer # - unslice - #- valSwap - weakCond # - whyNoLint # - wrapperFunc # - yodaStyleExpr - #settings: - # ruleguard: - # failOn: all - # rules: "${configDir}/scripts/rules.go" staticcheck: # https://staticcheck.io/docs/options#checks @@ -121,10 +100,6 @@ linters-settings: goimports: local-prefixes: coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder - gocyclo: - # goal: 30 - min-complexity: 47 - importas: no-unaliased: true @@ -134,7 +109,8 @@ linters-settings: - trialer nestif: - min-complexity: 4 # Min complexity of if statements (def 5, goal 4) + # goal: 10 + min-complexity: 20 revive: # see https://github.com/mgechev/revive#available-rules for details. @@ -174,8 +150,6 @@ linters-settings: - name: modifies-value-receiver - name: package-comments - name: range - - name: range-val-address - - name: range-val-in-closure - name: receiver-naming - name: redefines-builtin-id - name: string-of-int @@ -189,11 +163,21 @@ linters-settings: - name: unnecessary-stmt - name: unreachable-code - name: unused-parameter + exclude: "**/*_test.go" - name: unused-receiver - name: var-declaration - name: var-naming - name: waitgroup-by-value + # irrelevant as of Go v1.22: https://go.dev/blog/loopvar-preview + govet: + disable: + - loopclosure + gosec: + excludes: + # Implicit memory aliasing of items from a range statement (irrelevant as of Go v1.22) + - G601 + issues: # Rules listed here: https://github.com/securego/gosec#available-rules exclude-rules: @@ -203,15 +187,6 @@ issues: - errcheck - forcetypeassert - exhaustruct # This is unhelpful in tests. - - path: scripts/* - linters: - - exhaustruct - - exclude-files: - - scripts/rules.go - - exclude-dirs: - - node_modules fix: true max-issues-per-linter: 0 @@ -233,10 +208,14 @@ linters: - errname - errorlint - exhaustruct - - exportloopref - forcetypeassert - gocritic - - gocyclo + # gocyclo is may be useful in the future when we start caring + # about testing complexity, but for the time being we should + # create a good culture around cognitive complexity. + # - gocyclo + - gocognit + - nestif - goimports - gomodguard - gosec @@ -260,15 +239,9 @@ linters: - staticcheck - tenv - # In Go, it's possible for a package to test it's internal functionality - # without testing any exported functions. This is enabled to promote - # decomposing a package before testing it's internals. A function caller - # should be able to test most of the functionality from exported functions. - # - # There are edge-cases to this rule, but they should be carefully considered - # to avoid structural inconsistency. - #- testpackage + # - testpackage - tparallel - typecheck - unconvert - unused + - dupl diff --git a/bench/go.mod b/bench/go.mod index 759182d..5e44b6f 100644 --- a/bench/go.mod +++ b/bench/go.mod @@ -1,6 +1,6 @@ module github.com/coder/exectrace/bench -go 1.21.0 +go 1.24 require ( github.com/DataDog/ebpfbench v0.0.0-20230731170724-14eabe1f3e9a diff --git a/enterprise/go.mod b/enterprise/go.mod index 10eaa25..f04a75a 100644 --- a/enterprise/go.mod +++ b/enterprise/go.mod @@ -1,6 +1,6 @@ module github.com/coder/exectrace/enterprise -go 1.21.0 +go 1.24 replace github.com/coder/exectrace => ../ diff --git a/go.mod b/go.mod index 8caea46..28f1460 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/coder/exectrace -go 1.21.0 +go 1.24 require ( github.com/cilium/ebpf v0.14.0 diff --git a/go.work b/go.work index 4024fca..32b3251 100644 --- a/go.work +++ b/go.work @@ -1,4 +1,4 @@ -go 1.21.0 +go 1.24 use ( ./ diff --git a/tracer_linux.go b/tracer_linux.go index c4ba386..8c8c962 100644 --- a/tracer_linux.go +++ b/tracer_linux.go @@ -292,7 +292,7 @@ func (t *tracer) readLogs(rbLogs *ringbuf.Reader, logFn func(uid, gid, pid uint3 logLine = strings.Replace(logLine, `%u`, fmt.Sprint(arg), 1) } if dIndex < uIndex || uIndex == -1 { - logLine = strings.Replace(logLine, `%d`, fmt.Sprint(int32(arg)), 1) + logLine = strings.Replace(logLine, `%d`, fmt.Sprint(int32(arg)), 1) //nolint:gosec // we intentionally want to cast directly to int32 } } From c109064084613edac36e6848bb75d7f506e204dc Mon Sep 17 00:00:00 2001 From: Dean Sheather Date: Thu, 17 Jul 2025 13:10:23 +0000 Subject: [PATCH 4/4] arm64 tests too --- .github/workflows/quality.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/quality.yaml b/.github/workflows/quality.yaml index a4a8313..8bc1ad8 100644 --- a/.github/workflows/quality.yaml +++ b/.github/workflows/quality.yaml @@ -91,7 +91,12 @@ jobs: test-go: name: "test/go" - runs-on: ubuntu-latest + strategy: + matrix: + runs-on: + - ubuntu-24.04 + - ubuntu-24.04-arm # arm64 + runs-on: ${{ matrix.runs-on }} timeout-minutes: 20 steps: - name: Checkout