Three pre-existing issues prevented the Check workflow from passing:
1. Linux: ICMP tests fail because ping_group_range on GitHub Actions
runners defaults to "1 0" (unprivileged ICMP disabled). Add sysctl
step to allow unprivileged ICMP sockets.
2. macOS: go test -json emits linker warnings (LC_DYSYMTAB) as
"Action":"build-output" JSON lines. gotestfmt v2.5.0 predates this
action type (Go 1.21+) and panics in parseLine
(gotesttools/gotestfmt#64). Filter build-output lines before piping
to gotestfmt.
3. Windows: GO_TEST_LOG_OUTPUT pointed to /tmp/gotest.log which does
not resolve through the MSYS2-to-native-Go boundary. Use relative
path instead.
These failures were masked by fail-fast: Linux failed first (ICMP),
cancelling macOS and Windows before they reached gotestfmt.
Updating Semgrep.yml file - Semgrep is a tool that will be used to scan Cloudflare's public repos for Supply chain, code and secrets. This work is part of Application & Product Security team's initiative to onboard Semgrep onto all of Cloudflare's public repos.
In case of any questions, please reach out to "Hrushikesh Deshpande" on cf internal chat.
Also update golang.org/x/net and google.golang.org/grpc to fix vulnerabilities,
although cloudflared is using them in a way that is not exposed to those risks
This PR removes automatic assignees on github issues because it sends a
slightly wrong message about triaging. We will continue to triage issues
and find a more focussed method to nominate assignees.
This PR removes go-sumtype from cloudflared's build processes.
The value we see from analysing exhaustive match patterns in go is minimal (we can do this in code reviews) compared to using a tool that is unmaintained and (now broken) in Go 1.18.
We'd already been using the patched version here: https://github.com/sudarshan-reddy/go-sumtype because the original is broken for go tools > 1.16
mannie-exe
Hrushikesh Deshpande
Hrushikesh Deshpande
João "Pisco" Fernandes
K.B.Dharun Krishna
Chung-Ting
Devin Carr
Spencer Comfort
Sudarsan Reddy
abe
Areg Harutyunyan