Merge pull request #4056 from thaJeztah/2.8_backport_update_golang_1.20.8

.github/workflows/ci.yml

@@ -25,7 +25,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.19.9
+        go-version: 1.20.8
 
     - name: Dependencies
       run: |

.golangci.yml

@@ -1,7 +1,5 @@
 linters:
   enable:
-    - structcheck
-    - varcheck
     - staticcheck
     - unconvert
     - gofmt
@@ -14,6 +12,14 @@ linters:
   disable:
     - errcheck
 
+linters-settings:
+  revive:
+    rules:
+      # TODO(thaJeztah): temporarily disabled the "unused-parameter" check.
+      # It produces many warnings, and some of those may need to be looked at.
+      - name: unused-parameter
+        disabled: true
+
 run:
   deadline: 2m
   skip-dirs:

Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.19.9
-ARG ALPINE_VERSION=3.16
+ARG GO_VERSION=1.20.8
+ARG ALPINE_VERSION=3.18
 ARG XX_VERSION=1.2.1
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx

reference/normalize_test.go

@@ -532,7 +532,7 @@ func TestNormalizedSplitHostname(t *testing.T) {
 			t.Fail()
 		}
 
-		named, err := ParseNormalizedNamed(testcase.input)
+		named, err := ParseNormalizedNamed(testcase.input) //nolint:staticcheck // Ignore SA1019: SplitHostname is deprecated.
 		if err != nil {
 			failf("error parsing name: %s", err)
 		}

registry/api/v2/routes_test.go

@@ -9,7 +9,6 @@ import (
 	"reflect"
 	"strings"
 	"testing"
-	"time"
 
 	"github.com/gorilla/mux"
 )
@@ -218,7 +217,6 @@ func TestRouterWithBadCharacters(t *testing.T) {
 		// with random UTF8 characters not in the 128 bit ASCII range.
 		// These are not valid characters for the router and we expect
 		// 404s on every test.
-		rand.Seed(time.Now().UTC().UnixNano())
 		testCases := make([]routeTestCase, 1000)
 		for idx := range testCases {
 			testCases[idx] = routeTestCase{

registry/auth/token/token_test.go

@@ -527,7 +527,7 @@ func TestNewAccessControllerPemBlock(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if len(ac.(*accessController).rootCerts.Subjects()) != 2 {
+	if len(ac.(*accessController).rootCerts.Subjects()) != 2 { //nolint:staticcheck // FIXME(thaJeztah): ignore SA1019: ac.(*accessController).rootCerts.Subjects has been deprecated since Go 1.18: if s was returned by SystemCertPool, Subjects will not include the system roots. (staticcheck)
 		t.Fatal("accessController has the wrong number of certificates")
 	}
 }

registry/proxy/proxyblobstore_test.go

@@ -21,6 +21,7 @@ import (
 )
 
 var sbsMu sync.Mutex
+var randSource rand.Rand
 
 type statsBlobStore struct {
 	stats map[string]int
@@ -195,13 +196,13 @@ func makeTestEnv(t *testing.T, name string) *testEnv {
 func makeBlob(size int) []byte {
 	blob := make([]byte, size)
 	for i := 0; i < size; i++ {
-		blob[i] = byte('A' + rand.Int()%48)
+		blob[i] = byte('A' + randSource.Int()%48)
 	}
 	return blob
 }
 
 func init() {
-	rand.Seed(42)
+	randSource = *rand.New(rand.NewSource(42))
 }
 
 func populate(t *testing.T, te *testEnv, blobCount, size, numUnique int) {

registry/registry.go

@@ -236,11 +236,10 @@ func (registry *Registry) ListenAndServe() error {
 		dcontext.GetLogger(registry.app).Infof("restricting TLS cipher suites to: %s", strings.Join(getCipherSuiteNames(tlsCipherSuites), ","))
 
 		tlsConf := &tls.Config{
-			ClientAuth:               tls.NoClientCert,
-			NextProtos:               nextProtos(config),
-			MinVersion:               tlsMinVersion,
-			PreferServerCipherSuites: true,
-			CipherSuites:             tlsCipherSuites,
+			ClientAuth:   tls.NoClientCert,
+			NextProtos:   nextProtos(config),
+			MinVersion:   tlsMinVersion,
+			CipherSuites: tlsCipherSuites,
 		}
 
 		if config.HTTP.TLS.LetsEncrypt.CacheFile != "" {
@@ -282,7 +281,7 @@ func (registry *Registry) ListenAndServe() error {
 				}
 			}
 
-			for _, subj := range pool.Subjects() {
+			for _, subj := range pool.Subjects() { //nolint:staticcheck // FIXME(thaJeztah): ignore SA1019: ac.(*accessController).rootCerts.Subjects has been deprecated since Go 1.18: if s was returned by SystemCertPool, Subjects will not include the system roots. (staticcheck)
 				dcontext.GetLogger(registry.app).Debugf("CA Subject: %s", string(subj))
 			}
 

registry/storage/driver/s3-aws/s3_test.go

@@ -2,8 +2,8 @@ package s3
 
 import (
 	"bytes"
+	"crypto/rand"
 	"io/ioutil"
-	"math/rand"
 	"os"
 	"strconv"
 	"testing"

registry/storage/driver/testsuites/testsuites.go

@@ -3,6 +3,7 @@ package testsuites
 import (
 	"bytes"
 	"context"
+	crand "crypto/rand"
 	"crypto/sha1"
 	"io"
 	"io/ioutil"
@@ -1214,7 +1215,7 @@ func randomFilename(length int64) string {
 var randomBytes = make([]byte, 128<<20)
 
 func init() {
-	_, _ = rand.Read(randomBytes) // always returns len(randomBytes) and nil error
+	_, _ = crand.Read(randomBytes) // always returns len(randomBytes) and nil error
 }
 
 func randomContents(length int64) []byte {

registry/storage/filereader_test.go

@@ -2,6 +2,7 @@ package storage
 
 import (
 	"bytes"
+	crand "crypto/rand"
 	"io"
 	mrand "math/rand"
 	"testing"
@@ -14,7 +15,7 @@ import (
 func TestSimpleRead(t *testing.T) {
 	ctx := context.Background()
 	content := make([]byte, 1<<20)
-	n, err := mrand.Read(content)
+	n, err := crand.Read(content)
 	if err != nil {
 		t.Fatalf("unexpected error building random data: %v", err)
 	}

script/setup/install-dev-tools

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-GOLANGCI_LINT_VERSION="v1.50.1"
+GOLANGCI_LINT_VERSION="v1.54.2"
 
 #
 # Install developer tools to $GOBIN (or $GOPATH/bin if unset)

testutil/tarfile.go

@@ -3,6 +3,7 @@ package testutil
 import (
 	"archive/tar"
 	"bytes"
+	crand "crypto/rand"
 	"fmt"
 	"io"
 	mrand "math/rand"
@@ -45,7 +46,7 @@ func CreateRandomTarFile() (rs io.ReadSeeker, dgst digest.Digest, err error) {
 		randomData := make([]byte, fileSize)
 
 		// Fill up the buffer with some random data.
-		n, err := mrand.Read(randomData)
+		n, err := crand.Read(randomData)
 
 		if n != len(randomData) {
 			return nil, "", fmt.Errorf("short read creating random reader: %v bytes != %v bytes", n, len(randomData))