diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 972e558..12e857f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,13 +13,13 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - go_version: ['1.25'] + go_version: ['1.25', '1.26'] os: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Check out code into the Go module directory - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Set up Go ${{ matrix.go_version }} uses: actions/setup-go@v6 @@ -38,7 +38,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v9 with: - version: v2.11.4 + version: v2.12.2 args: --timeout=30m - name: Test @@ -51,7 +51,7 @@ jobs: fi - name: Code coverage with codecov - uses: codecov/codecov-action@v6 + uses: codecov/codecov-action@v7 with: env_vars: OS,GO files: ./coverage.txt diff --git a/Makefile b/Makefile index 8deb3b7..acfe9be 100644 --- a/Makefile +++ b/Makefile @@ -43,7 +43,7 @@ $(GOBIN)/eget: verify $(GOBIN)/golangci-lint-v2: verify $(GOBIN)/eget @echo "[*] $@" - "$(GOBIN)/eget" golangci/golangci-lint --tag v2.11.4 --asset=tar.gz --upgrade-only --to '$(GOBIN)/golangci-lint-v2' + "$(GOBIN)/eget" golangci/golangci-lint --tag v2.12.2 --asset=tar.gz --upgrade-only --to '$(GOBIN)/golangci-lint-v2' build: $(GOBUILD) -v ./... diff --git a/cmd/serve-repo/logger.go b/cmd/serve-repo/logger.go index 1d0013f..e8ba153 100644 --- a/cmd/serve-repo/logger.go +++ b/cmd/serve-repo/logger.go @@ -47,7 +47,7 @@ func WithLogging(h http.Handler) http.Handler { duration := time.Since(start) - slog.Info("request completed", //nolint:gosec // G706: Log injection via taint analysis + slog.Info("request completed", "uri", req.RequestURI, "method", req.Method, "status", responseData.status, // get captured status code diff --git a/github_release.go b/github_release.go index 62bbd7c..74a01dd 100644 --- a/github_release.go +++ b/github_release.go @@ -3,7 +3,7 @@ package selfupdate import ( "time" - "github.com/google/go-github/v74/github" + "github.com/google/go-github/v86/github" ) type GitHubRelease struct { diff --git a/github_source.go b/github_source.go index 6ec42e8..cd337bf 100644 --- a/github_source.go +++ b/github_source.go @@ -8,8 +8,7 @@ import ( "os" "strings" - "github.com/google/go-github/v74/github" - "golang.org/x/oauth2" + "github.com/google/go-github/v86/github" ) // GitHubConfig is an object to pass to NewGitHubSource @@ -37,28 +36,27 @@ type GitHubSource struct { // You can pass an empty GitHubSource{} to use the default configuration // The function will return an error if the GitHub Enterprise URLs in the config object cannot be parsed func NewGitHubSource(config GitHubConfig) (*GitHubSource, error) { + client := github.NewClient(nil) + token := config.APIToken if token == "" { // try the environment variable token = os.Getenv("GITHUB_TOKEN") } - hc := newHTTPClient(token) - - if config.EnterpriseBaseURL == "" { - // public (or private) repository on standard GitHub offering - client := github.NewClient(hc) - return &GitHubSource{ - api: client, - }, nil + if token != "" { + client = client.WithAuthToken(token) } - u := config.EnterpriseUploadURL - if u == "" { - u = config.EnterpriseBaseURL - } - client, err := github.NewEnterpriseClient(config.EnterpriseBaseURL, u, hc) - if err != nil { - return nil, fmt.Errorf("cannot parse GitHub enterprise URL: %w", err) + if config.EnterpriseBaseURL != "" { + uploadURL := config.EnterpriseUploadURL + if uploadURL == "" { + uploadURL = config.EnterpriseBaseURL + } + var err error + client, err = client.WithEnterpriseURLs(config.EnterpriseBaseURL, uploadURL) + if err != nil { + return nil, fmt.Errorf("cannot parse GitHub enterprise URL: %w", err) + } } return &GitHubSource{ api: client, @@ -143,13 +141,5 @@ func (s *GitHubSource) DownloadReleaseAsset(ctx context.Context, rel *Release, a return rc, nil } -func newHTTPClient(token string) *http.Client { - if token == "" { - return http.DefaultClient - } - src := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token}) - return oauth2.NewClient(context.Background(), src) -} - // Verify interface var _ Source = &GitHubSource{} diff --git a/go.mod b/go.mod index 0d463b6..daa09b5 100644 --- a/go.mod +++ b/go.mod @@ -1,29 +1,29 @@ module github.com/creativeprojects/go-selfupdate -go 1.24.11 +go 1.25.12 require ( - code.gitea.io/sdk/gitea v0.22.1 - github.com/Masterminds/semver/v3 v3.4.0 - github.com/google/go-github/v74 v74.0.0 + code.gitea.io/sdk/gitea v0.23.2 + github.com/Masterminds/semver/v3 v3.5.0 + github.com/google/go-github/v86 v86.0.0 github.com/stretchr/testify v1.11.1 github.com/ulikunitz/xz v0.5.15 - gitlab.com/gitlab-org/api/client-go v1.9.1 - golang.org/x/crypto v0.46.0 - golang.org/x/oauth2 v0.34.0 - golang.org/x/sys v0.39.0 + gitlab.com/gitlab-org/api/client-go v1.46.0 + golang.org/x/crypto v0.53.0 + golang.org/x/sys v0.47.0 gopkg.in/yaml.v3 v3.0.1 ) require ( - github.com/42wim/httpsig v1.2.3 // indirect + github.com/42wim/httpsig v1.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/davidmz/go-pageant v1.0.2 // indirect github.com/go-fed/httpsig v1.1.0 // indirect - github.com/google/go-querystring v1.1.0 // indirect + github.com/google/go-querystring v1.2.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.8 // indirect - github.com/hashicorp/go-version v1.8.0 // indirect + github.com/hashicorp/go-version v1.9.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/time v0.14.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect + golang.org/x/time v0.15.0 // indirect ) diff --git a/go.sum b/go.sum index 1f3da05..ac06ea8 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,9 @@ -code.gitea.io/sdk/gitea v0.22.1 h1:7K05KjRORyTcTYULQ/AwvlVS6pawLcWyXZcTr7gHFyA= -code.gitea.io/sdk/gitea v0.22.1/go.mod h1:yyF5+GhljqvA30sRDreoyHILruNiy4ASufugzYg0VHM= -github.com/42wim/httpsig v1.2.3 h1:xb0YyWhkYj57SPtfSttIobJUPJZB9as1nsfo7KWVcEs= -github.com/42wim/httpsig v1.2.3/go.mod h1:nZq9OlYKDrUBhptd77IHx4/sZZD+IxTBADvAPI9G/EM= -github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= -github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +code.gitea.io/sdk/gitea v0.23.2 h1:iJB1FDmLegwfwjX8gotBDHdPSbk/ZR8V9VmEJaVsJYg= +code.gitea.io/sdk/gitea v0.23.2/go.mod h1:yyF5+GhljqvA30sRDreoyHILruNiy4ASufugzYg0VHM= +github.com/42wim/httpsig v1.2.4 h1:mI5bH0nm4xn7K18fo1K3okNDRq8CCJ0KbBYWyA6r8lU= +github.com/42wim/httpsig v1.2.4/go.mod h1:yKsYfSyTBEohkPik224QPFylmzEBtda/kjyIAJjh3ps= +github.com/Masterminds/semver/v3 v3.5.0 h1:kQceYJfbupGfZOKZQg0kou0DgAKhzDg2NZPAwZ/2OOE= +github.com/Masterminds/semver/v3 v3.5.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= @@ -12,21 +12,23 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github/v74 v74.0.0 h1:yZcddTUn8DPbj11GxnMrNiAnXH14gNs559AsUpNpPgM= -github.com/google/go-github/v74 v74.0.0/go.mod h1:ubn/YdyftV80VPSI26nSJvaEsTOnsjrxG3o9kJhcyak= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-github/v86 v86.0.0 h1:S/6aANJhwRm8EQmGKVML3j41yq0h2BsTP8FnDkO7kcA= +github.com/google/go-github/v86 v86.0.0/go.mod h1:zKv1l4SwDXNFMGByi2FWkq71KwSXqj/eQRZuqtmcot8= +github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= +github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= +github.com/graph-gophers/graphql-go v1.9.0 h1:yu0ucKHLc5qGpRwLYKIWtr9bOoxovkWasuBrPQwlHls= +github.com/graph-gophers/graphql-go v1.9.0/go.mod h1:23olKZ7duEvHlF/2ELEoSZaY1aNPfShjP782SOoNTyM= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48= github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw= -github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4= -github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.9.0 h1:CeOIz6k+LoN3qX9Z0tyQrPtiB1DFYRPfCIBtaXPSCnA= +github.com/hashicorp/go-version v1.9.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= @@ -37,31 +39,30 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY= github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -gitlab.com/gitlab-org/api/client-go v1.9.1 h1:tZm+URa36sVy8UCEHQyGGJ8COngV4YqMHpM6k9O5tK8= -gitlab.com/gitlab-org/api/client-go v1.9.1/go.mod h1:71yTJk1lnHCWcZLvM5kPAXzeJ2fn5GjaoV8gTOPd4ME= +gitlab.com/gitlab-org/api/client-go v1.46.0 h1:YxBWFZIFYKcGESCb9fpkwzouo+apyB9pr/XTWzNoL24= +gitlab.com/gitlab-org/api/client-go v1.46.0/go.mod h1:FtgyU6g2HS5+fMhw6nLK96GBEEBx5MzntOiJWfIaiN8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= -golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto= +golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= -golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= -golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.47.0 h1:o7XGOvZQCADBQQ4Y7VNq2dRWQR7JmOUW8Kxx4ZsNgWs= +golang.org/x/sys v0.47.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= -golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= +golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc= +golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= -golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= +golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/package.go b/package.go index 3a28284..047b1d2 100644 --- a/package.go +++ b/package.go @@ -10,13 +10,11 @@ import ( // DetectLatest detects the latest release from the repository. // This function is a shortcut version of updater.DetectLatest with the DefaultUpdater. func DetectLatest(ctx context.Context, repository Repository) (*Release, bool, error) { - //nolint:contextcheck return DefaultUpdater().DetectLatest(ctx, repository) } // DetectVersion detects the given release from the repository. func DetectVersion(ctx context.Context, repository Repository, version string) (*Release, bool, error) { - //nolint:contextcheck return DefaultUpdater().DetectVersion(ctx, repository, version) } @@ -25,7 +23,6 @@ func DetectVersion(ctx context.Context, repository Repository, version string) ( // this function is not available to update a release for private repositories. // cmdPath is a file path to command executable. func UpdateTo(ctx context.Context, assetURL, assetFileName, cmdPath string) error { - //nolint:contextcheck up := DefaultUpdater() src, err := downloadReleaseAssetFromURL(ctx, assetURL) if err != nil { @@ -38,14 +35,12 @@ func UpdateTo(ctx context.Context, assetURL, assetFileName, cmdPath string) erro // UpdateCommand updates a given command binary to the latest version. // This function is a shortcut version of updater.UpdateCommand using a DefaultUpdater() func UpdateCommand(ctx context.Context, cmdPath string, current string, repository Repository) (*Release, error) { - //nolint:contextcheck return DefaultUpdater().UpdateCommand(ctx, cmdPath, current, repository) } // UpdateSelf updates the running executable itself to the latest version. // This function is a shortcut version of updater.UpdateSelf using a DefaultUpdater() func UpdateSelf(ctx context.Context, current string, repository Repository) (*Release, error) { - //nolint:contextcheck return DefaultUpdater().UpdateSelf(ctx, current, repository) }