Switch to Ubi9 image, Go 1.21, update dependencies (#32)

.tool-versions

@@ -1,2 +1,2 @@
 terraform 1.4.5
-golang 1.22.1
+golang 1.21.13

Dockerfile

@@ -1,28 +1,30 @@
-FROM quay.io/app-sre/golang:1.22.1 AS builder
+FROM  registry.access.redhat.com/ubi9/go-toolset:1.21.13-2.1729776560 AS builder
 WORKDIR /build
+RUN git config --global --add safe.directory /build
 COPY . .
 RUN make lint build
 
-FROM registry.access.redhat.com/ubi8/ubi:8.8 AS downloader
+FROM registry.access.redhat.com/ubi9:9.4 AS downloader
 WORKDIR /download
 ENV TENV_VERSION=3.2.10
 
 RUN curl -sfL https://github.com/tofuutils/tenv/releases/download/v${TENV_VERSION}/tenv_v${TENV_VERSION}_Linux_x86_64.tar.gz \
     -o tenv.tar.gz \
     && tar -zvxf tenv.tar.gz
 
-FROM registry.access.redhat.com/ubi8-minimal:8.10
-COPY --from=builder /build/terraform-repo-executor  /usr/bin/terraform-repo-executor
-COPY --from=downloader /download/tenv /usr/local/bin
-
 ENV TFENV_ROOT=/usr/bin
+ENV TFENV_BIN=/download/tenv
 
-RUN tenv tf install 1.4.5 && \
-    tenv tf install 1.4.7 && \
-    tenv tf install 1.5.7 && \
-    tenv tf install 1.6.6 && \
-    tenv tf install 1.7.5 && \
-    tenv tf install 1.8.5
+RUN ${TFENV_BIN} tf install 1.4.5 && \
+    ${TFENV_BIN} tf install 1.4.7 && \
+    ${TFENV_BIN} tf install 1.5.7 && \
+    ${TFENV_BIN} tf install 1.6.6 && \
+    ${TFENV_BIN} tf install 1.7.5 && \
+    ${TFENV_BIN} tf install 1.8.5
+
+FROM registry.access.redhat.com/ubi9-minimal:9.4
+COPY --from=builder /build/terraform-repo-executor  /usr/bin/terraform-repo-executor
+COPY --from=downloader /usr/bin/Terraform /usr/bin/Terraform
 
 RUN microdnf update -y && \
     microdnf install -y ca-certificates && \

README.md

@@ -19,7 +19,7 @@ Terraform Repo executor takes input from a corresponding [Qontract Reconcile int
   * `GIT_EMAIL` - email to associate commits with
 * **Optional**
   * `CONFIG_FILE` - input/config file location, defaults to `/config.yaml`
-  * `WORKDIR` - working directory for tf operations, defaults to `/tf-repo`
+  * `WORKDIR` - working directory for tf operations, defaults to `/tmp/tf-repo`
   * `GIT_SSL_CAINFO` - allows you to supply [custom certificate authorities when dealing with self-signed gitlab instances](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslCAInfo), in this case this is the path to the certs
 
 ## AppRole Permissions

go.mod

@@ -1,59 +1,57 @@
 module github.com/app-sre/terraform-repo-executor
 
-go 1.22
+go 1.21
 
 require (
 	github.com/go-git/go-git/v5 v5.12.0
-	github.com/hashicorp/terraform-exec v0.20.0
-	github.com/hashicorp/vault/api v1.12.2
+	github.com/hashicorp/terraform-exec v0.21.0
+	github.com/hashicorp/vault/api v1.15.0
+	github.com/lithammer/dedent v1.1.0
 	github.com/stretchr/testify v1.9.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
-	dario.cat/mergo v1.0.0 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	dario.cat/mergo v1.0.1 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
-	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+	github.com/go-git/go-billy/v5 v5.6.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
-	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.7 // indirect
+	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/terraform-json v0.21.0 // indirect
+	github.com/hashicorp/terraform-json v0.23.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/lithammer/dedent v1.1.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
-	github.com/skeema/knownhosts v1.2.2 // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/zclconf/go-cty v1.14.4 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/net v0.22.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
+	github.com/zclconf/go-cty v1.15.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )