diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 4815d957..87acfe44 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -16,7 +16,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: 1.22.5 + go-version: 1.22.7 check-latest: true id: go - name: Check out code @@ -34,7 +34,7 @@ jobs: - name: "Set up Go" uses: actions/setup-go@v5 with: - go-version: 1.22.5 + go-version: 1.22.7 id: go - name: Check out code uses: actions/checkout@v4 @@ -54,7 +54,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: 1.22.5 + go-version: 1.22.7 check-latest: true id: go - name: Check out code @@ -70,7 +70,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go-version: [1.21.12, 1.22.5] + go-version: [1.22.7, 1.23.1] steps: - name: Set up Go ${{ matrix.go-version }} uses: actions/setup-go@v5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e06a2335..acd9ede5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: 1.22.5 + go-version: 1.22.7 check-latest: true - name: Set up QEMU uses: docker/setup-qemu-action@v1 diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..e5c21bc5 --- /dev/null +++ b/Makefile @@ -0,0 +1,48 @@ +GOBIN ?= $(shell go env GOPATH)/bin + +TAG = $(shell TZ=UTC0 git show --quiet --date='format-local:%Y-%m-%dT%H-%M-%SZ' --format="%cd") +REPO ?= minio/kes + +.PHONY: install build docker docker-release fmt test lint update-tools + +install: + @mkdir -m 0755 -p ${GOBIN} + @CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -buildvcs=true -o ${GOBIN}/kes ./cmd/kes + +build: + @CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -buildvcs=true -o ./kes ./cmd/kes + +# This should not depend on the build step. The release binary build +# is currently done via a set of scripts maintained in the miniohq/q +# repository. +docker-release: + @echo "Building container image for release ${TAG} ..." + @docker buildx build --push --no-cache \ + --build-arg RELEASE="${RELEASE}" \ + -t "quay.io/minio/kes:latest" \ + -t "quay.io/minio/kes:${TAG}" \ + --platform=linux/arm64,linux/amd64 \ + -f Dockerfile . + @rm ./kes + @docker buildx prune -f + +docker: build + @echo "Building scratch container image ${REPO}:${TAG} ..." + @docker build -q --no-cache -t ${REPO}:${TAG} . -f Dockerfile.dev + @rm ./kes + +fmt: + @gofumpt -d . && echo "No formatting issue found." + +test: + @CGO_ENABLED=0 go test -ldflags "-s -w" ./... + +lint: + @go vet ./... + @golangci-lint run --config ./.golangci.yml + @govulncheck ./... + +update-tools: + @CGO_ENABLED=0 go install mvdan.cc/gofumpt@latest + @CGO_ENABLED=0 go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest + @CGO_ENABLED=0 go install golang.org/x/vuln/cmd/govulncheck@latest diff --git a/internal/keystore/vault/vault.go b/internal/keystore/vault/vault.go index 2679d931..81483b50 100644 --- a/internal/keystore/vault/vault.go +++ b/internal/keystore/vault/vault.go @@ -108,6 +108,10 @@ func Connect(ctx context.Context, c *Config) (*Store, error) { config.CloneTLSConfig = true // Required for status checks config.CloneToken = true // Required for status checks config.ConfigureTLS(tlsConfig) + if tr, ok := config.HttpClient.Transport.(*http.Transport); ok { + tr.DisableKeepAlives = true + tr.MaxIdleConnsPerHost = -1 + } vaultClient, err := vaultapi.NewClient(config) if err != nil { return nil, err