Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workflow failure: Update GH workflows, ecosystem providers #1382

Closed
pulumi-bot opened this issue Feb 13, 2025 · 1 comment · Fixed by #1399
Closed

Workflow failure: Update GH workflows, ecosystem providers #1382

pulumi-bot opened this issue Feb 13, 2025 · 1 comment · Fixed by #1399
Assignees
@rquitales
Labels
kind/engineering Work that is not visible to an external user p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed

Comments

@pulumi-bot
Copy link

pulumi-bot commented Feb 13, 2025
edited
Loading

Workflow Failure

Update GH workflows, ecosystem providers has failed. See the list of failures below:
@pulumi-bot pulumi-bot added kind/engineering Work that is not visible to an external user needs-triage Needs attention from the triage team p1 A bug severe enough to be the next item assigned to an engineer labels Feb 13, 2025
@rquitales
Copy link
Member

Workflow is failing because pu/aws is using the following godebug setting: godebug tlskyber=0.
Ref: https://github.com/pulumi/pulumi-aws/blob/6ef58a7af22a351f82ebfb8dab00b522495a7eff/provider/go.mod#L8

This setting exists for Go 1.23, but removed in Go v1.24.

Go 1.24 enabled the post-quantum key exchange mechanism X25519MLKEM768 by default. The default can be reverted using the tlsmlkem setting. Go 1.24 also removed X25519Kyber768Draft00 and the Go 1.23 tlskyber setting.

From https://pkg.go.dev/crypto/tls#Config.CurvePreferences:

// From Go 1.24, the default includes the [X25519MLKEM768] hybrid
// post-quantum key exchange. To disable it, set CurvePreferences explicitly
// or use the GODEBUG=tlsmlkem=0 environment variable.

Note how the GODEBUG setting is now tlsmlkem not tlskyber. To address this, we have to align Go versions between ci-mgmt and the providers we are updating go modules for.

@rquitales rquitales removed the needs-triage Needs attention from the triage team label Feb 19, 2025
@rquitales rquitales self-assigned this Feb 19, 2025
@rquitales rquitales mentioned this issue Feb 20, 2025
Merged
github-merge-queue bot pushed a commit that referenced this issue Feb 20, 2025
@rquitales
ci: use go version from provider to update workflows (#1399)
4ee4b16 
### Proposed Changes

This PR updates the update-workflows workflow to ensure we use a Golang
version compatible with the respective provider for updating its own
workflows. It achieves this by first checking out the targeted provider
repository and extracting the Golang version specified in its
`.ci-mgmt.yaml` config file. If no version is specified, the workflow
defaults to the latest "stable" Go release.

This change is necessary because our providers use different Go
versions, and mismatches can lead to build failures due to incompatible
toolchain versions.

Manual testing was conducted by dispatching the workflow against
repositories with and without a defined Go version in their config:
- **AWS (with Go version specified):**
[[Logs](https://github.com/pulumi/ci-mgmt/actions/runs/13444914246/job/37567929144)]
- **GCP (without):**
[[Logs](https://github.com/pulumi/ci-mgmt/actions/runs/13444937729/job/37568003062)]

### Relevant Issues (optional)

Closes #1382.
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rquitales rquitales

Labels
kind/engineering Work that is not visible to an external user p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: use go version from provider to update workflows pulumi/ci-mgmt
2 participants
@rquitales @pulumi-bot