Take security patch

.github/workflows/lint.yaml

@@ -75,7 +75,8 @@ jobs:
         id: "goreleaser"
         with:
           distribution: "goreleaser-pro"
-          version: "latest"
+          # Pinning to version 2.2.0 to get around a regression in 2.3.0.
+          version: "2.2.0"
           args: "release -f .goreleaser.docker.yml --clean --split --snapshot"
         env:
           GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"

.github/workflows/release.yaml

@@ -21,7 +21,8 @@ jobs:
       - uses: "goreleaser/goreleaser-action@v6"
         with:
           distribution: "goreleaser-pro"
-          version: "latest"
+          # Pinning to v2.2.0 to work around a regression in 2.3.0
+          version: &goreleaser_version "2.2.0"
           args: "release --clean"
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
@@ -46,7 +47,7 @@ jobs:
       - uses: "goreleaser/goreleaser-action@v6"
         with:
           distribution: "goreleaser-pro"
-          version: "latest"
+          version: *goreleaser_version
           args: "release --config=.goreleaser.docker.yml --clean"
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.goreleaser.yml

@@ -118,10 +118,6 @@ nfpms:
     builds: ["linux-amd64-musl", "linux-arm64-musl"]
     formats: ["apk"]
 
-furies:
-  - account: "authzed"
-    secret_name: "GEMFURY_PUSH_TOKEN"
-
 brews:
   - description: "command-line client for managing SpiceDB"
     homepage: "https://github.com/authzed/zed"
@@ -158,7 +154,7 @@ checksum:
   name_template: "checksums.txt"
 
 snapshot:
-  name_template: "{{ incpatch .Version }}-next"
+  version_template: "{{ incpatch .Version }}-next"
 
 changelog:
   use: "github-native"

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22-alpine3.20 AS zed-builder
+FROM golang:1.23-alpine3.20 AS zed-builder
 WORKDIR /go/src/app
 RUN apk update && apk add --no-cache git
 COPY . .

go.mod

@@ -1,8 +1,8 @@
 module github.com/authzed/zed
 
-go 1.22.4
+go 1.22.7
 
-toolchain go1.22.5
+toolchain go1.23.1
 
 require (
 	github.com/99designs/keyring v1.2.2
@@ -11,8 +11,10 @@ require (
 	github.com/authzed/grpcutil v0.0.0-20240123194739-2ea1e3d2d98b
 	github.com/authzed/spicedb v1.35.3
 	github.com/brianvoe/gofakeit/v6 v6.28.0
+	github.com/ccoveille/go-safecast v1.1.0
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/charmbracelet/lipgloss v0.12.1
+	github.com/charmbracelet/x/term v0.2.0
 	github.com/google/uuid v1.6.0
 	github.com/gookit/color v1.5.4
 	github.com/hamba/avro/v2 v2.22.1
@@ -230,7 +232,7 @@ require (
 	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/net v0.27.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect

go.sum

@@ -720,6 +720,8 @@ github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/brianvoe/gofakeit/v6 v6.28.0 h1:Xib46XXuQfmlLS2EXRuJpqcw8St6qSZz75OUo0tgAW4=
 github.com/brianvoe/gofakeit/v6 v6.28.0/go.mod h1:Xj58BMSnFqcn/fAQeSK+/PLtC5kSb7FJIq4JyGa8vEs=
+github.com/ccoveille/go-safecast v1.1.0 h1:iHKNWaZm+OznO7Eh6EljXPjGfGQsSfa6/sxPlIEKO+g=
+github.com/ccoveille/go-safecast v1.1.0/go.mod h1:QqwNjxQ7DAqY0C721OIO9InMk9zCwcsO7tnRuHytad8=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -738,6 +740,8 @@ github.com/charmbracelet/lipgloss v0.12.1 h1:/gmzszl+pedQpjCOH+wFkZr/N90Snz40J/N
 github.com/charmbracelet/lipgloss v0.12.1/go.mod h1:V2CiwIuhx9S1S1ZlADfOj9HmxeMAORuz5izHb0zGbB8=
 github.com/charmbracelet/x/ansi v0.1.4 h1:IEU3D6+dWwPSgZ6HBH+v6oUuZ/nVawMiWj5831KfiLM=
 github.com/charmbracelet/x/ansi v0.1.4/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=
+github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0=
+github.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -1707,8 +1711,9 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=

internal/cmd/backup.go

@@ -126,7 +126,7 @@ func registerBackupCmd(rootCmd *cobra.Command) {
 }
 
 func registerBackupRestoreFlags(cmd *cobra.Command) {
-	cmd.Flags().Int("batch-size", 1_000, "restore relationship write batch size")
+	cmd.Flags().Uint("batch-size", 1_000, "restore relationship write batch size")
 	cmd.Flags().Uint("batches-per-transaction", 10, "number of batches per transaction")
 	cmd.Flags().String("conflict-strategy", "fail", "strategy used when a conflicting relationship is found. Possible values: fail, skip, touch")
 	cmd.Flags().Bool("disable-retries", false, "retries when an errors is determined to be retryable (e.g. serialization errors)")
@@ -397,7 +397,7 @@ func backupRestoreCmdFunc(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("unable to initialize client: %w", err)
 	}
 
-	batchSize := cobrautil.MustGetInt(cmd, "batch-size")
+	batchSize := cobrautil.MustGetUint(cmd, "batch-size")
 	batchesPerTransaction := cobrautil.MustGetUint(cmd, "batches-per-transaction")
 
 	strategy, err := GetEnum[ConflictStrategy](cmd, "conflict-strategy", conflictStrategyMapping)

internal/cmd/backup_test.go

@@ -330,7 +330,7 @@ func TestBackupRestoreCmdFunc(t *testing.T) {
 		zedtesting.BoolFlag{FlagName: "rewrite-legacy"},
 		zedtesting.StringFlag{FlagName: "conflict-strategy", FlagValue: "fail"},
 		zedtesting.BoolFlag{FlagName: "disable-retries"},
-		zedtesting.IntFlag{FlagName: "batch-size", FlagValue: 100},
+		zedtesting.UintFlag{FlagName: "batch-size", FlagValue: 100},
 		zedtesting.UintFlag{FlagName: "batches-per-transaction", FlagValue: 10},
 		zedtesting.DurationFlag{FlagName: "request-timeout"},
 	)

internal/cmd/restorer.go

@@ -9,6 +9,8 @@ import (
 	"time"
 
 	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
+	"github.com/authzed/spicedb/pkg/spiceerrors"
+	"github.com/ccoveille/go-safecast"
 	"github.com/cenkalti/backoff/v4"
 	"github.com/mattn/go-isatty"
 	"github.com/rs/zerolog/log"
@@ -57,25 +59,25 @@ type restorer struct {
 	decoder               *backupformat.Decoder
 	client                client.Client
 	prefixFilter          string
-	batchSize             int
+	batchSize             uint
 	batchesPerTransaction uint
 	conflictStrategy      ConflictStrategy
 	disableRetryErrors    bool
 	bar                   *progressbar.ProgressBar
 
 	// stats
-	filteredOutRels  int64
-	writtenRels      int64
-	writtenBatches   int64
-	skippedRels      int64
-	skippedBatches   int64
-	duplicateRels    int64
-	duplicateBatches int64
-	totalRetries     int64
+	filteredOutRels  uint
+	writtenRels      uint
+	writtenBatches   uint
+	skippedRels      uint
+	skippedBatches   uint
+	duplicateRels    uint
+	duplicateBatches uint
+	totalRetries     uint
 	requestTimeout   time.Duration
 }
 
-func newRestorer(schema string, decoder *backupformat.Decoder, client client.Client, prefixFilter string, batchSize int,
+func newRestorer(schema string, decoder *backupformat.Decoder, client client.Client, prefixFilter string, batchSize uint,
 	batchesPerTransaction uint, conflictStrategy ConflictStrategy, disableRetryErrors bool,
 	requestTimeout time.Duration,
 ) *restorer {
@@ -129,7 +131,7 @@ func (r *restorer) restoreFromDecoder(ctx context.Context) error {
 
 		batch = append(batch, rel)
 
-		if len(batch)%r.batchSize == 0 {
+		if uint(len(batch))%r.batchSize == 0 {
 			batchesToBeCommitted = append(batchesToBeCommitted, batch)
 			err := relationshipWriter.Send(&v1.BulkImportRelationshipsRequest{
 				Relationships: batch,
@@ -195,13 +197,13 @@ func (r *restorer) restoreFromDecoder(ctx context.Context) error {
 
 	totalTime := time.Since(relationshipWriteStart)
 	log.Info().
-		Int64("batches", r.writtenBatches).
-		Int64("relationships_loaded", r.writtenRels).
-		Int64("relationships_skipped", r.skippedRels).
-		Int64("duplicate_relationships", r.duplicateRels).
-		Int64("relationships_filtered_out", r.filteredOutRels).
-		Int64("retried_errors", r.totalRetries).
-		Uint64("perSecond", perSec(uint64(r.writtenRels+r.skippedRels), totalTime)).
+		Uint("batches", r.writtenBatches).
+		Uint("relationships_loaded", r.writtenRels).
+		Uint("relationships_skipped", r.skippedRels).
+		Uint("duplicate_relationships", r.duplicateRels).
+		Uint("relationships_filtered_out", r.filteredOutRels).
+		Uint("retried_errors", r.totalRetries).
+		Uint64("perSecond", perSec(uint64(r.writtenRels), totalTime)).
 		Stringer("duration", totalTime).
 		Msg("finished restore")
 	return nil
@@ -210,9 +212,9 @@ func (r *restorer) restoreFromDecoder(ctx context.Context) error {
 func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.ExperimentalService_BulkImportRelationshipsClient,
 	batchesToBeCommitted [][]*v1.Relationship,
 ) error {
-	var numLoaded, expectedLoaded, retries uint64
+	var numLoaded, expectedLoaded, retries uint
 	for _, b := range batchesToBeCommitted {
-		expectedLoaded += uint64(len(b))
+		expectedLoaded += uint(len(b))
 	}
 
 	resp, err := bulkImportClient.CloseAndRecv() // transaction commit happens here
@@ -225,6 +227,8 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim
 	canceled, cancelErr := isCanceledError(ctx.Err(), err)
 	unknown := !retryable && !conflict && !canceled && err != nil
 
+	numBatches := uint(len(batchesToBeCommitted))
+
 	switch {
 	case canceled:
 		r.bar.Describe("backup restore aborted")
@@ -235,24 +239,24 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim
 	case retryable && r.disableRetryErrors:
 		return err
 	case conflict && r.conflictStrategy == Skip:
-		r.skippedRels += int64(expectedLoaded)
-		r.skippedBatches += int64(len(batchesToBeCommitted))
-		r.duplicateBatches += int64(len(batchesToBeCommitted))
-		r.duplicateRels += int64(expectedLoaded)
+		r.skippedRels += expectedLoaded
+		r.skippedBatches += numBatches
+		r.duplicateBatches += numBatches
+		r.duplicateRels += expectedLoaded
 		r.bar.Describe("skipping conflicting batch")
 	case conflict && r.conflictStrategy == Touch:
 		r.bar.Describe("touching conflicting batch")
-		r.duplicateRels += int64(expectedLoaded)
-		r.duplicateBatches += int64(len(batchesToBeCommitted))
+		r.duplicateRels += expectedLoaded
+		r.duplicateBatches += numBatches
 		r.totalRetries++
 		numLoaded, retries, err = r.writeBatchesWithRetry(ctx, batchesToBeCommitted)
 		if err != nil {
 			return fmt.Errorf("failed to write retried batch: %w", err)
 		}
 
 		retries++ // account for the initial attempt
-		r.writtenBatches += int64(len(batchesToBeCommitted))
-		r.writtenRels += int64(numLoaded)
+		r.writtenBatches += numBatches
+		r.writtenRels += numLoaded
 	case conflict && r.conflictStrategy == Fail:
 		r.bar.Describe("conflict detected, aborting restore")
 		return fmt.Errorf("duplicate relationships found")
@@ -265,34 +269,43 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim
 		}
 
 		retries++ // account for the initial attempt
-		r.writtenBatches += int64(len(batchesToBeCommitted))
-		r.writtenRels += int64(numLoaded)
+		r.writtenBatches += numBatches
+		r.writtenRels += numLoaded
 	default:
 		r.bar.Describe("restoring relationships from backup")
-		r.writtenBatches += int64(len(batchesToBeCommitted))
+		r.writtenBatches += numBatches
 	}
 
 	// it was a successful transaction commit without duplicates
 	if resp != nil {
-		r.writtenRels += int64(resp.NumLoaded)
-		if expectedLoaded != resp.NumLoaded {
-			log.Warn().Uint64("loaded", resp.NumLoaded).Uint64("expected", expectedLoaded).Msg("unexpected number of relationships loaded")
+		numLoaded, err := safecast.ToUint(resp.NumLoaded)
+		if err != nil {
+			return spiceerrors.MustBugf("could not cast numLoaded to uint")
+		}
+		r.writtenRels += numLoaded
+		if uint64(expectedLoaded) != resp.NumLoaded {
+			log.Warn().Uint64("loaded", resp.NumLoaded).Uint("expected", expectedLoaded).Msg("unexpected number of relationships loaded")
 		}
 	}
 
-	if err := r.bar.Set64(r.writtenRels + r.skippedRels); err != nil {
+	writtenAndSkipped, err := safecast.ToInt64(r.writtenRels + r.skippedRels)
+	if err != nil {
+		return fmt.Errorf("too many written and skipped rels for an int64")
+	}
+
+	if err := r.bar.Set64(writtenAndSkipped); err != nil {
 		return fmt.Errorf("error incrementing progress bar: %w", err)
 	}
 
 	if !isatty.IsTerminal(os.Stderr.Fd()) {
 		log.Trace().
-			Int64("batches_written", r.writtenBatches).
-			Int64("relationships_written", r.writtenRels).
-			Int64("duplicate_batches", r.duplicateBatches).
-			Int64("duplicate_relationships", r.duplicateRels).
-			Int64("skipped_batches", r.skippedBatches).
-			Int64("skipped_relationships", r.skippedRels).
-			Uint64("retries", retries).
+			Uint("batches_written", r.writtenBatches).
+			Uint("relationships_written", r.writtenRels).
+			Uint("duplicate_batches", r.duplicateBatches).
+			Uint("duplicate_relationships", r.duplicateRels).
+			Uint("skipped_batches", r.skippedBatches).
+			Uint("skipped_relationships", r.skippedRels).
+			Uint("retries", retries).
 			Msg("restore progress")
 	}
 
@@ -301,14 +314,14 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim
 
 // writeBatchesWithRetry writes a set of batches using touch semantics and without transactional guarantees -
 // each batch will be committed independently. If a batch fails, it will be retried up to 10 times with a backoff.
-func (r *restorer) writeBatchesWithRetry(ctx context.Context, batches [][]*v1.Relationship) (uint64, uint64, error) {
+func (r *restorer) writeBatchesWithRetry(ctx context.Context, batches [][]*v1.Relationship) (uint, uint, error) {
 	backoffInterval := backoff.NewExponentialBackOff()
 	backoffInterval.InitialInterval = defaultBackoff
 	backoffInterval.MaxInterval = 2 * time.Second
 	backoffInterval.MaxElapsedTime = 0
 	backoffInterval.Reset()
 
-	var currentRetries, totalRetries, loadedRels uint64
+	var currentRetries, totalRetries, loadedRels uint
 	for _, batch := range batches {
 		updates := lo.Map[*v1.Relationship, *v1.RelationshipUpdate](batch, func(item *v1.Relationship, _ int) *v1.RelationshipUpdate {
 			return &v1.RelationshipUpdate{
@@ -339,7 +352,7 @@ func (r *restorer) writeBatchesWithRetry(ctx context.Context, batches [][]*v1.Re
 
 			currentRetries = 0
 			backoffInterval.Reset()
-			loadedRels += uint64(len(batch))
+			loadedRels += uint(len(batch))
 			break
 		}
 	}