From a89ba880382ac86d3e36f75a5ac73ceab90012d5 Mon Sep 17 00:00:00 2001
From: Jay Pipes <jaypipes@gmail.com>
Date: Fri, 5 Apr 2024 17:05:06 -0400
Subject: [PATCH] update egress endpoints and Go version in actions

Updates the Go version matrix we test for in the Github Actions as well
as ensure that the 5 common github.com DNS names (no prefix, api, proxy,
objects.githubcontent and raw.githubcontent) are all allowed in egress
endpoints.

Signed-off-by: Jay Pipes <jaypipes@gmail.com>
---
 .github/workflows/fmtcheck.yml |  6 +++++-
 .github/workflows/lint.yml     |  3 ++-
 .github/workflows/test.yml     | 26 +++++++++++++++++++++++---
 3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/fmtcheck.yml b/.github/workflows/fmtcheck.yml
index 623863a9..b1294b8b 100644
--- a/.github/workflows/fmtcheck.yml
+++ b/.github/workflows/fmtcheck.yml
@@ -20,11 +20,15 @@ jobs:
          disable-sudo: true
          allowed-endpoints: >
            github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
      - name: checkout code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: setup go
        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        with:
-         go-version: 1.19
+         go-version: 1.21
      - name: check fmt
        run: 'bash -c "diff -u <(echo -n) <(gofmt -d .)"'
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index e8488e9a..1f10df35 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -22,6 +22,7 @@ jobs:
          allowed-endpoints: >
            github.com:443
            api.github.com:443
+           proxy.github.com:443
            raw.githubusercontent.com:443
            objects.githubusercontent.com:443
      - name: checkout code
@@ -29,7 +30,7 @@ jobs:
      - name: setup go
        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        with:
-         go-version: 1.19
+         go-version: 1.21
      - name: lint
        uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
        with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 977703ea..2fda80b7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: [ '1.19', '1.20']
+        go: [ '1.19', '1.20', '1.21']
     steps:
      - name: harden runner
        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
@@ -26,6 +26,10 @@ jobs:
          disable-sudo: true
          allowed-endpoints: >
            github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
      - name: checkout code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: setup go
@@ -51,6 +55,10 @@ jobs:
          disable-sudo: true
          allowed-endpoints: >
            github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
      - name: checkout code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: setup go
@@ -67,7 +75,7 @@ jobs:
     runs-on: windows-2022
     strategy:
       matrix:
-        go: [ '1.19' ]
+        go: [ '1.20', '1.21' ]
     steps:
      - name: harden runner
        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
@@ -76,6 +84,10 @@ jobs:
          disable-sudo: true
          allowed-endpoints: >
            github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
      - name: checkout code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: setup go
@@ -98,7 +110,7 @@ jobs:
     runs-on: windows-2019
     strategy:
       matrix:
-        go: [ '1.18' ]
+        go: [ '1.19' ]
     steps:
      - name: harden runner
        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
@@ -107,6 +119,10 @@ jobs:
          disable-sudo: true
          allowed-endpoints: >
            github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
      - name: checkout code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: setup go
@@ -145,6 +161,10 @@ jobs:
          disable-sudo: true
          allowed-endpoints: >
            github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
      - name: checkout code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: setup go