Update from upstream

.github/workflows/build.yml

@@ -17,13 +17,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v14.1
+        uses: tj-actions/changed-files@v44
         with:
           files: |
             **/*.go
@@ -32,14 +32,14 @@ jobs:
             .github/workflows/**/*
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Log in to the Container registry
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -48,15 +48,15 @@ jobs:
       - name: Extract metadata (tags, labels) for Docker
         if: steps.changed-files.outputs.any_changed == 'true'
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=sha
 
       - name: Build and push Docker image
         if: steps.changed-files.outputs.any_changed == 'true'
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64

.github/workflows/lint.yml

@@ -11,10 +11,10 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v5
         with:
-          go-version: 1.19
-      - uses: actions/checkout@v3
+          go-version: 1.22
+      - uses: actions/checkout@v4
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v5
         continue-on-error: true

.github/workflows/release.yml

@@ -18,24 +18,24 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Log in to the Container registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -44,7 +44,7 @@ jobs:
             type=sha
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64

.github/workflows/test.yml

@@ -10,12 +10,12 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.19
+          go-version: 1.22
 
       - name: Build
         run: go build -v ./...

Dockerfile

@@ -1,5 +1,5 @@
 # build binary
-FROM golang:1.19-alpine AS builder
+FROM golang:1.22-alpine AS builder
 
 COPY . /go/src/github.com/nimbolus/terraform-backend
 

README.md

@@ -39,18 +39,19 @@ docker-compose up -d
 
 The following table describes the default configuration, although the backend server will run with these values, it's not scalable and therefore only for testing purposes. 
 
-| Environment Variable | Type   | Default    | Description                                                                                       |
-|----------------------|--------|------------|---------------------------------------------------------------------------------------------------|
-| LOG_LEVEL            | string | `info`     | Log level (options are: `fatal`, `info`, `warning`, `debug`, `trace`)                             |
-| LISTEN_ADDR          | string | `:8080`    | Address the HTTP server listens on                                                                |
-| TLS_KEY              | string | --         | Path to TLS key file for listening with TLS (fallback to HTTP if not specified)                   |
-| TLS_CERT             | string | --         | Path to TLS certificate file for listening with TLS (fallback to HTTP if not specified)           |
-| STORAGE_BACKEND      | string | `fs`       | Module for state file storage (checkout [docs/storage.md](./docs/storage.md) for other options)   |
-| STORAGE_FS_DIR       | string | `./states` | File system directory for `fs` storage module to store state files                                |
-| KMS_BACKEND          | string | `local`    | Module used for encryption (checkout [docs/kms.md](./docs/kms.md) for other options)              |
-| KMS_KEY              | string | --         | Key for `local` KMS module, if not defined, the server will generate a new one and exit           |
-| LOCK_BACKEND         | string | `local`    | Module used for locking the state (checkout [docs/lock.md](./docs/lock.md) for other options)     |
-| AUTH_BASIC_ENABLED   | bool   | `true`     | HTTP basic auth is enabled by default (checkout [docs/auth.md](./docs/auth.md) for other options) |
+| Environment Variable   | Type   | Default    | Description                                                                                                    |
+|------------------------|--------|------------|----------------------------------------------------------------------------------------------------------------|
+| LOG_LEVEL              | string | `info`     | Log level (options are: `fatal`, `info`, `warning`, `debug`, `trace`)                                          |
+| LISTEN_ADDR            | string | `:8080`    | Address the HTTP server listens on                                                                             |
+| TLS_KEY                | string | --         | Path to TLS key file for listening with TLS (fallback to HTTP if not specified)                                |
+| TLS_CERT               | string | --         | Path to TLS certificate file for listening with TLS (fallback to HTTP if not specified)                        |
+| STORAGE_BACKEND        | string | `fs`       | Module for state file storage (checkout [docs/storage.md](./docs/storage.md) for other options)                |
+| STORAGE_FS_DIR         | string | `./states` | File system directory for `fs` storage module to store state files                                             |
+| KMS_BACKEND            | string | `local`    | Module used for encryption (checkout [docs/kms.md](./docs/kms.md) for other options)                           |
+| KMS_KEY                | string | --         | Key for `local` KMS module, if not defined, the server will generate a new one and exit                        |
+| LOCK_BACKEND           | string | `local`    | Module used for locking the state (checkout [docs/lock.md](./docs/lock.md) for other options)                  |
+| AUTH_BASIC_ENABLED     | bool   | `true`     | HTTP basic auth is enabled by default (checkout [docs/auth.md](./docs/auth.md) for other options)              |
+| FORCE_UNLOCK_ENABLED   | bool   | `true`     | Force-unlock feature enables the native Terraform behavior which unlocks the state even if no lock id was sent |
 
 ## Usage
 

go.mod

@@ -1,18 +1,20 @@
 module github.com/nimbolus/terraform-backend
 
-go 1.19
+go 1.22
+
+toolchain go1.22.2
 
 require (
-	github.com/coreos/go-oidc/v3 v3.9.0
-	github.com/go-redsync/redsync/v4 v4.11.0
-	github.com/gomodule/redigo v1.8.9
+	github.com/coreos/go-oidc/v3 v3.10.0
+	github.com/go-redsync/redsync/v4 v4.13.0
+	github.com/gomodule/redigo v1.9.2
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.1
 	github.com/gruntwork-io/terratest v0.41.16
-	github.com/hashicorp/vault/api v1.11.0
+	github.com/hashicorp/vault/api v1.13.0
 	github.com/lib/pq v1.10.9
-	github.com/minio/minio-go/v7 v7.0.66
-	github.com/prometheus/client_golang v1.18.0
+	github.com/minio/minio-go/v7 v7.0.70
+	github.com/prometheus/client_golang v1.19.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/viper v1.18.2
 	go.uber.org/multierr v1.11.0
@@ -30,23 +32,21 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/fatih/color v1.15.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
-	github.com/go-redis/redis/v8 v8.11.5 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter v1.7.1 // indirect
-	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
@@ -60,57 +60,49 @@ require (
 	github.com/hashicorp/terraform-json v0.16.0 // indirect
 	github.com/jinzhu/copier v0.3.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.5 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.18 // indirect
 	github.com/mattn/go-zglob v0.0.4 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
-	github.com/minio/sha256-simd v1.0.1 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.46.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/rogpeppe/go-internal v1.10.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.53.0 // indirect
+	github.com/prometheus/procfs v0.14.0 // indirect
 	github.com/rs/xid v1.5.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/stretchr/testify v1.9.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tmccombs/hcl2json v0.5.0 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/zclconf/go-cty v1.13.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
-	golang.org/x/net v0.20.0 // indirect
-	golang.org/x/oauth2 v0.16.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/api v0.153.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
 	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
+	google.golang.org/protobuf v1.34.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )