Update release branch by ArangoGutierrez · Pull Request #370 · NVIDIA/holodeck

ArangoGutierrez · 2025-05-26T13:44:19Z

No description provided.

….com/aws/aws-sdk-go-v2/config-1.28.5

Bumps [github.com/aws/aws-sdk-go-v2/service/route53](https://github.com/aws/aws-sdk-go-v2) from 1.45.2 to 1.46.2. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/rds/v1.45.2...service/ecs/v1.46.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/route53 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

….com/aws/aws-sdk-go-v2/service/route53-1.46.2

Bumps [github.com/aws/aws-sdk-go-v2/service/ssm](https://github.com/aws/aws-sdk-go-v2) from 1.55.3 to 1.55.6. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/iot/v1.55.3...service/iot/v1.55.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ssm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

….com/aws/aws-sdk-go-v2/service/ssm-1.55.6

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.189.0 to 1.193.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ec2/v1.189.0...service/ec2/v1.193.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.28.0 to 0.29.0. - [Commits](golang/crypto@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.21.0 to 2.22.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.21.0...v2.22.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

….org/x/crypto-0.29.0

….com/onsi/ginkgo/v2-2.22.0

Bumps [github.com/aws/aws-sdk-go-v2/service/ssm](https://github.com/aws/aws-sdk-go-v2) from 1.55.6 to 1.56.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/iot/v1.55.6...service/s3/v1.56.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ssm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

….com/aws/aws-sdk-go-v2/service/ssm-1.56.0

….com/aws/aws-sdk-go-v2/service/ec2-1.193.0

Bumps the k8sio group with 1 update: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `k8s.io/apimachinery` from 0.31.2 to 0.31.3 - [Commits](kubernetes/apimachinery@v0.31.2...v0.31.3) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8sio ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.5 to 1.32.6. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@v1.32.5...v1.32.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [github.com/aws/aws-sdk-go-v2/service/ssm](https://github.com/aws/aws-sdk-go-v2) from 1.56.0 to 1.56.1. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.56.0...service/s3/v1.56.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ssm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

…e5d201adef Bump k8s.io/apimachinery from 0.31.2 to 0.31.3 in the k8sio group

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.19.1 to 0.19.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.19.1...v0.19.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

…8s.io/controller-runtime-0.19.3 Bump sigs.k8s.io/controller-runtime from 0.19.1 to 0.19.3

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.31.0. - [Commits](golang/crypto@v0.29.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

…x/crypto-0.31.0 Bump golang.org/x/crypto from 0.29.0 to 0.31.0

….com/aws/aws-sdk-go-v2-1.32.6 Bump github.com/aws/aws-sdk-go-v2 from 1.32.5 to 1.32.6

….com/aws/aws-sdk-go-v2/service/ssm-1.56.1 Bump github.com/aws/aws-sdk-go-v2/service/ssm from 1.56.0 to 1.56.1

Signed-off-by: Tariq Ibrahim <tibrahim@nvidia.com>

Signed-off-by: shiva kumar <shivaku@nvidia.com>

Add GitHub metadata as AWS Tags

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.193.0 to 1.198.1. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/ec2/v1.193.0...service/ec2/v1.198.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

….com/aws/aws-sdk-go-v2/service/ec2-1.198.1 Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.193.0 to 1.198.1

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.35.1 to 1.36.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.35.1...v1.36.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Add unit tests across the project

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.218.0 to 1.221.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/ec2/v1.218.0...service/ec2/v1.221.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-version: 1.221.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

….com/aws/aws-sdk-go-v2/service/ec2-1.221.0 Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.218.0 to 1.221.0

Bumps the k8sio group with 1 update in the / directory: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery). Updates `k8s.io/apimachinery` from 0.33.0 to 0.33.1 - [Commits](kubernetes/apimachinery@v0.33.0...v0.33.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8sio ... Signed-off-by: dependabot[bot] <support@github.com>

…5c65782ea8 Bump k8s.io/apimachinery from 0.33.0 to 0.33.1 in the k8sio group across 1 directory

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.20.4 to 0.21.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.20.4...v0.21.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

…8s.io/controller-runtime-0.21.0 Bump sigs.k8s.io/controller-runtime from 0.20.4 to 0.21.0

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Enhance CLI by adding instance management

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Enable containerd 2.0+ installation

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Bug fixes after v0.2.8 release

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Add a safely exit to securly close the ssh connection

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.221.0 to 1.222.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/ec2/v1.221.0...service/ec2/v1.222.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2 dependency-version: 1.222.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

….com/aws/aws-sdk-go-v2/service/ec2-1.222.0 Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.221.0 to 1.222.0

cmd/cli/dryrun/dryrun.go

 			ssh.PublicKeys(signer),
 		},
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(), // nolint:gosec


To fix the issue, replace the insecure ssh.InsecureIgnoreHostKey() with a secure host key callback implementation. The ssh.FixedHostKey function can be used if the host's public key is known in advance. This requires loading the public key from a file or another trusted source and using it to validate the server's host key during the SSH handshake.

Steps to implement the fix:

Load the server's public key from a trusted file (e.g., allowed_hostkey.pub).

Parse the public key using ssh.ParsePublicKey.

Replace ssh.InsecureIgnoreHostKey() with ssh.FixedHostKey(publicKey) in the HostKeyCallback field of the ssh.ClientConfig.

copy-pr-bot · 2025-05-26T13:44:24Z

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

tariq1890 and others added 30 commits November 19, 2024 21:36

Merge pull request #221 from NVIDIA/dependabot/go_modules/main/github…

14ee755

….com/aws/aws-sdk-go-v2/config-1.28.5

Merge pull request #223 from NVIDIA/dependabot/go_modules/main/github…

f382a0a

….com/aws/aws-sdk-go-v2/service/route53-1.46.2

Merge pull request #222 from NVIDIA/dependabot/go_modules/main/github…

f3eb8e0

….com/aws/aws-sdk-go-v2/service/ssm-1.55.6

Merge pull request #227 from NVIDIA/dependabot/go_modules/main/golang…

d5475d3

….org/x/crypto-0.29.0

Merge pull request #229 from NVIDIA/dependabot/go_modules/main/github…

0a76851

….com/onsi/ginkgo/v2-2.22.0

Merge pull request #228 from NVIDIA/dependabot/go_modules/main/github…

1a79647

….com/aws/aws-sdk-go-v2/service/ssm-1.56.0

Merge pull request #226 from NVIDIA/dependabot/go_modules/main/github…

fc71726

….com/aws/aws-sdk-go-v2/service/ec2-1.193.0

Merge pull request #225 from NVIDIA/dependabot/go_modules/main/k8sio-…

e46bdf3

…e5d201adef Bump k8s.io/apimachinery from 0.31.2 to 0.31.3 in the k8sio group

Merge pull request #233 from NVIDIA/dependabot/go_modules/main/sigs.k…

25e751c

…8s.io/controller-runtime-0.19.3 Bump sigs.k8s.io/controller-runtime from 0.19.1 to 0.19.3

Merge pull request #236 from NVIDIA/dependabot/go_modules/golang.org/…

20f3f28

…x/crypto-0.31.0 Bump golang.org/x/crypto from 0.29.0 to 0.31.0

Merge pull request #230 from NVIDIA/dependabot/go_modules/main/github…

ab6eb77

….com/aws/aws-sdk-go-v2-1.32.6 Bump github.com/aws/aws-sdk-go-v2 from 1.32.5 to 1.32.6

Merge pull request #232 from NVIDIA/dependabot/go_modules/main/github…

d3280cd

….com/aws/aws-sdk-go-v2/service/ssm-1.56.1 Bump github.com/aws/aws-sdk-go-v2/service/ssm from 1.56.0 to 1.56.1

use kubectl create to provision calico CRDs

b3a66f2

Signed-off-by: Tariq Ibrahim <tibrahim@nvidia.com>

Merge pull request #243 from NVIDIA/kubectl-create-crds

f478ba5

Add GitHub metadata as AWS Tags

f1a0a0f

Signed-off-by: shiva kumar <shivaku@nvidia.com>

Merge pull request #235 from NVIDIA/ci-dynamicname

6783298

Add GitHub metadata as AWS Tags

Merge pull request #249 from NVIDIA/dependabot/go_modules/main/github…

9bd4af9

….com/aws/aws-sdk-go-v2/service/ec2-1.198.1 Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.193.0 to 1.198.1

ArangoGutierrez and others added 24 commits May 21, 2025 18:53

Merge pull request #363 from ArangoGutierrez/unit_ci

1097ec9

Add unit tests across the project

Merge pull request #365 from NVIDIA/dependabot/go_modules/main/github…

6e4a441

….com/aws/aws-sdk-go-v2/service/ec2-1.221.0 Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.218.0 to 1.221.0

Merge pull request #358 from NVIDIA/dependabot/go_modules/main/k8sio-…

0452305

…5c65782ea8 Bump k8s.io/apimachinery from 0.33.0 to 0.33.1 in the k8sio group across 1 directory

Merge pull request #366 from NVIDIA/dependabot/go_modules/main/sigs.k…

f845d5c

…8s.io/controller-runtime-0.21.0 Bump sigs.k8s.io/controller-runtime from 0.20.4 to 0.21.0

Enhance CLI by adding instance management

f9b860f

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Merge pull request #364 from ArangoGutierrez/cli_enh1

b6014e5

Enhance CLI by adding instance management

Add new example for AWS + Kubeadm

8e699d7

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Use install_packages_with_retry during container_toolkit install

29f9c02

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Enable containerd 2.0+ install

0017e76

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Merge pull request #315 from ArangoGutierrez/containerd20

765912e

Enable containerd 2.0+ installation

Refactor the instance manager to make CLI easier to interact with

fd8accd

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Fix Templates after v.2.8 changes

7142fcb

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

E2E run provision during E2E

3e70307

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Fix remaining lints

2c8eb4c

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Update unit tests after recent changes

6266b44

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Add E2E_SSH_KEY ENV VAR to the E2E

4fa270d

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Merge pull request #368 from ArangoGutierrez/fix/e2e/drivergpu

f5b9d4b

Bug fixes after v0.2.8 release

Add a safely exit to securly close the ssh connection

4c9124c

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

Merge pull request #369 from ArangoGutierrez/fix/e2e/drivergpu

8dee4c1

Add a safely exit to securly close the ssh connection

Merge pull request #367 from NVIDIA/dependabot/go_modules/main/github…

1ba2ae8

….com/aws/aws-sdk-go-v2/service/ec2-1.222.0 Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.221.0 to 1.222.0

ArangoGutierrez requested review from cdesiniotis, elezar and tariq1890 as code owners May 26, 2025 13:44

github-advanced-security bot found potential problems May 26, 2025

View reviewed changes

ArangoGutierrez merged commit da0cb9c into release-0.2 May 26, 2025
10 of 12 checks passed

@@ -145,3 +145,16 @@
             		},
-            		HostKeyCallback: ssh.InsecureIgnoreHostKey(), // nolint:gosec
+            		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+            			publicKeyBytes, err := os.ReadFile("allowed_hostkey.pub")
+            			if err != nil {
+            				return fmt.Errorf("failed to read allowed host key file: %v", err)
+            			}
+            			publicKey, err := ssh.ParsePublicKey(publicKeyBytes)
+            			if err != nil {
+            				return fmt.Errorf("failed to parse allowed host key: %v", err)
+            			}
+            			if ssh.KeysEqual(publicKey, key) {
+            				return nil
+            			}
+            			return fmt.Errorf("host key verification failed for host %s", hostname)
+            		},
             	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update release branch #370

Update release branch #370
ArangoGutierrez merged 348 commits intorelease-0.2from
main

ArangoGutierrez commented May 26, 2025

Uh oh!

Check failure

Copilot Autofix

copy-pr-bot bot commented May 26, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

ArangoGutierrez commented May 26, 2025

Uh oh!

Check failure

Copilot Autofix

copy-pr-bot bot commented May 26, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants