DataDog · aneesh1 · Mar 28, 2025 · Feb 17, 2025 · Mar 5, 2025 · Mar 13, 2025
diff --git a/.github/workflows/dd-build.yaml b/.github/workflows/dd-build.yaml
@@ -8,18 +8,69 @@ on:
     - "*-dd*"
 permissions: write-all
 jobs:
-  build:
-    runs-on: ubuntu-latest
+  build-amd64:
+    strategy:
+      matrix:
+        platform: ["linux/amd64"]
+    runs-on: ubuntu-24.04
     steps:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - name: Set release version environment variable
-      run: echo RELEASE_VERSION=${GITHUB_REF#refs/tags/} >> $GITHUB_ENV
+    - name: Set environment variables
+      id: set_env
+      run: |
+        echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+        echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
+        echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
+      env:
+        GITHUB_REF: ${{ github.ref }}
+    - name: Build etcd
+      run: |
+        REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY }}.git \
+        CGO_ENABLED=1 \
+        GOEXPERIMENT=boringcrypto \
+        GO_BUILD_FLAGS="-tags=fips" \
+        TARGET_OS=${TARGET_OS} \
+        TARGET_ARCH=${TARGET_ARCH} \
+        ./scripts/build-binary-single-target ${{ env.RELEASE_VERSION }}
+      env:
+        GITHUB_REPOSITORY: ${{ github.repository }}
+    - name: Calculate checksums
+      id: calculate_checksums
+      shell: bash
+      working-directory: release/
+      run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
+    - uses: actions/upload-artifact@v4
+      with:
+        name: etcd_output_amd64
+        path: release/
+  build-arm64:
+    strategy:
+      matrix:
+        platform: ["linux/arm64"]
+    runs-on: ubuntu-24.04-arm
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Set environment variables
+      id: set_env
+      run: |
+        echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+        echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
+        echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
       env:
         GITHUB_REF: ${{ github.ref }}
     - name: Build etcd
-      run: REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git ./scripts/build-binary ${{ env.RELEASE_VERSION }}
+      run: |
+        REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY }}.git \
+        CGO_ENABLED=1 \
+        GOEXPERIMENT=boringcrypto \
+        GO_BUILD_FLAGS="-tags=fips" \
+        TARGET_OS=${TARGET_OS} \
+        TARGET_ARCH=${TARGET_ARCH} \
+        ./scripts/build-binary-single-target ${{ env.RELEASE_VERSION }}
       env:
         GITHUB_REPOSITORY: ${{ github.repository }}
     - name: Calculate checksums
@@ -29,13 +80,13 @@ jobs:
       run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
     - uses: actions/upload-artifact@v4
       with:
-        name: etcd_output
+        name: etcd_output_arm64
         path: release/
   release:
     permissions:
       contents: write
     runs-on: ubuntu-latest
-    needs: build
+    needs: [build-amd64, build-arm64]
     outputs:
       upload_url: ${{ steps.create_release_branch.outputs.upload_url }}${{ steps.create_release_tags.outputs.upload_url }}
     steps:
@@ -78,26 +129,32 @@ jobs:
         release_name: ${{ steps.extract_tags.outputs.tags }}
         draft: false
         prerelease: false
-  releaseassetsarm:
+  releaseassets:
     runs-on: ubuntu-latest
     needs: release
     strategy:
       matrix:
         platform: ["linux-arm64","linux-amd64"]
         extension: ["tar.gz"]
     steps:
-    - uses: actions/download-artifact@v4
+    - name: Set artifact name
+      id: set_artifact
+      run: |
+        if [[ "${{ matrix.platform }}" == *"arm64"* ]]; then
+          echo "ARTIFACT_NAME=etcd_output_arm64" >> $GITHUB_ENV
+        else
+          echo "ARTIFACT_NAME=etcd_output_amd64" >> $GITHUB_ENV
+        fi
+    - name: Download artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
       with:
-        name: etcd_output
+        name: ${{ env.ARTIFACT_NAME }}
         path: _output/release-tars
         github-token: ${{ secrets.GITHUB_TOKEN }}
     - name: Set release version environment variable
       run: echo RELEASE_VERSION=${GITHUB_REF#refs/tags/} >> $GITHUB_ENV
       env:
         GITHUB_REF: ${{ github.ref }}
-    - name: Display structure of downloaded files
-      run: ls -R
-      working-directory: _output
     - name: Upload Release Asset
       id: upload-release-asset
       uses: actions/upload-release-asset@v1
@@ -112,11 +169,16 @@ jobs:
     runs-on: ubuntu-latest
     needs: release
     steps:
-    - uses: actions/download-artifact@v4
+    - name: Create output directory
+      run: mkdir -p _output/checksums
+    - name: Download all artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
       with:
-        name: etcd_output
-        path: _output/checksums
+        path: _output/artifacts
         github-token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Combine checksums
+      run: |
+        find _output/artifacts -name "SHA256SUMS" -exec cat {} \; > _output/checksums/SHA256SUMS
     - name: Upload checksums
       id: upload-checksums
       uses: actions/upload-release-asset@v1

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -34,7 +34,7 @@ jobs:
       run: |
         docker image save -o /tmp/etcd-img.tar gcr.io/etcd-development/etcd
     - name: upload-image
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
       with:
         name: etcd-img
         path: /tmp/etcd-img.tar
@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: get-image
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: etcd-img
           path: /tmp

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.22.9
+1.23.7
diff --git a/api/go.mod b/api/go.mod
@@ -1,8 +1,8 @@
 module go.etcd.io/etcd/api/v3
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 require (
 	github.com/coreos/go-semver v0.3.0

diff --git a/api/version/version.go b/api/version/version.go
@@ -26,7 +26,7 @@ import (
 var (
 	// MinClusterVersion is the min cluster version this etcd binary is compatible with.
 	MinClusterVersion = "3.0.0"
-	Version           = "3.5.17-dd.2"
+	Version           = "3.5.17-dd.3"
 	APIVersion        = "unknown"
 
 	// Git SHA Value will be set during build

diff --git a/build.sh b/build.sh
@@ -16,11 +16,12 @@ GOOS=${GOOS:-$(go env GOOS)}
 GOARCH=${GOARCH:-$(go env GOARCH)}
 
 CGO_ENABLED="${CGO_ENABLED:-0}"
+GOEXPERIMENT="${GOEXPERIMENT:-}"
 
 # Set GO_LDFLAGS="-s" for building without symbols for debugging.
 # shellcheck disable=SC2206
 GO_LDFLAGS=(${GO_LDFLAGS:-} "-X=${VERSION_SYMBOL}=${GIT_SHA}")
-GO_BUILD_ENV=("CGO_ENABLED=${CGO_ENABLED}" "GO_BUILD_FLAGS=${GO_BUILD_FLAGS:-}" "GOOS=${GOOS}" "GOARCH=${GOARCH}")
+GO_BUILD_ENV=("CGO_ENABLED=${CGO_ENABLED}" "GO_BUILD_FLAGS=${GO_BUILD_FLAGS:-}" "GOOS=${GOOS}" "GOARCH=${GOARCH}" "GOEXPERIMENT=${GOEXPERIMENT}")
 
 GOFAIL_VERSION=$(cd tools/mod && go list -m -f '{{.Version}}' go.etcd.io/gofail)
 # enable/disable failpoints

diff --git a/client/pkg/go.mod b/client/pkg/go.mod
@@ -1,8 +1,8 @@
 module go.etcd.io/etcd/client/pkg/v3
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 require (
 	github.com/coreos/go-systemd/v22 v22.3.2

diff --git a/client/v2/go.mod b/client/v2/go.mod
@@ -1,14 +1,14 @@
 module go.etcd.io/etcd/client/v2
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 require (
 	github.com/json-iterator/go v1.1.11
 	github.com/modern-go/reflect2 v1.0.1
-	go.etcd.io/etcd/api/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/api/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.3
 )
 
 require (

diff --git a/client/v3/go.mod b/client/v3/go.mod
@@ -1,15 +1,15 @@
 module go.etcd.io/etcd/client/v3
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 require (
 	github.com/dustin/go-humanize v1.0.0
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/prometheus/client_golang v1.11.1
-	go.etcd.io/etcd/api/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/api/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.3
 	go.uber.org/zap v1.17.0
 	google.golang.org/grpc v1.59.0
 	sigs.k8s.io/yaml v1.2.0

diff --git a/etcdctl/fips.go b/etcdctl/fips.go
@@ -0,0 +1,6 @@
+//go:build fips
+
+package main
+
+// enforce fips compliance if boringcrypto is enabled
+import _ "crypto/tls/fipsonly"
diff --git a/etcdctl/go.mod b/etcdctl/go.mod
@@ -1,8 +1,8 @@
 module go.etcd.io/etcd/etcdctl/v3
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 require (
 	github.com/bgentry/speakeasy v0.1.0
@@ -11,12 +11,12 @@ require (
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
 	github.com/urfave/cli v1.22.4
-	go.etcd.io/etcd/api/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/api/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.3
 	go.etcd.io/etcd/client/v2 v2.305.17
-	go.etcd.io/etcd/client/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/etcdutl/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/pkg/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/client/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/etcdutl/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/pkg/v3 v3.5.17-dd.3
 	go.uber.org/zap v1.17.0
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
 	google.golang.org/grpc v1.59.0
@@ -50,8 +50,8 @@ require (
 	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
 	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
 	go.etcd.io/bbolt v1.3.11 // indirect
-	go.etcd.io/etcd/raft/v3 v3.5.17-dd.1 // indirect
-	go.etcd.io/etcd/server/v3 v3.5.17-dd.1 // indirect
+	go.etcd.io/etcd/raft/v3 v3.5.17-dd.3 // indirect
+	go.etcd.io/etcd/server/v3 v3.5.17-dd.3 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect
 	go.opentelemetry.io/otel v1.20.0 // indirect
 	go.opentelemetry.io/otel/metric v1.20.0 // indirect

diff --git a/etcdutl/fips.go b/etcdutl/fips.go
@@ -0,0 +1,6 @@
+//go:build fips
+
+package main
+
+// enforce fips compliance if boringcrypto is enabled
+import _ "crypto/tls/fipsonly"
diff --git a/etcdutl/go.mod b/etcdutl/go.mod
@@ -1,8 +1,8 @@
 module go.etcd.io/etcd/etcdutl/v3
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 replace (
 	go.etcd.io/etcd/api/v3 => ../api
@@ -27,12 +27,12 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/spf13/cobra v1.1.3
 	go.etcd.io/bbolt v1.3.11
-	go.etcd.io/etcd/api/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/client/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/pkg/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/raft/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/server/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/api/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/client/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/pkg/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/raft/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/server/v3 v3.5.17-dd.3
 	go.uber.org/zap v1.17.0
 )
 

diff --git a/go.mod b/go.mod
@@ -1,8 +1,8 @@
 module go.etcd.io/etcd/v3
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 replace (
 	go.etcd.io/etcd/api/v3 => ./api
@@ -22,16 +22,16 @@ require (
 	github.com/dustin/go-humanize v1.0.0
 	github.com/spf13/cobra v1.1.3
 	go.etcd.io/bbolt v1.3.11
-	go.etcd.io/etcd/api/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/api/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.3
 	go.etcd.io/etcd/client/v2 v2.305.17
-	go.etcd.io/etcd/client/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/etcdctl/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/etcdutl/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/pkg/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/raft/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/server/v3 v3.5.17-dd.1
-	go.etcd.io/etcd/tests/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/client/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/etcdctl/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/etcdutl/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/pkg/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/raft/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/server/v3 v3.5.17-dd.3
+	go.etcd.io/etcd/tests/v3 v3.5.17-dd.3
 	go.uber.org/zap v1.17.0
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
 	google.golang.org/grpc v1.59.0

diff --git a/pkg/go.mod b/pkg/go.mod
@@ -1,16 +1,16 @@
 module go.etcd.io/etcd/pkg/v3
 
-go 1.22
+go 1.23
 
-toolchain go1.22.9
+toolchain go1.23.7
 
 require (
 	github.com/creack/pty v1.1.11
 	github.com/dustin/go-humanize v1.0.0
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
-	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.1
+	go.etcd.io/etcd/client/pkg/v3 v3.5.17-dd.3
 	go.uber.org/zap v1.17.0
 	google.golang.org/grpc v1.59.0
 )
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		1.22.9
		1.23.7
Comment thread badouralix marked this conversation as resolved.