Ensure specific golang version everywhere in CI based on Makefile

[medyagh]

• Single source of truth for go version based on Makefile
• Installs right version golang (if not already) on jenkins build agent
• Bump the golang version to 1.12.8
• Also addresses multiple golang CVEs closes Due to multiple CVEs and fds leak, need to upgrade golang to 1.12.8+ #5087 also closes CI: install specific version of golang for cross build  #4895

---

Before this PR run on the jenkins box:

jenkins@jenkins:~$ go version
go version go1.12.5 linux/

on the first run of this PR if wrong verison of golang is installed, it will warn and then install the right version:

when the golang version is not same as Makefile jenkins will warn and then install the right version

14:36:06 WARNING: expected go version to be 1.12.8 but got 1.12.5

here is the output:

15:01:27 ++ install_golang 1.12.8 /usr/local
15:01:27 ++ echo 'Installing golang version: 1.12.8 on /usr/local'
15:01:27 Installing golang version: 1.12.8 on /usr/local
15:01:27 ++ pushd /tmp
15:01:27 ++ sudo curl -qL -O https://storage.googleapis.com/golang/go1.12.8.linux-amd64.tar.gz
15:01:27   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
15:01:27                                  Dload  Upload   Total   Spent    Left  Speed
15:01:27 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
 88  122M   88  107M    0     0   190M      0 --:--:-- --:--:-- --:--:--  190M
100  122M  100  122M    0     0   196M      0 --:--:-- --:--:-- --:--:--  196M
15:01:28 ++ sudo tar xfa go1.12.8.linux-amd64.tar.gz
15:01:32 ++ sudo rm -rf /usr/local/go
15:01:32 ++ sudo mv go /usr/local/
15:01:32 +++ whoami
15:01:32 ++ sudo chown -R jenkins: /usr/local/go
15:01:32 ++ popd
15:01:32 ++ return

after the first run I can see in the jenkins box ssh:

jenkins@jenkins:~$ go version
go version go1.12.8 linux/amd64
jenkins@jenkins:~$ which go
/usr/local/go/bin/go
jenkins@jenkins:~$ ls -lah /usr/local/go/bin/go
-rwxr-xr-x 1 jenkins jenkins 14M Aug 13 09:59 /usr/local/go/bin/go
jenkins@jenkins:~$ 


$ ls -lah /usr/local/go/bin/go
-rwxr-xr-x 1 jenkins jenkins 14M Aug 13 09:59 /usr/local/go/bin/go
jenkins@jenkins:~$ 
jenkins@jenkins:~$ 
jenkins@jenkins:~$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/var/lib/jenkins/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/var/lib/jenkins/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="/usr/bin/gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build458013956=/tmp/go-build -gno-rec
ord-gcc-switches"

and also when the right version is already installed it won't re-install but lets you know it is good !

15:13:27 ++ check_and_install_golang
15:13:27 ++ echo 'go version on the host looks good : 1.12.8 '
15:13:27 go version on the host looks good : 1.12.8 

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: medyagh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [medyagh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[josedonizetti]

it updated my golang locally from 1.12.5 to 1.12.8 :)

[afbjorklund]

Version number seems duplicated ?

Probably should be 1.12.9 now, too

[afbjorklund]

Make this 1.12.9

[medyagh]

I was thinking to make it 1.12.9 but the kubec-cross image is not available in that version yet ! I rather we build everything with same version.

[afbjorklund]

Makes perfect sense, and it is version 1.12.8 that has the needed security fix anyway

I saw the commit updating the version, and naively thought the image was built too...

kubernetes/kubernetes@54c6744

[medyagh]

alternatively we can make everything build in host golang and not use any docker at all.

[tstromberg]

Looks wonderful. Thank you for doing this!

[tstromberg]

Could this be installed to the users home directory instead? It seems awkward to have an automated system upgrading system binaries as a non-system user, only to chown it back to themselves.

[afbjorklund]

Interestingly, nothing in the home directory can be assumed to be in the PATH everywhere

Might as well use the standard location ? And have it owned by root, as per documentation

[medyagh]

hm....

[tstromberg]

is the chown step here necessary?

[afbjorklund]

Only because doing tar as root ?

But it also seems wrong, files under /usr/local should be owned by root (this is not brew)

[medyagh]

the reason I did this is because, the previous version of golang was installed by a user other than "jenkins" . the /usr/local/go was owned by "tstromberg"

so when jenkins was trying to delete that folder and re-install it again, it had permission error.

so I deleted and downloded with sudo and then later changed back to jenkins !

this was the only automated way I could find!

let me know what you guys think ! I personally think this was best way given the previous manual installation situation.

[medyagh]

I could have provided a comment on why I was doing sudo tar

[tstromberg]

mktemp -d is preferable.

[medyagh]

reminds me of this poem http://blog.medyagh.com/2017/07/thats-more-preferable.html