Skip to content

fix[installer](setup): added lock on installer final phase#2180

Merged
osmontero merged 1 commit into
release/v11.2.9from
backlog/fix/installer
Jun 9, 2026
Merged

fix[installer](setup): added lock on installer final phase#2180
osmontero merged 1 commit into
release/v11.2.9from
backlog/fix/installer

Conversation

@AlexSanchez-bit

@AlexSanchez-bit AlexSanchez-bit commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@AlexSanchez-bit AlexSanchez-bit requested a review from a team June 9, 2026 13:42
@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown

❌ Go dependencies check failed

There are outdated Go dependencies, or modules that could not be inspected.
Run bash .github/scripts/go-deps.sh --update --discover locally and
commit the updated go.mod / go.sum files.

Script output 
🔍 Discovered 25 Go projects

📦 Dependencies with updates available:

  📁 ./as400:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./as400/updater:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/stats:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/inputs:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/azure:
     - github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.21.1 → v1.22.0
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/modules-config:
     - github.com/aws/aws-sdk-go-v2/config: v1.32.18 → v1.32.24
     - github.com/aws/aws-sdk-go-v2/credentials: v1.19.17 → v1.19.23
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.74.0 → v1.75.2
     - github.com/aws/aws-sdk-go-v2/service/sts: v1.42.1 → v1.43.3
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25
     - golang.org/x/sync: v0.20.0 → v0.21.0
     - google.golang.org/api: v0.282.0 → v0.283.0

  📁 ./plugins/geolocation:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/alerts:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/o365:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/soc-ai:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/config:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/events:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/aws:
     - github.com/aws/aws-sdk-go-v2: v1.41.7 → v1.42.0
     - github.com/aws/aws-sdk-go-v2/config: v1.32.18 → v1.32.24
     - github.com/aws/aws-sdk-go-v2/credentials: v1.19.17 → v1.19.23
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.74.0 → v1.75.2
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/gcp:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25
     - google.golang.org/api: v0.282.0 → v0.283.0

  📁 ./plugins/bitdefender:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/feeds:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25
     - golang.org/x/sync: v0.20.0 → v0.21.0

  📁 ./plugins/sophos:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./plugins/crowdstrike:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./agent-manager:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

  📁 ./agent:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25
     - golang.org/x/sys: v0.45.0 → v0.46.0

  📁 ./utmstack-collector:
     - github.com/threatwinds/go-sdk: v1.1.21 → v1.1.25

�[0;31m❌ Please update dependencies before merging.�[0m

@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown

🛑 AI review — Engineer review required

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. @Kbayero @osmontero please review.

🛑 architecture (gemini-3-flash-lite) — Tier 3 — engineer review required

Summary: Modification to installer logic affecting deployment state and locking mechanism.

  • high installer/setup/apply.go:290 — Uncommenting logic in the installer directly impacts the deployment process and environment state. Changes to the installer are Tier 3 and require validation against existing deployment workflows.

⚠️ bugs (gemini-3-flash-lite) — Tier 2 — changes requested

Summary: Uncommented lock logic introduces a potential resource leak and logic error due to missing unlock mechanism.

  • high installer/setup/apply.go:293 — The code calls utils.GetLock but never calls utils.ReleaseLock or equivalent, leading to a permanent lock file creation that will prevent future runs of the installer.
  • medium installer/setup/apply.go:300 — Formatting error: missing space in 'return "",err' which should be 'return "", err'.

🛑 security (gemini-3-flash-lite) — Tier 3 — engineer review required

Summary: Uncommented logic in installer modifies system state and touches security-critical installation paths.

  • medium installer/setup/apply.go:290 — Uncommenting lock-based logic in the installer affects system state during deployment. Security-critical installer paths require verification to ensure no race conditions or unintended side effects occur during stack initialization.

utmstackprapprover[bot]
utmstackprapprover Bot suggested changes Jun 9, 2026
View reviewed changes

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — see approver comments above.

@osmontero osmontero merged commit 3d82da3 into release/v11.2.9 Jun 9, 2026
5 of 7 checks passed
@osmontero osmontero deleted the backlog/fix/installer branch June 9, 2026 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@osmontero osmontero osmontero approved these changes

+1 more reviewer

@utmstackprapprover utmstackprapprover[bot] utmstackprapprover[bot] requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AlexSanchez-bit @osmontero