* build: consolidate Envoy version management
Simplify Envoy version management by consolidating all runtime, build,
and CI sources of Envoy versions into a single plaintext file.
The goal of this change is to avoid common mistakes missing an update of
some Envoy versions (both in general and due to release branch
inconsistency), and enable automated Envoy version updates in the
future.
* ci: add missing ref argument for get-go-version
Supports nightly tests.
Ensure files are split rather than compared as a single list for
accuracy and easier debugging.
Also adopt minor changes and file name from introduction of similar
check `consul-dataplane` and `consul-k8s` for clarity.
Several of our nightly cron jobs are actually running repeatedly
back-to-back during the designated hour. Change the cron to run them
once as intended.
Follow-up to #21094, which temporarily downgraded BPA to allow for old
CE backport labels to be used during Consul's most recent patch release.
Upgrading fully enforces the version manifest and prevents accidental
backports to no-longer-active CE versions.
To ease migration during this week's patch releases, temporarily use the
more permissive version of BPA to allow old + new backport labels to be
used simultaneously.
* Config changes to use backport-assistant with lts support
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---------
Co-authored-by: claire labry <claire@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
This adds a bunch of coverage of the topology.Compile method. It is not complete, but it is a start.
- A few panics and miscellany were fixed.
- The testing/deployer tests are now also run in CI.
Update Vault/Nomad versions to ensure we're testing all the latest versions.
Update Vault/Nomad versions to ensure we're testing all the latest versions .
Unlike the Nomad tests (where Nomad is compiled from source and provides
the tests), Vault is installed as a binary, and local Consul tests are
run.
Fixes incorrect version change introduced in #20058.
* Upgrade Go to 1.21
* ci: detect Go backwards compatibility test version automatically
For our submodules and other places we choose to test against previous
Go versions, detect this version automatically from the current one
rather than hard-coding it.
ci: Set Go version consistently via .go-version
Ensure Go version is determined consistently for CI and Docker builds
rather than spread across several different files.
The intent is to eventually replace this with use of the `toolchain`
directive in Go 1.21.
We've noticed runners appearing to become resource-starved during heavy
CI traffic. While we should try to prevent this by limiting the
scanner's CPU consumption, increasing the runner size should help in the
interim.
* security: re-enable security scan release block
This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.
* security: run security scans on main and release branches
Due to the unintuitive behavior of GHA w.r.t. implicit status check
`success()`, test results were only being uploaded on success (failures
presumably came from retried tests that passed).
Michael Zalimeni
Nathan Coleman
Dan Stough
sarahalsmiller
NicoletaPopoviciu
Jeanne Angeles Franco
wangxinyi7
Deniz Onur Duzgun
R.B. Boyer
skpratt
Curt Bushko
David Yu
John Murret
Semir Patel
cskh
Valeriia Ruban