### Description
This is related to https://github.com/hashicorp/consul/pull/18124 where
we pinned the go versions in CI to 1.20.5 and 1.19.10.
go 1.20.6 and 1.19.11 now validate request host headers for validity,
including the hostname cannot be prefixed with slashes.
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname. Prior versions go Go would
clean the host header, and strip slashes in the process, but go1.20.6
and go1.19.11 no longer do, and reject the host header. Around the
community we are seeing that others are intercepting the req.host and if
it starts with a slash or ends with .sock, they changing the host to
localhost or another dummy value.
[client: define a "dummy" hostname to use for local connections by
thaJeztah · Pull Request #45942 ·
moby/moby](https://github.com/moby/moby/pull/45942)
### Testing & Reproduction steps
Check CI tests.
### Links
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
### Description
The following jobs started failing when go 1.20.6 was released:
- `go-test-api-1-19`
- `go-test-api-1-20`
- `compatibility-integration-tests`
- `upgrade-integration-tests`
`compatibility-integration-tests` and `compatibility-integration-tests`
to this testcontainers issue:
https://github.com/testcontainers/testcontainers-go/issues/1359. This
issue calls for testcontainers to release a new version when one of
their dependencies is fixed. When that is done, we will unpin the go
versions in `compatibility-integration-tests` and
`compatibility-integration-tests`.
### Testing & Reproduction steps
See these jobs broken in CI and then see them work with this PR.
---------
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
* adding docker files to verify linux packages.
* add verifr-release-linux.yml
* updating name
* pass inputs directly into jobs
* add other linux package platforms
* remove on push
* fix TARGETARCH on debian and ubuntu so it can check arm64 and amd64
* fixing amazon to use the continue line
* add ubuntu i386
* fix comment lines
* working
* remove commented out workflow jobs
* Apply suggestions from code review
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* update fedora and ubuntu to use latest tag
---------
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Previously, this only triggered for release/*.*.x branches; however, our release process involves cutting a release/1.16.0 branch, for example, at time of code freeze these days. Any PRs to that branch after code freeze today do not make their way to consul-enterprise. This will make behavior for a .0 branch consistent with current behavior for a .x branch.
* Ensure that git access to private repos uses the ELEVATED_GITHUB_TOKEN
* Bump the runner size for the protobuf generation check
This has failed previously when the runner process that communicates with GitHub gets starved causing the job to fail.
* WIP
* ci:upload test results to datadog
* fix use of envvar in expression
* getting correct permission in reusable-unit.yml
* getting correct permission in reusable-unit.yml
* fixing DATADOG_API_KEY envvar expresssion
* pass datadog-api-key
* removing type from datadog-api-key
* remove test splitting from compatibility-integration-tests
* enable on push
* remove ipv6 loopback fix
* re-add ipv6 loopback fix
* remove test splitting from upgrade-integration-tests
* remove test splitting from upgrade-integration-tests
* put test splitting back in for upgrade tests
* upgrade-integration tests-o
ne runner no retries
* update go version to 1.20.3
* add changelog
* rename changelog file to remove underscore
* update to use 1.20.4
* update change log entry to reflect 1.20.4
* upgrade test: use docker.mirror.hashicorp.services to avoid docker login
* upgrade tests: remove docker login
Signed-off-by: Dan Bond <danbond@protonmail.com>
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
* TProxy integration test
* Fix GHA compatibility integration test command
Previously, when test splitting allocated multiple test directories to a
runner, the workflow ran `go tests "./test/dir1 ./test/dir2"` which
results in a directory not found error. This fixes that.
* Fix straggler from renaming Register->RegisterTypes
* somehow a lint failure got through previously
* Fix lint-consul-retry errors
* adding in fix for success jobs getting skipped. (#17132)
* Temporarily disable inmem backend conformance test to get green pipeline
* Another test needs disabling
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* fix runner calculation to exclude the top level directory as part of the calculation
* fix the logic for generating the directories/functions
* De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default"
Peername must be "local"
* Fix virtual services being included in intention topology as downstreams. (#17099)
* Merge pull request #5200 from hashicorp/NET-3758 (#17102)
* Merge pull request #5200 from hashicorp/NET-3758
NET-3758: connect: update supported envoy versions to 1.26.0
* lint
* CI: remove uneeded AWS creds from test-integrations (#17104)
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* update based on feedback
---------
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* use proper TOTAL_RUNNER setting when generating runner matrix. if matrix size is smaller than total_runners, use the smaller number
* try again
* try again 2
* try again 3
* try again 4
* try again 5
* try scenario where number is less
* reset
* get rid of cat "$GITHUB_OUTPUT"
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* removing push trigger that was added for debug
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* add test-integrations workflow
* add test-integrations success job
* update vault integration testing versions (#16949)
* change parallelism to 4 forgotestsum. use env.CONSUL_VERSION so we can see the version.
* use env for repeated values
* match test to circleci
* fix envvar
* fix envvar 2
* fix envvar 3
* fix envvar 4
* fix envvar 5
* make upgrade and compatibility tests match circleci
* run go env to check environment
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* revert debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* going back to command that worked 5 days ago for compatibility tests
* Update Envoy versions to reflect changes in #16889
* cd to test dir
* try running ubuntu latest
* update PR with latest changes that work in enterprise
* yaml still sucks
* test GH fix (localhost resolution)
* change for testing
* test splitting and ipv6 lookup for compatibility and upgrade tests
* fix indention
* consul as image name
* remove the on push
* add gotestsum back in
* removing the use of the gotestsum download action
* yaml sucks today just like yesterday
* fixing nomad tests
* worked out the kinks on enterprise
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
* Add go-tests-success job and make go-test-enterprise conditional
* fixing lint-32bit reference
* fixing reference to -go-test-troubleshoot
* add all jobs that fan out.
* fixing success job to need set up
* add echo to success job
* adding success jobs to build-artifacts, build-distros, and frontend.
* changing the name of the job in verify ci to be consistent with other workflows
* enable go-tests, build-distros, and verify-ci to run on merge to main and release branches because they currently do not with just the pull_request trigger
* docs: add envoy to the proxycfg diagram (#16834)
* docs: add envoy to the proxycfg diagram
* increase dee-copy job to use large runner. disable lint-enums on ENT
* set lint-enums to a large
* remove redunant installation of deep-copy
---------
Co-authored-by: cskh <hui.kang@hashicorp.com>
* ci: add build-artifacts workflow
Signed-off-by: Dan Bond <danbond@protonmail.com>
* makefile for gha dev-docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* use docker actions instead of make
Signed-off-by: Dan Bond <danbond@protonmail.com>
* Add context
Signed-off-by: Dan Bond <danbond@protonmail.com>
* testing push
Signed-off-by: Dan Bond <danbond@protonmail.com>
* set short sha
Signed-off-by: Dan Bond <danbond@protonmail.com>
* upload to s3
Signed-off-by: Dan Bond <danbond@protonmail.com>
* rm s3 upload
Signed-off-by: Dan Bond <danbond@protonmail.com>
* use runner setup job
Signed-off-by: Dan Bond <danbond@protonmail.com>
* on push
Signed-off-by: Dan Bond <danbond@protonmail.com>
* testing
Signed-off-by: Dan Bond <danbond@protonmail.com>
* on pr
Signed-off-by: Dan Bond <danbond@protonmail.com>
* revert testing
Signed-off-by: Dan Bond <danbond@protonmail.com>
* OSS/ENT logic
Signed-off-by: Dan Bond <danbond@protonmail.com>
* add comments
Signed-off-by: Dan Bond <danbond@protonmail.com>
* Update .github/workflows/build-artifacts.yml
Co-authored-by: John Murret <john.murret@hashicorp.com>
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
* go-tests workflow
* add test splitting to go-tests
* fix re-reun fails report path
* fix re-reun fails report path another place
* fixing tests for32bit and race
* use script file to generate runners
* fixing run path
* add checkout
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* passing runs-on
* setting up runs-on as a parameter to check-go-mod
* making on pull_request
* Update .github/scripts/rerun_fails_report.sh
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* make runs-on required
* removing go-version param that is not used.
* removing go-version param that is not used.
* Modify build-distros to use medium runners (#16773)
* go-tests workflow
* add test splitting to go-tests
* fix re-reun fails report path
* fix re-reun fails report path another place
* fixing tests for32bit and race
* use script file to generate runners
* fixing run path
* add checkout
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* passing runs-on
* setting up runs-on as a parameter to check-go-mod
* trying mediums
* adding in script
* fixing runs-on to be parameter
* fixing merge conflict
* changing to on push
* removing whitespace
* go-tests workflow
* add test splitting to go-tests
* fix re-reun fails report path
* fix re-reun fails report path another place
* fixing tests for32bit and race
* use script file to generate runners
* fixing run path
* add checkout
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* passing runs-on
* setting up runs-on as a parameter to check-go-mod
* changing back to on pull_request
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Github Actions Migration - move verify-ci workflows to GHA (#16777)
* add verify-ci workflow
* adding comment and changing to on pull request.
* changing to pull_requests
* changing to pull_request
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* [NET-3029] Migrate frontend to GHA (#16731)
* changing set up to a small
* using consuls own custom runner pool.
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* migrate build distros to GHA
Signed-off-by: Dan Bond <danbond@protonmail.com>
* build-arm
Signed-off-by: Dan Bond <danbond@protonmail.com>
* don't use matrix
Signed-off-by: Dan Bond <danbond@protonmail.com>
* check-go-mod
Signed-off-by: Dan Bond <danbond@protonmail.com>
* add notify slack script
Signed-off-by: Dan Bond <danbond@protonmail.com>
* notify slack if failure
Signed-off-by: Dan Bond <danbond@protonmail.com>
* rm notify slack script
Signed-off-by: Dan Bond <danbond@protonmail.com>
* fix check-go-mod job
Signed-off-by: Dan Bond <danbond@protonmail.com>
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
* Onboard consul to use new .release/VERSION file and reproducible actions-go-build
* Onboard consul to use new .release/VERSION file and reproducible actions
* Onboard consul to use new .release/VERSION file and reproducible actions
* fix to consul
* Onboard consul to use new .release/VERSION file and reproducible actions
* Onboard consul to use new .release/VERSION file and reproducible actions
* Onboard consul to use new .release/VERSION file and reproducible actions
* test out ent changes
* just or testing
* Added setup go for build ui
* try removing VERSION file out of .release dir
* add checkout action for build ui and update checkout version
* try no -dev marker
* try removing extra ldflags
* test version
* add back in setup-go step?
* Update utils.js
read from static VERSION file
* remove actions-setup go
* add 1.15.0-dev
* Using prepare workflow for pre-stable channel workflow
* Test prepare workflow
* Remove set-product-version branch from release pipeline
* Use METADATA in environment
* Correct env vars
* Remove current branch from build trigger list
Co-authored-by: emilymianeil <emilymianeil@gmail.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
Co-authored-by: hc-github-team-nomad-core <github-team-nomad-core@hashicorp.com>
Co-authored-by: emily neil <63985869+emilymianeil@users.noreply.github.com>
There are a few changes being made to RedHat's registry on October 20, 2022 that affect the way images need to be tagged prior to being pushed to the registry. This PR changes the tag to conform to the new standard.
We have other work queued up in crt-workflows-common and actions-docker-build to support the other required changes.
This PR should be merged to `main` and all release branches on or after October 20, 2022, and MUST be merged before your next production release. Otherwise, the automation to push to the RedHat registry will not work.
----
A detailed list of changes shared from RedHat (as an FYI):
The following changes will occur for container certification projects that leverage the Red Hat hosted registry [[registry.connect.redhat.com](http://registry.connect.redhat.com/)] for image distribution:
- All currently published images are migrating to a NEW, Red Hat hosted quay registry. Partners do not have to do anything for this migration, and this will not impact customers. The registry will still utilize [registry.connect.redhat.com](http://registry.connect.redhat.com/) as the registry URL.
- The registry URL currently used to push, tag, and certify images, as well as the registry login key, will change. You can see these changes under the “Images” tab of the container certification project. You will now see a [quay.io](http://quay.io/) address and will no longer see [scan.connect.redhat.com](http://scan.connect.redhat.com/).
- Partners will have the opportunity to auto-publish images by selecting “Auto-publish” in the Settings tab of your certification project. This will automatically publish images that pass all certification tests.
- For new container image projects, partners will have the option to host within their own chosen image registry while using [registry.connect.redhat.com](http://registry.connect.redhat.com/) as a proxy address. This means the end user can authenticate to the Red Hat registry to pull a partner image without having to provide additional authentication to the partner’s registry.
Replace bindata packages with stdlib go:embed.
Modernize some uiserver code with newer interfaces introduced in go 1.16 (mainly working with fs.File instead of http.File.
Remove steps that are no longer used from our build files.
Add Github Action to detect differences in agent/uiserver/dist and verify that the files are correct (by compiling UI assets and comparing contents).
Remove the hardcoded `-dev` suffix from dev_tags, which is causing tags to be in the format `1.12.0-dev-dev` instead of just `1.12.0-dev`. I'll clean up the old tags before making the dockerhub repo public, which will be available https://hub.docker.com/r/hashicorppreview/consul
* add a github workflow to trigger ent->oss merge on every PR merged
* remove the workflow automation ref to trigger-oss-merge in circle-ci
* remove workflow automation
* revert circle-ci changes
* add actor
* remove cherrypicker
* add condition to avoid running in enterprise
Changing from `pull_request` to `pull_request_target` so that forks can get the write permissions to add labels. See [this thread](https://github.com/actions/labeler/issues/121) in the action repo.
Fixes several issues with the pre/postremove scripts for both rpm and
deb packages. Specifically:
For postremove:
- the postremove script now functions correctly (i.e. restarts consul
after a package upgrade) on rpm-based systems (where $1 is numeric
rather than `purge` or `upgrade`)
- `systemctl daemon-reload` is called on package removal (rather than
only on upgrade)
- calls `systemctl try-restart` instead of `systemctl restart`, which
will only (re)start consul if it was already running when the upgrade
happened.
For preremove:
- if the package is being completely uninstalled (rather than upgraded),
stop consul before removing the package