Correctly set the the version of Consul built by the `dev-build` job,
which is then copied into the Consul dev image used in integration
tests.
This was causing failures starting sidecar proxies via `consul connect
envoy` due to a mismatch between the (incorrect) Consul binary's
supported Envoy versions and the (correct) Envoy version under test.
Also add debug log uploads to each int test so we can more easily
diagnose this sort of failure in the future, as it was entirely hidden
in test output.
* run integration tests on push in main and release/*
* Update .github/workflows/test-integrations.yml
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
* Add checks to CI to ensure that generated golden files for xds tests are up to date
* fix file permissions
* debugging
* more debugging
* more debugging
* more debugging
* more debugging
* I can't type
* this might be correct
* removing debug prints
* build: consolidate Envoy version management
Simplify Envoy version management by consolidating all runtime, build,
and CI sources of Envoy versions into a single plaintext file.
The goal of this change is to avoid common mistakes missing an update of
some Envoy versions (both in general and due to release branch
inconsistency), and enable automated Envoy version updates in the
future.
* ci: add missing ref argument for get-go-version
Supports nightly tests.
Ensure files are split rather than compared as a single list for
accuracy and easier debugging.
Also adopt minor changes and file name from introduction of similar
check `consul-dataplane` and `consul-k8s` for clarity.
Several of our nightly cron jobs are actually running repeatedly
back-to-back during the designated hour. Change the cron to run them
once as intended.
Follow-up to #21094, which temporarily downgraded BPA to allow for old
CE backport labels to be used during Consul's most recent patch release.
Upgrading fully enforces the version manifest and prevents accidental
backports to no-longer-active CE versions.
To ease migration during this week's patch releases, temporarily use the
more permissive version of BPA to allow old + new backport labels to be
used simultaneously.
* Config changes to use backport-assistant with lts support
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---------
Co-authored-by: claire labry <claire@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
This adds a bunch of coverage of the topology.Compile method. It is not complete, but it is a start.
- A few panics and miscellany were fixed.
- The testing/deployer tests are now also run in CI.
Update Vault/Nomad versions to ensure we're testing all the latest versions.
Update Vault/Nomad versions to ensure we're testing all the latest versions .
Unlike the Nomad tests (where Nomad is compiled from source and provides
the tests), Vault is installed as a binary, and local Consul tests are
run.
Fixes incorrect version change introduced in #20058.
* Upgrade Go to 1.21
* ci: detect Go backwards compatibility test version automatically
For our submodules and other places we choose to test against previous
Go versions, detect this version automatically from the current one
rather than hard-coding it.
ci: Set Go version consistently via .go-version
Ensure Go version is determined consistently for CI and Docker builds
rather than spread across several different files.
The intent is to eventually replace this with use of the `toolchain`
directive in Go 1.21.
We've noticed runners appearing to become resource-starved during heavy
CI traffic. While we should try to prevent this by limiting the
scanner's CPU consumption, increasing the runner size should help in the
interim.
* security: re-enable security scan release block
This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.
* security: run security scans on main and release branches