There's currently a bug that causes CI to be skipped on all non-PR
changes. Until that's fixed and we can be certain the check will fail CI
or default to running tests in the case of errors, disabling this check.
* some changes to debug
* revert machines
* increased timeout
* added sleep 10 seconds before test start
* chagne envoy version
* removed sleep
* revert timeout
* replace position
* removed date
* Revert "[NET-5217] [OSS] Derive sidecar proxy locality from parent service (#18437)"
This reverts commit 05604eeec1.
* fix build
* Revert "replace position"
This reverts commit 48e6af46a8daae186c283f30d316b1104906993e.
* Revert "Revert "[NET-5217] [OSS] Derive sidecar proxy locality from parent service (#18437)""
This reverts commit d7c568e2be727b72e6827225782e0e17ac06b74a.
* comment out api gateway http hostnames test
* fix import
* revert integ test run on PR
* mesh-controller: handle L4 protocols for a proxy without upstreams
* sidecar-controller: Support explicit destinations for L4 protocols and single ports.
* This controller generates and saves ProxyStateTemplate for sidecar proxies.
* It currently supports single-port L4 ports only.
* It keeps a cache of all destinations to make it easier to compute and retrieve destinations.
* It will update the status of the pbmesh.Upstreams resource if anything is invalid.
* endpoints-controller: add workload identity to the service endpoints resource
* small fixes
* review comments
* Address PR comments
* sidecar-proxy controller: Add support for transparent proxy
This currently does not support inferring destinations from intentions.
* PR review comments
* mesh-controller: handle L4 protocols for a proxy without upstreams
* sidecar-controller: Support explicit destinations for L4 protocols and single ports.
* This controller generates and saves ProxyStateTemplate for sidecar proxies.
* It currently supports single-port L4 ports only.
* It keeps a cache of all destinations to make it easier to compute and retrieve destinations.
* It will update the status of the pbmesh.Upstreams resource if anything is invalid.
* endpoints-controller: add workload identity to the service endpoints resource
* small fixes
* review comments
* Make sure endpoint refs route to mesh port instead of an app port
* Address PR comments
* fixing copyright
* tidy imports
* sidecar-proxy controller: Add support for transparent proxy
This currently does not support inferring destinations from intentions.
* tidy imports
* add copyright headers
* Prefix sidecar proxy test files with source and destination.
* Update controller_test.go
---------
Co-authored-by: Iryna Shustava <iryna@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
* Add license-checker action that fails when any backported file contains BUSL header
* Quote echoed variable to retain line breaks
* Add ticket to reference for more details
* Adding explicit MPL license for sub-package
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Adding explicit MPL license for sub-package
This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.
* Updating the license from MPL to Business Source License
Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.
* add missing license headers
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
* Update copyright file headers to BUSL-1.1
---------
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
* bump testcontainers-go from 0.22.0 and remove pinned go version in integ test
* go mod tidy
* Replace deprecated target.Authority with target.URL.Host
Revert "NET-4996 - filter go-tests and test-integration workflows from running on docs only and ui only changes (#18236)"
This reverts commit a11dba710e.
* Fix Backport Assistant failure PR commenting
For general comments on a PR, it looks like you have to use the `/issue`
endpoint rather than `/pulls`, which requires commit/other
review-specific target details.
This matches the endpoint used in `backport-reminder.yml`.
* Remove Backport Reminder workflow
This is noisy (even when adding multiple labels, individual comments per
label are generated), and likely no longer needed: we haven't had this
work in a long time due to an expired GH token, and we now have better
automation for backport PR assignment.
Update Go version to 1.20.6
This resolves [CVE-2023-29406]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29406) for uses of the
`net/http` standard library.
Note that until the follow-up to #18124 is done, the version of Go used
in those impacted tests will need to remain on 1.20.5.
### Description
This is related to https://github.com/hashicorp/consul/pull/18124 where
we pinned the go versions in CI to 1.20.5 and 1.19.10.
go 1.20.6 and 1.19.11 now validate request host headers for validity,
including the hostname cannot be prefixed with slashes.
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname. Prior versions go Go would
clean the host header, and strip slashes in the process, but go1.20.6
and go1.19.11 no longer do, and reject the host header. Around the
community we are seeing that others are intercepting the req.host and if
it starts with a slash or ends with .sock, they changing the host to
localhost or another dummy value.
[client: define a "dummy" hostname to use for local connections by
thaJeztah · Pull Request #45942 ·
moby/moby](https://github.com/moby/moby/pull/45942)
### Testing & Reproduction steps
Check CI tests.
### Links
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
### Description
The following jobs started failing when go 1.20.6 was released:
- `go-test-api-1-19`
- `go-test-api-1-20`
- `compatibility-integration-tests`
- `upgrade-integration-tests`
`compatibility-integration-tests` and `compatibility-integration-tests`
to this testcontainers issue:
https://github.com/testcontainers/testcontainers-go/issues/1359. This
issue calls for testcontainers to release a new version when one of
their dependencies is fixed. When that is done, we will unpin the go
versions in `compatibility-integration-tests` and
`compatibility-integration-tests`.
### Testing & Reproduction steps
See these jobs broken in CI and then see them work with this PR.
---------
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
* adding docker files to verify linux packages.
* add verifr-release-linux.yml
* updating name
* pass inputs directly into jobs
* add other linux package platforms
* remove on push
* fix TARGETARCH on debian and ubuntu so it can check arm64 and amd64
* fixing amazon to use the continue line
* add ubuntu i386
* fix comment lines
* working
* remove commented out workflow jobs
* Apply suggestions from code review
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* update fedora and ubuntu to use latest tag
---------
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Previously, this only triggered for release/*.*.x branches; however, our release process involves cutting a release/1.16.0 branch, for example, at time of code freeze these days. Any PRs to that branch after code freeze today do not make their way to consul-enterprise. This will make behavior for a .0 branch consistent with current behavior for a .x branch.
* Ensure that git access to private repos uses the ELEVATED_GITHUB_TOKEN
* Bump the runner size for the protobuf generation check
This has failed previously when the runner process that communicates with GitHub gets starved causing the job to fail.
* WIP
* ci:upload test results to datadog
* fix use of envvar in expression
* getting correct permission in reusable-unit.yml
* getting correct permission in reusable-unit.yml
* fixing DATADOG_API_KEY envvar expresssion
* pass datadog-api-key
* removing type from datadog-api-key
* remove test splitting from compatibility-integration-tests
* enable on push
* remove ipv6 loopback fix
* re-add ipv6 loopback fix
* remove test splitting from upgrade-integration-tests
* remove test splitting from upgrade-integration-tests
* put test splitting back in for upgrade tests
* upgrade-integration tests-o
ne runner no retries
* update go version to 1.20.3
* add changelog
* rename changelog file to remove underscore
* update to use 1.20.4
* update change log entry to reflect 1.20.4
* upgrade test: use docker.mirror.hashicorp.services to avoid docker login
* upgrade tests: remove docker login
Signed-off-by: Dan Bond <danbond@protonmail.com>
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
* TProxy integration test
* Fix GHA compatibility integration test command
Previously, when test splitting allocated multiple test directories to a
runner, the workflow ran `go tests "./test/dir1 ./test/dir2"` which
results in a directory not found error. This fixes that.
* Fix straggler from renaming Register->RegisterTypes
* somehow a lint failure got through previously
* Fix lint-consul-retry errors
* adding in fix for success jobs getting skipped. (#17132)
* Temporarily disable inmem backend conformance test to get green pipeline
* Another test needs disabling
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* fix runner calculation to exclude the top level directory as part of the calculation
* fix the logic for generating the directories/functions
* De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default"
Peername must be "local"
* Fix virtual services being included in intention topology as downstreams. (#17099)
* Merge pull request #5200 from hashicorp/NET-3758 (#17102)
* Merge pull request #5200 from hashicorp/NET-3758
NET-3758: connect: update supported envoy versions to 1.26.0
* lint
* CI: remove uneeded AWS creds from test-integrations (#17104)
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* update based on feedback
---------
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* use proper TOTAL_RUNNER setting when generating runner matrix. if matrix size is smaller than total_runners, use the smaller number
* try again
* try again 2
* try again 3
* try again 4
* try again 5
* try scenario where number is less
* reset
* get rid of cat "$GITHUB_OUTPUT"
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* removing push trigger that was added for debug
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* add test-integrations workflow
* add test-integrations success job
* update vault integration testing versions (#16949)
* change parallelism to 4 forgotestsum. use env.CONSUL_VERSION so we can see the version.
* use env for repeated values
* match test to circleci
* fix envvar
* fix envvar 2
* fix envvar 3
* fix envvar 4
* fix envvar 5
* make upgrade and compatibility tests match circleci
* run go env to check environment
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* revert debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* going back to command that worked 5 days ago for compatibility tests
* Update Envoy versions to reflect changes in #16889
* cd to test dir
* try running ubuntu latest
* update PR with latest changes that work in enterprise
* yaml still sucks
* test GH fix (localhost resolution)
* change for testing
* test splitting and ipv6 lookup for compatibility and upgrade tests
* fix indention
* consul as image name
* remove the on push
* add gotestsum back in
* removing the use of the gotestsum download action
* yaml sucks today just like yesterday
* fixing nomad tests
* worked out the kinks on enterprise
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
* Add go-tests-success job and make go-test-enterprise conditional
* fixing lint-32bit reference
* fixing reference to -go-test-troubleshoot
* add all jobs that fan out.
* fixing success job to need set up
* add echo to success job
* adding success jobs to build-artifacts, build-distros, and frontend.
* changing the name of the job in verify ci to be consistent with other workflows
* enable go-tests, build-distros, and verify-ci to run on merge to main and release branches because they currently do not with just the pull_request trigger
* docs: add envoy to the proxycfg diagram (#16834)
* docs: add envoy to the proxycfg diagram
* increase dee-copy job to use large runner. disable lint-enums on ENT
* set lint-enums to a large
* remove redunant installation of deep-copy
---------
Co-authored-by: cskh <hui.kang@hashicorp.com>
* ci: add build-artifacts workflow
Signed-off-by: Dan Bond <danbond@protonmail.com>
* makefile for gha dev-docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* use docker actions instead of make
Signed-off-by: Dan Bond <danbond@protonmail.com>
* Add context
Signed-off-by: Dan Bond <danbond@protonmail.com>
* testing push
Signed-off-by: Dan Bond <danbond@protonmail.com>
* set short sha
Signed-off-by: Dan Bond <danbond@protonmail.com>
* upload to s3
Signed-off-by: Dan Bond <danbond@protonmail.com>
* rm s3 upload
Signed-off-by: Dan Bond <danbond@protonmail.com>
* use runner setup job
Signed-off-by: Dan Bond <danbond@protonmail.com>
* on push
Signed-off-by: Dan Bond <danbond@protonmail.com>
* testing
Signed-off-by: Dan Bond <danbond@protonmail.com>
* on pr
Signed-off-by: Dan Bond <danbond@protonmail.com>
* revert testing
Signed-off-by: Dan Bond <danbond@protonmail.com>
* OSS/ENT logic
Signed-off-by: Dan Bond <danbond@protonmail.com>
* add comments
Signed-off-by: Dan Bond <danbond@protonmail.com>
* Update .github/workflows/build-artifacts.yml
Co-authored-by: John Murret <john.murret@hashicorp.com>
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
* go-tests workflow
* add test splitting to go-tests
* fix re-reun fails report path
* fix re-reun fails report path another place
* fixing tests for32bit and race
* use script file to generate runners
* fixing run path
* add checkout
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* passing runs-on
* setting up runs-on as a parameter to check-go-mod
* making on pull_request
* Update .github/scripts/rerun_fails_report.sh
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* make runs-on required
* removing go-version param that is not used.
* removing go-version param that is not used.
* Modify build-distros to use medium runners (#16773)
* go-tests workflow
* add test splitting to go-tests
* fix re-reun fails report path
* fix re-reun fails report path another place
* fixing tests for32bit and race
* use script file to generate runners
* fixing run path
* add checkout
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* passing runs-on
* setting up runs-on as a parameter to check-go-mod
* trying mediums
* adding in script
* fixing runs-on to be parameter
* fixing merge conflict
* changing to on push
* removing whitespace
* go-tests workflow
* add test splitting to go-tests
* fix re-reun fails report path
* fix re-reun fails report path another place
* fixing tests for32bit and race
* use script file to generate runners
* fixing run path
* add checkout
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* passing runs-on
* setting up runs-on as a parameter to check-go-mod
* changing back to on pull_request
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Github Actions Migration - move verify-ci workflows to GHA (#16777)
* add verify-ci workflow
* adding comment and changing to on pull request.
* changing to pull_requests
* changing to pull_request
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* [NET-3029] Migrate frontend to GHA (#16731)
* changing set up to a small
* using consuls own custom runner pool.
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* migrate build distros to GHA
Signed-off-by: Dan Bond <danbond@protonmail.com>
* build-arm
Signed-off-by: Dan Bond <danbond@protonmail.com>
* don't use matrix
Signed-off-by: Dan Bond <danbond@protonmail.com>
* check-go-mod
Signed-off-by: Dan Bond <danbond@protonmail.com>
* add notify slack script
Signed-off-by: Dan Bond <danbond@protonmail.com>
* notify slack if failure
Signed-off-by: Dan Bond <danbond@protonmail.com>
* rm notify slack script
Signed-off-by: Dan Bond <danbond@protonmail.com>
* fix check-go-mod job
Signed-off-by: Dan Bond <danbond@protonmail.com>
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
* Onboard consul to use new .release/VERSION file and reproducible actions-go-build
* Onboard consul to use new .release/VERSION file and reproducible actions
* Onboard consul to use new .release/VERSION file and reproducible actions
* fix to consul
* Onboard consul to use new .release/VERSION file and reproducible actions
* Onboard consul to use new .release/VERSION file and reproducible actions
* Onboard consul to use new .release/VERSION file and reproducible actions
* test out ent changes
* just or testing
* Added setup go for build ui
* try removing VERSION file out of .release dir
* add checkout action for build ui and update checkout version
* try no -dev marker
* try removing extra ldflags
* test version
* add back in setup-go step?
* Update utils.js
read from static VERSION file
* remove actions-setup go
* add 1.15.0-dev
* Using prepare workflow for pre-stable channel workflow
* Test prepare workflow
* Remove set-product-version branch from release pipeline
* Use METADATA in environment
* Correct env vars
* Remove current branch from build trigger list
Co-authored-by: emilymianeil <emilymianeil@gmail.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
Co-authored-by: hc-github-team-nomad-core <github-team-nomad-core@hashicorp.com>
Co-authored-by: emily neil <63985869+emilymianeil@users.noreply.github.com>
* add test coverage comments to PRs
* [skip ci] update test coverage
* [skip ci] add .gitattributes to avoid merge conflicts with test coverage
* exempt main and release branches from coverage job
* [skip ci] update test coverage
* [skip ci] update test coverage
* clean up debug line, exit early if missing files
* [skip ci] update test coverage
* extract repository into variable to make porting to ENT easier
* [skip ci] update test coverage
Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
There are a few changes being made to RedHat's registry on October 20, 2022 that affect the way images need to be tagged prior to being pushed to the registry. This PR changes the tag to conform to the new standard.
We have other work queued up in crt-workflows-common and actions-docker-build to support the other required changes.
This PR should be merged to `main` and all release branches on or after October 20, 2022, and MUST be merged before your next production release. Otherwise, the automation to push to the RedHat registry will not work.
----
A detailed list of changes shared from RedHat (as an FYI):
The following changes will occur for container certification projects that leverage the Red Hat hosted registry [[registry.connect.redhat.com](http://registry.connect.redhat.com/)] for image distribution:
- All currently published images are migrating to a NEW, Red Hat hosted quay registry. Partners do not have to do anything for this migration, and this will not impact customers. The registry will still utilize [registry.connect.redhat.com](http://registry.connect.redhat.com/) as the registry URL.
- The registry URL currently used to push, tag, and certify images, as well as the registry login key, will change. You can see these changes under the “Images” tab of the container certification project. You will now see a [quay.io](http://quay.io/) address and will no longer see [scan.connect.redhat.com](http://scan.connect.redhat.com/).
- Partners will have the opportunity to auto-publish images by selecting “Auto-publish” in the Settings tab of your certification project. This will automatically publish images that pass all certification tests.
- For new container image projects, partners will have the option to host within their own chosen image registry while using [registry.connect.redhat.com](http://registry.connect.redhat.com/) as a proxy address. This means the end user can authenticate to the Red Hat registry to pull a partner image without having to provide additional authentication to the partner’s registry.
It's possible that the output of the diff contains surrounding lines
that were not modified. This change filters further to lines that were
added or removed.