* update bindata on ui-v2/ changes
* Revert "Remove GIT_SHA environment variable"
This reverts commit f620f9aefd41362ce76c3a8e0f4addf402ee0ca2.
* Revert "Hardcode in an app version for ember-cli-app-version"
This reverts commit 5ae493d79b34ef2143d78a44c21a63623140bba8.
* revert modtime change in #8712
* add check for bindata_assetfs changes
* Remove GIT_SHA environment variable
* Hardcode in an app version for ember-cli-app-version
* change ' to " for CONSUL_UI_SETTINGS_PLACEHOLDER
Co-authored-by: John Cowen <jcowen@hashicorp.com>
Co-authored-by: hashicorp-ci <hashicorp-ci@users.noreply.github.com>
Related changes:
- hard-fail the xDS connection attempt if the envoy version is known to be too old to be supported
- remove the RouterMatchSafeRegex proxy feature since all supported envoy versions have it
- stop using --max-obj-name-len (due to: envoyproxy/envoy#11740)
Running every test with the race detector would add significant time to
CI. That additionaltime won't provide much value as many of the integration tests use
much of the same code.
For now we can run -race on some of the smaller packages. As we move
more code into smaller packages we should be able to add more packages
to the list that runs with '-race'.
For now this is running without parallelism, but we can enable that as
well when we need it.
boltdb fails the 'checkptr' check, which is automatically enabled by
'-race', so I've disabled checkptr as well.
* test/integration: only run against 1 envoy version
These tests are slow enough that it seems unlikely that anyone is
running multiple versions locally. If someone wants to, a for loop
outside of run_test.sh should do the right thing.
Remove unused vars.
* Remove logic to iterate over test cases, run a single case
* Add a golang runner for integration tests
* Use build tags for envoy integration tests
And add junit-xml report
If not artificially limited by setting JOBS env var,
broccoli-babel-transpiler will attempt to parallelize across the number
of CPUs on the host VM rather than the Docker container, resulting in CI
jobs being killed due to running out of memory.
* bump ember-build-prod and ember-build to medium+ to prevent OOM errors
* filter frontend workflow to only run on master, ui-staging, and ui/* branches
The previous PR which added these was accidentally performing the download
in the root directory. For the api, and sdk directories it should be in done
in the same directory that will be used to run tests. Otherwise the
wrong dependencies will be downloaded which may add unnecessary time to
the CI run.
Run 'go mod download' first so that dependencies are pulled in a
separate step. This makes the test splitting and test output easier
to scroll through.
Remove test splitting from the api/sdk test runs. These jobs do not
use parallelism, so there is no test timing data injected into the
job. They can't be split.
Remove the dependencies from the go-test job, so that we can start
the slowest test job earlier in the workflow.
To reduce the chance of some tests not being run because it does not
match the regex passed to '-run'.
Also document why some tests are allowed to be skipped on CI.
37897bfc27 made it possible to use
the -m flag with cherry-pick, even when the target is not a merge commit.
This commit changes the image used to run the cherry-pick job to alpine so that we get
a more recent version of git.
The alpine image will also download much faster when the CI node does not have the image cached.
This change assumes that it is always safe to use the first commit
parent as the mainline. I believe this assumption is safe with a
github merge workflow.
Using golangci-lint has a number of advantages:
- adding new linters becomes much easier, its a couple lines of yaml config
instead of more bash scripting
- it enables whitelisting of issues using inline comments or regex
- when running multiple linters less work is done. The parsed source can be reused
by multiple linters
- linters are run in parallel to reduce CI runtime.
- You can no longer cross submodule boundaries with ./... in go
subcommands like `go list` or `go test`. The makefile and CI scripts
were updated accordingly.
- Also of note: `go mod vendor` now omits things build ignored.
* add 1.12.2
* add envoy 1.13.0
* Introduce -envoy-version to get 1.10.0 passing.
* update old version and fix consul-exec case
* add envoy_version and fix check
* Update Envoy CLI tests to account for the 1.13 compatibility changes.
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
* ui: Make API integration tests aware of CONSUL_NSPACES_ENABLED
* ui: Allow passing CONSUL_NSPACES_ENABLED in via the cli in ember
* ui: Add more makefile targets/package scripts to switch NSPACEs on/off
* ui: Ensure all acceptance tests continue to pass with NSPACEs on/off
This required a little tweaking of the dictionary, at some point
page-navigation and some of these little tweaks will no longer be
required
* ui: Try running CI frontend tests in two parellel runs oss/ent
* ui: Use correct make target, use different names for the reports
* ui: Move CI to use the Makefile for testing (+ tmporary removal of exam)
* ui: make a specific test-ci target as we are using --path dist
--path dist looks for a previous build to test against, in CI this
exists as we run a build first, but locally potentially this dist folder
doesn't
* vault-ca-provider: add make target and CI test-integration job for /agent/connect/ca/ Vault Provider tests
* load env vars in the vault-ca-provider ci job
* add checkout task, see if we need to attach workspace or not
* ci: remove vault dependency from go-test job to ensure we only run the vault-provider tests in their job
* ci: fix from RB and Alvin code review, add mod cache after checkout
* ci: add CI context to make target and store test results
* ci: fix whitespace
* ci: create test results directory before we try to write to it
* ACL Authorizer overhaul
To account for upcoming features every Authorization function can now take an extra *acl.EnterpriseAuthorizerContext. These are unused in OSS and will always be nil.
Additionally the acl package has received some thorough refactoring to enable all of the extra Consul Enterprise specific authorizations including moving sentinel enforcement into the stubbed structs. The Authorizer funcs now return an acl.EnforcementDecision instead of a boolean. This improves the overall interface as it makes multiple Authorizers easily chainable as they now indicate whether they had an authoritative decision or should use some other defaults. A ChainedAuthorizer was added to handle this Authorizer enforcement chain and will never itself return a non-authoritative decision.
* Include stub for extra enterprise rules in the global management policy
* Allow for an upgrade of the global-management policy