Skip to content

Commit

Permalink
auto-merge envoyproxy/envoy[release/v1.31] into envoyproxy/envoy-open…
Browse files Browse the repository at this point in the history
…ssl[release/v1.31]

* upstream/release/v1.31:
  repo: Dev v1.31.6
  repo: Release v1.31.5
  [balsa] fix for 1xx response mixup
  happy_eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
  http/1: fix sending overload crash when request is reset
  github/ci: Set default runner in config (#37738)
  repo: Dev v1.31.5
  repo: Release v1.31.4
  build(deps): bump distroless/base-nossl-debian12 from `174f326` to `2a803cc` in /ci (#37410)
  ci: Boost cpu for flakey on_demand integration test (#37294)
  ci: Boost cpu for flakey grpc integration test (#37223)
  ci: Boost mem for integration test (#37009)
  ci/rbe: Boost cpus for more flakey tests (#36942)
  ci/rbe: Boost cpus for some more integration tests (#36930)
  ci/rbe: Boost cpu for another integration test (#36885)
  ci/rbe: Boost cpus for more integration tests (#36837)
  ci/rbe: Boost cpu/mem for more integration tests (#36825)
  ci/rbe: Boost cpus for a couple more integration tests (#36807)
  ci/tests: Boost more worker cores for flakey integration tests (#36793)
  Patch c-ares CVE-2024-25629 (#37269)
  changelog: Add entry for `schema_validation_tool` fix (#37335)
  ci/bazel: Fix repo config (#37349)
  github/ci: Only trigger pr-notifier ci on `main` PRs (#37336)
  validator: add in removed extension (#37261)
  limit calculated sampling exponent (#37240)
  build(deps): bump distroless/base-nossl-debian12 from `aa91f01` to `174f326` in /ci (#37119)
  deps/api: Bump `envoy_toolshed` -> 0.1.16 (#37219)
  deps: Bump python -> 3.12.3 (#35334)
  headers/geoip: Fix macro (#36964)
  bazel: Make `ci` config common (#37027)
  bazel/distribution: Cleanups to fix aquery (#36977)
  ci: Add bazel client caching (#37096)
  Add release note for "Relax recent SNI restrictions" (#37000)
  Relax recent SNI restrictions (#36950)
  ci/rbe: Boost cpu for another flakey integration test
  repo: Dev v1.31.4
  repo: Release v1.31.3
  ci: Fix coverage/docs upload redirect path (#36423)
  build(deps): bump distroless/base-nossl-debian12 from `e130c09` to `aa91f01` in /ci (#36847)
  bazel/ci: Add repo customizations (#36831)
  ci/codeql: Only run on main branch (#36806)
  ci/rbe: Boost quic integration test (#36805)
  deps/release: Bump Ubuntu -> 0e5e4a5 (#36723)
  ci/tests: Revert some integration tests to `2core` (#36784)
  ci/rbe: Switch rbe pools `2core` -> `6gig` (#36761)
  ocsp/formatting: Fix format issue in generated cert (#36763)
  test/ocsp: Renew certificates (#36755)
  ci/rbe: Switch backend RBE cluster (#36730)

Signed-off-by: tedjpoole <[email protected]>
  • Loading branch information
tedjpoole committed Dec 31, 2024
2 parents de293d8 + b649747 commit 559c113
Show file tree
Hide file tree
Showing 445 changed files with 2,090 additions and 1,729 deletions.
49 changes: 26 additions & 23 deletions .bazelrc
Original file line number Diff line number Diff line change
Expand Up @@ -403,9 +403,9 @@ build:remote-ci --config=ci
build:remote-ci --remote_download_minimal

# Note this config is used by mobile CI also.
build:ci --noshow_progress
build:ci --noshow_loading_progress
build:ci --test_output=errors
common:ci --noshow_progress
common:ci --noshow_loading_progress
common:ci --test_output=errors

# Fuzz builds

Expand Down Expand Up @@ -522,26 +522,28 @@ build:rbe-engflow --bes_upload_mode=fully_async
build:rbe-engflow --nolegacy_important_outputs

# RBE (Engflow Envoy)
build:common-envoy-engflow --google_default_credentials=false
build:common-envoy-engflow --credential_helper=*.engflow.com=%workspace%/bazel/engflow-bazel-credential-helper.sh
build:common-envoy-engflow --grpc_keepalive_time=30s

build:cache-envoy-engflow --remote_cache=grpcs://morganite.cluster.engflow.com
build:cache-envoy-engflow --remote_timeout=3600s
build:bes-envoy-engflow --bes_backend=grpcs://morganite.cluster.engflow.com/
build:bes-envoy-engflow --bes_results_url=https://morganite.cluster.engflow.com/invocation/
build:bes-envoy-engflow --bes_timeout=3600s
build:bes-envoy-engflow --bes_upload_mode=fully_async
build:bes-envoy-engflow --nolegacy_important_outputs
build:rbe-envoy-engflow --remote_executor=grpcs://morganite.cluster.engflow.com
build:rbe-envoy-engflow --remote_default_exec_properties=container-image=docker://gcr.io/envoy-ci/envoy-build@sha256:7adc40c09508f957624c4d2e0f5aeecb73a59207ee6ded53b107eac828c091b2
build:rbe-envoy-engflow --jobs=200
build:rbe-envoy-engflow --define=engflow_rbe=true

build:remote-envoy-engflow --config=common-envoy-engflow
build:remote-envoy-engflow --config=cache-envoy-engflow
build:remote-envoy-engflow --config=bes-envoy-engflow
build:remote-envoy-engflow --config=rbe-envoy-engflow
common:common-envoy-engflow --google_default_credentials=false
common:common-envoy-engflow --credential_helper=*.engflow.com=%workspace%/bazel/engflow-bazel-credential-helper.sh
common:common-envoy-engflow --grpc_keepalive_time=30s

common:cache-envoy-engflow --remote_cache=grpcs://mordenite.cluster.engflow.com
common:cache-envoy-engflow --remote_timeout=3600s
common:bes-envoy-engflow --bes_backend=grpcs://mordenite.cluster.engflow.com/
common:bes-envoy-engflow --bes_results_url=https://mordenite.cluster.engflow.com/invocation/
common:bes-envoy-engflow --bes_timeout=3600s
common:bes-envoy-engflow --bes_upload_mode=fully_async
common:bes-envoy-engflow --nolegacy_important_outputs
common:rbe-envoy-engflow --remote_executor=grpcs://mordenite.cluster.engflow.com
common:rbe-envoy-engflow --remote_default_exec_properties=container-image=docker://gcr.io/envoy-ci/envoy-build@sha256:7adc40c09508f957624c4d2e0f5aeecb73a59207ee6ded53b107eac828c091b2
common:rbe-envoy-engflow --jobs=200
common:rbe-envoy-engflow --define=engflow_rbe=true

common:remote-envoy-engflow --config=common-envoy-engflow
common:remote-envoy-engflow --config=cache-envoy-engflow
common:remote-envoy-engflow --config=rbe-envoy-engflow

common:remote-cache-envoy-engflow --config=common-envoy-engflow
common:remote-cache-envoy-engflow --config=cache-envoy-engflow

#############################################################################
# debug: Various Bazel debugging flags
Expand All @@ -565,6 +567,7 @@ common:debug --config=debug-sandbox
common:debug --config=debug-coverage
common:debug --config=debug-tests

try-import %workspace%/repo.bazelrc
try-import %workspace%/clang.bazelrc
try-import %workspace%/user.bazelrc
try-import %workspace%/local_tsan.bazelrc
Expand Down
2 changes: 1 addition & 1 deletion .github/config.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
agent-ubuntu: ubuntu-22.04
agent-ubuntu: ubuntu-24.04
build-image:
# Authoritative configuration for build image/s
repo: envoyproxy/envoy-build-ubuntu
Expand Down
11 changes: 7 additions & 4 deletions .github/workflows/_publish_build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,7 @@ jobs:
name: Release (arm64)
arch: arm64
bazel-extra: >-
--config=cache-envoy-engflow
--config=bes-envoy-engflow
--config=remote-cache-envoy-engflow
rbe: false
runs-on: envoy-arm64-medium

Expand All @@ -84,8 +83,7 @@ jobs:
uses: ./.github/workflows/_run.yml
with:
bazel-extra: >-
--config=cache-envoy-engflow
--config=bes-envoy-engflow
--config=remote-cache-envoy-engflow
downloads: |
release.${{ matrix.arch }}: release/${{ matrix.arch }}/bin/
target: ${{ matrix.target }}
Expand Down Expand Up @@ -159,6 +157,11 @@ jobs:
uses: ./.github/workflows/_run.yml
with:
target: release.signed
bazel-extra: >-
--//distribution:x64-packages=//distribution:custom/x64/packages.x64.tar.gz
--//distribution:arm64-packages=//distribution:custom/arm64/packages.arm64.tar.gz
--//distribution:x64-release=//distribution:custom/x64/bin/release.tar.zst
--//distribution:arm64-release=//distribution:custom/arm64/bin/release.tar.zst
cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
downloads: |
packages.arm64: envoy/arm64/
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/_publish_verify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,5 @@ jobs:
target: verify_distro
arch: arm64
bazel-extra: >-
--config=cache-envoy-engflow
--config=bes-envoy-engflow
--config=remote-cache-envoy-engflow
runs-on: envoy-arm64-small
6 changes: 4 additions & 2 deletions .github/workflows/codeql-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@ on:
paths:
- include/**
- source/common/**
branches-ignore:
- dependabot/**
branches:
- main
pull_request:
branches:
- main

concurrency:
group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}
Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/envoy-macos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,7 @@ jobs:
_BAZEL_BUILD_EXTRA_OPTIONS=(
--remote_download_toplevel
--flaky_test_attempts=2
--config=bes-envoy-engflow
--config=cache-envoy-engflow
--config=common-envoy-engflow
--config=remote-cache-envoy-engflow
--config=ci)
export BAZEL_BUILD_EXTRA_OPTIONS=${_BAZEL_BUILD_EXTRA_OPTIONS[*]}
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/pr_notifier.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
on:
pull_request:
branches:
- main
workflow_dispatch:
schedule:
- cron: '0 5 * * 1,2,3,4,5'
Expand Down
17 changes: 12 additions & 5 deletions .github/workflows/request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,25 @@ concurrency:

jobs:
request:
# For branches this can be pinned to a specific version if required
# NB: `uses` cannot be dynamic so it _must_ be hardcoded anywhere it is read
uses: envoyproxy/envoy/.github/workflows/_request.yml@main
if: ${{ vars.ENVOY_CI || github.repository == 'envoyproxy/envoy' }}
permissions:
actions: read
contents: read
# required for engflow/bazel caching (not yet used)
packages: read
# required to fetch merge commit
pull-requests: read
secrets:
# these are required to start checks
app-key: ${{ secrets.ENVOY_CI_APP_KEY }}
app-id: ${{ secrets.ENVOY_CI_APP_ID }}
lock-app-key: ${{ secrets.ENVOY_CI_MUTEX_APP_KEY }}
lock-app-id: ${{ secrets.ENVOY_CI_MUTEX_APP_ID }}
gcs-cache-key: ${{ secrets.GCS_CACHE_WRITE_KEY }}
with:
gcs-cache-bucket: ${{ vars.ENVOY_CACHE_BUCKET }}
# For branches this can be pinned to a specific version if required
# NB: `uses` cannot be dynamic so it _must_ be hardcoded anywhere it is read
uses: envoyproxy/envoy/.github/workflows/_request.yml@main
if: >-
${{ github.repository == 'envoyproxy/envoy'
|| (vars.ENVOY_CI && github.event_name != 'schedule')
|| (vars.ENVOY_SCHEDULED_CI && github.event_name == 'schedule') }}
2 changes: 1 addition & 1 deletion VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.31.3-dev
1.31.6-dev
6 changes: 3 additions & 3 deletions api/bazel/repository_locations.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -190,12 +190,12 @@ REPOSITORY_LOCATIONS_SPEC = dict(
project_name = "envoy_toolshed",
project_desc = "Tooling, libraries, runners and checkers for Envoy proxy's CI",
project_url = "https://github.com/envoyproxy/toolshed",
version = "0.1.3",
sha256 = "ee6d0b08ae3d9659f5fc34d752578af195147b153f8ca68eb4f8530aceb764d9",
version = "0.1.16",
sha256 = "06939757b00b318e89996ca3d4d2468ac2da1ff48a7b2cd9146b2054c3ff4769",
strip_prefix = "toolshed-bazel-v{version}/bazel",
urls = ["https://github.com/envoyproxy/toolshed/archive/bazel-v{version}.tar.gz"],
use_category = ["build"],
release_date = "2024-04-16",
release_date = "2024-11-18",
cpe = "N/A",
license = "Apache-2.0",
license_url = "https://github.com/envoyproxy/envoy/blob/bazel-v{version}/LICENSE",
Expand Down
19 changes: 19 additions & 0 deletions bazel/foreign_cc/cares.patch
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,22 @@ index ca597db7ad..2f8e4de30d 100644
if (err < 0) {
ares__close_socket(channel, s);
return ARES_ECONNREFUSED;
diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c
index 38beda6f..9fbdc5e6 100644
--- a/src/lib/ares__read_line.c
+++ b/src/lib/ares__read_line.c
@@ -60,6 +60,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
if (!fgets(*buf + offset, bytestoread, fp))
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
len = offset + strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n')
{
(*buf)[len - 1] = 0;
2 changes: 1 addition & 1 deletion bazel/python_dependencies.bzl
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
load("@com_google_protobuf//bazel:system_python.bzl", "system_python")
load("@envoy_toolshed//:packages.bzl", "load_packages")
load("@python3_11//:defs.bzl", "interpreter")
load("@python3_12//:defs.bzl", "interpreter")
load("@rules_python//python:pip.bzl", "pip_parse")

def envoy_python_dependencies():
Expand Down
7 changes: 0 additions & 7 deletions bazel/repositories.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -1464,13 +1464,6 @@ filegroup(
build_file_content = BUILD_ALL_CONTENT,
)

# This archive provides Kafka client in Python, so we can use it to interact with Kafka server
# during integration tests.
external_http_archive(
name = "kafka_python_client",
build_file_content = BUILD_ALL_CONTENT,
)

def _com_github_fdio_vpp_vcl():
external_http_archive(
name = "com_github_fdio_vpp_vcl",
Expand Down
2 changes: 1 addition & 1 deletion bazel/repositories_extra.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ def _python_minor_version(python_version):
return "_".join(python_version.split(".")[:-1])

# Python version for `rules_python`
PYTHON_VERSION = "3.11.9"
PYTHON_VERSION = "3.12.3"
PYTHON_MINOR_VERSION = _python_minor_version(PYTHON_VERSION)

# Envoy deps that rely on a first stage of dependency loading in envoy_dependencies().
Expand Down
13 changes: 0 additions & 13 deletions bazel/repository_locations.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -1380,19 +1380,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
release_date = "2023-07-21",
use_category = ["test_only"],
),
kafka_python_client = dict(
project_name = "Kafka (Python client)",
project_desc = "Open-source distributed event streaming platform",
project_url = "https://kafka.apache.org",
version = "2.0.2",
sha256 = "5dcf87c559e7aee4f18d621a02e247db3e3552ee4589ca611d51eef87b37efed",
strip_prefix = "kafka-python-{version}",
urls = ["https://github.com/dpkp/kafka-python/archive/{version}.tar.gz"],
release_date = "2020-09-30",
use_category = ["test_only"],
license = "Apache-2.0",
license_url = "https://github.com/dpkp/kafka-python/blob/{version}/LICENSE",
),
proxy_wasm_cpp_sdk = dict(
project_name = "WebAssembly for Proxies (C++ SDK)",
project_desc = "WebAssembly for Proxies (C++ SDK)",
Expand Down
6 changes: 6 additions & 0 deletions changelogs/1.29.10.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
date: October 29, 2024

bug_fixes:
- area: tracing
change: |
Fixed a bug where the OpenTelemetry tracer exports the OTLP request even when no spans are present.
15 changes: 15 additions & 0 deletions changelogs/1.29.11.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
date: December 8, 2024

minor_behavior_changes:
- area: dns
change: |
Patched c-ares to address CVE-2024-25629.
bug_fixes:
- area: access_log
change: |
Relaxed the restriction on SNI logging to allow the ``_`` character, even if
``envoy.reloadable_features.sanitize_sni_in_access_log`` is enabled.
- area: validation/tools
change: |
Add back missing extension for ``schema_validator_tool``.
6 changes: 6 additions & 0 deletions changelogs/1.29.12.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
date: December 18, 2024

bug_fixes:
- area: http/1
change: |
Fixes sending overload crashes when HTTP/1 request is reset.
6 changes: 6 additions & 0 deletions changelogs/1.30.7.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
date: October 29, 2024

bug_fixes:
- area: tracing
change: |
Fixed a bug where the OpenTelemetry tracer exports the OTLP request even when no spans are present.
18 changes: 18 additions & 0 deletions changelogs/1.30.8.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
date: December 8, 2024

minor_behavior_changes:
- area: dns
change: |
Patched c-ares to address CVE-2024-25629.
bug_fixes:
- area: access_log
change: |
Relaxed the restriction on SNI logging to allow the ``_`` character, even if
``envoy.reloadable_features.sanitize_sni_in_access_log`` is enabled.
- area: tracers
change: |
Avoid possible overflow when setting span attributes in Dynatrace sampler.
- area: validation/tools
change: |
Add back missing extension for ``schema_validator_tool``.
9 changes: 9 additions & 0 deletions changelogs/1.30.9.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
date: December 18, 2024

bug_fixes:
- area: http/1
change: |
Fixes sending overload crashes when HTTP/1 request is reset.
- area: happy_eyeballs
change: |
Validate that ``additional_address`` are IP addresses instead of crashing when sorting.
6 changes: 6 additions & 0 deletions changelogs/1.31.3.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
date: October 29, 2024

bug_fixes:
- area: tracing
change: |
Fixed a bug where the OpenTelemetry tracer exports the OTLP request even when no spans are present.
18 changes: 18 additions & 0 deletions changelogs/1.31.4.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
date: December 8, 2024

minor_behavior_changes:
- area: dns
change: |
Patched c-ares to address CVE-2024-25629.
bug_fixes:
- area: access_log
change: |
Relaxed the restriction on SNI logging to allow the ``_`` character, even if
``envoy.reloadable_features.sanitize_sni_in_access_log`` is enabled.
- area: tracers
change: |
Avoid possible overflow when setting span attributes in Dynatrace sampler.
- area: validation/tools
change: |
Add back missing extension for ``schema_validator_tool``.
13 changes: 13 additions & 0 deletions changelogs/1.31.5.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
date: December 18, 2024

bug_fixes:
- area: http/1
change: |
Fixes sending overload crashes when HTTP/1 request is reset.
- area: happy_eyeballs
change: |
Validate that ``additional_address`` are IP addresses instead of crashing when sorting.
- area: balsa
change: |
Fix incorrect handling of non-101 1xx responses. This fix can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.wait_for_first_byte_before_balsa_msg_done`` to false.
3 changes: 0 additions & 3 deletions changelogs/current.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,6 @@ minor_behavior_changes:

bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: tracing
change: |
Fixed a bug where the OpenTelemetry tracer exports the OTLP request even when no spans are present.

removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
Expand Down
Loading

0 comments on commit 559c113

Please sign in to comment.