luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge branch 'main' into krastin/docs/sidecarservice-typo

This commit is contained in:
Krastin Krastev 2022-07-21 10:51:39 +03:00
parent 40c0519d46 706e0def2e
commit 7f2eea5be3
2808 changed files with 161243 additions and 75594 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/10996.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
ui: removed external dependencies for serving UI assets in favor of Go's native embed capabilities
```

4
.changelog/11500.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:bugfix
rpc: Adds a deadline to client RPC calls, so that streams will no longer hang
indefinitely in unstable network conditions. [[GH-8504](https://github.com/hashicorp/consul/issues/8504)]
```

3
.changelog/12079.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
logging: fix a bug with incorrect severity syslog messages (all messages were sent with NOTICE severity).
```

3
.changelog/12311.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:note
Forked net/rpc to add middleware support: https://github.com/hashicorp/consul-net-rpc/ .
```

3
.changelog/12329.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
config: automatically reload config when a file changes using the `auto-reload-config` CLI flag or `auto_reload_config` config option.
```

3
.changelog/12354.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
ui: Include details on ACL policy dispositions required for unauthorized views
```

3
.changelog/12399.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:enhancement
catalog: Add per-node indexes to reduce watchset firing for unrelated nodes and services.
```

7
.changelog/12511.txt Normal file
View File

@ -0,0 +1,7 @@
```release-note:feature
server: ensure that service-defaults meta is incorporated into the discovery chain response
```
```release-note:feature
server: discovery chains now include a response field named "Default" to indicate if they were not constructed from any service-resolver, service-splitter, or service-router config entries
```

15
.changelog/12522.txt Normal file
View File

@ -0,0 +1,15 @@
```release-note:deprecation
agent: deprecate older syntax for specifying TLS min version values
```
```release-note:deprecation
agent: remove support for specifying insecure TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suites
```
```release-note:enhancement
agent: add additional validation to TLS config
```
```release-note:enhancement
agent: bump default min version for connections to TLS 1.2
```
```release-note:enhancement
agent: add support for specifying TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher suites
```

3
.changelog/12565.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
replication: Fixed a bug which could prevent ACL replication from continuing successfully after a leader election.
```

3
.changelog/12573.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
rpc: (beta): add a new metric `consul.rpc.server.call` with labels
for `method`, `errored`, `rpc_type`, `request_type`.

3
.changelog/12583.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
acl: Added an AWS IAM auth method that allows authenticating to Consul using AWS IAM identities
```

3
.changelog/12601.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry
```

3
.changelog/12607.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
connect/ca: cancel old Vault renewal on CA configuration. Provide a 1 - 6 second backoff on repeated token renewal requests to prevent overwhelming Vault.
```

9
.changelog/12617.txt Normal file
View File

@ -0,0 +1,9 @@
```release-note:improvement
autopilot: Autopilot state is now tracked on Raft followers in addition to the leader.
Stale queries may be used to query for the non-leaders state.
```
```release-note:improvement
autopilot: The `autopilot.healthy` and `autopilot.failure_tolerance` metrics are now
regularly emitted by all servers.
```

3
.changelog/12640.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
health: ensure /v1/health/service/:service endpoint returns the most recent results when a filter is used with streaming #12640
```

3
.changelog/12646.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
metrics: The `consul.raft.boltdb.writeCapacity` metric was added and indicates a theoretical number of writes/second that can be performed to Consul.
```

4
.changelog/12655.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:improvement
Removed impediments to using a namespace prefixed IntermediatePKIPath
in a CA definition.
```

3
.changelog/12670.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
cli: The `token read` command now supports the `-expanded` flag to display detailed role and policy information for the token.
```

3
.changelog/12672.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:security
connect: Properly set SNI when configured for services behind a terminating gateway.
```

3
.changelog/12675.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:breaking-change
telemetry: the disable_compat_1.9 option now defaults to true. 1.9 style `consul.http...` metrics can still be enabled by setting `disable_compat_1.9 = false`. However, we will remove these metrics in 1.13.
```

3
.changelog/12678.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
ca: Root certificates can now be consumed from a gRPC streaming endpoint: `WatchRoots`
```

3
.changelog/12681.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
xds: Add the ability to invoke AWS Lambdas through terminating gateways.
```

3
.changelog/12685.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:security
agent: Added a new check field, `disable_redirects`, that allows for disabling the following of redirects for HTTP checks. The intention is to default this to true in a future release so that redirects must explicitly be enabled.
```

3
.changelog/12695.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
grpc: New gRPC service and endpoint to return the list of supported consul dataplane features
```

3
.changelog/12711.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections
```

3
.changelog/12722.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
checks: add UDP health checks..
```

3
.changelog/12725.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
agent: improve log messages when a service with a critical health check is deregistered due to exceeding the deregister_critical_service_after timeout
```

4
.changelog/12727.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:improvement
telemetry: Add new `leader` label to `consul.rpc.server.call` and optional `target_datacenter`, `locality`,
`allow_stale`, and `blocking` optional labels.
```

3
.changelog/12739.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
deps: update to latest go-discover to fix vulnerable transitive jwt-go dependency
```

3
.changelog/12774.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
acl: Improve handling of region-specific endpoints in the AWS IAM auth method. As part of this, the `STSRegion` field was removed from the auth method config.
```

3
.changelog/12777.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4
```

3
.changelog/12786.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
ui: Added support for AWS IAM Auth Methods
```

3
.changelog/12787.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
ca: Leaf certificates can now be obtained via the gRPC API: `Sign`
```

3
.changelog/12791.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:enhancement
api: add QueryBackend to QueryMeta so an api user can determine if a query was served using which backend (streaming or blocking query).
```

5
.changelog/12793.txt Normal file
View File

@ -0,0 +1,5 @@
```release-note:bug
The Connect CA Vault system now sets the Namespace (if present) prior
to attempting to login to Vault. This means the AuthMethod needs to
be in the specified namespace. Previously the AuthMethod needed to be
in the root namespace to work.

3
.changelog/12797.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
acl: Fix parsing of IAM user and role tags in IAM auth method
```

3
.changelog/12805.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
connect: Add Envoy 1.22.0 to support matrix, remove 1.18.6
```

3
.changelog/12807.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
acl: Clarify node/service identities must be lowercase
```

3
.changelog/12808.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:note
dependency: Upgrade to use Go 1.18.1
```

3
.changelog/12819.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
grpc: Add a new ServerDiscovery.WatchServers gRPC endpoint for being notified when the set of ready servers has changed.
```

3
.changelog/12820.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
ca: fix a bug that caused a non blocking leaf cert query after a blocking leaf cert query to block
```

3
.changelog/12825.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
grpc: New gRPC endpoint to return envoy bootstrap parameters.
```

3
.changelog/12844.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
raft: upgrade to v1.3.8 which fixes a bug where non cluster member can still be able to participate in an election.
```

3
.changelog/12846.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:note
ci: change action to pull v1 instead of main
```

3
.changelog/12865.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
telemetry: Added `consul.raft.thread.main.saturation` and `consul.raft.thread.fsm.saturation` metrics to measure approximate saturation of the Raft goroutines
```

3
.changelog/12878.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
xds: Envoy now inserts x-forwarded-client-cert for incoming proxy connections
```

4
.changelog/12881.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:enhancement
connect: add validation to ensure connect native services have a port or socketpath specified on catalog registration.
This was the only missing piece to ensure all mesh services are validated for a port (or socketpath) specification on catalog registration.
```

3
.changelog/12885.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
acl: Fixed a bug where the ACL down policy wasn't being applied on remote errors from the primary datacenter.
```

4
.changelog/12904.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:improvement
Support Vault namespaces in Connect CA by adding RootPKINamespace and
IntermediatePKINamespace fields to the config.
```

3
.changelog/12914.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:enhancement
api: add the ability to specify a path prefix for when consul is behind a reverse proxy or API gateway
```

3
.changelog/12935.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
acl: It is now possible to login and logout using the gRPC API
```

3
.changelog/12956.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
xds: Add the ability to invoke AWS Lambdas through sidecar proxies.
```

3
.changelog/12961.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
api: agent/self now returns version with +ent suffix for Enterprise Consul
```

3
.changelog/13001.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:enhancement
api: `merge-central-config` query parameter support added to some catalog and health endpoints to view a fully resolved service definition (especially when not written into the catalog that way).
```

3
.changelog/13012.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
proxycfg: Fixed a minor bug that would cause configuring a terminating gateway to watch too many service resolvers and waste resources doing filtering.
```

3
.changelog/13051.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
deps: Update go-grpc/grpc, resolving connection memory leak
```

3
.changelog/13062.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
serf: upgrade serf to v0.9.8 which fixes a bug that crashes Consul when serf keyrings are listed
```

3
.changelog/13071.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
Fix a bug when configuring an `add_headers` directive named `Host` the header is not set for `v1/internal/ui/metrics-proxy/` endpoint.
```

5
.changelog/13091.txt Normal file
View File

@ -0,0 +1,5 @@
```release-note:improvement
config: introduce `telemetry.retry_failed_connection` in agent configuration to
retry on failed connection to any telemetry backend. This prevents the agent from
exiting if the given DogStatsD DNS name is unresolvable, for example.
```

3
.changelog/13118.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
config: fix backwards compatibility bug where setting the (deprecated) top-level `verify_incoming` option would enable TLS client authentication on the gRPC port
```

3
.changelog/13127.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
fix a bug that caused an error when creating `grpc` or `http2` ingress gateway listeners with multiple services
```

3
.changelog/13143.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
connect: Added a `max_inbound_connections` setting to service-defaults for limiting the number of concurrent inbound connections to each service instance.
```

3
.changelog/13183.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
ui: Re-instate '...' icon for row actions
```

3
.changelog/13256.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
agent: Fixed a bug in HTTP handlers where URLs were being decoded twice
```

3
.changelog/13304.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
telemetry: Added a `consul.server.isLeader` metric to track if a server is a leader or not.
```

3
.changelog/13344.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
kvs: Fixed a bug where query options were not being applied to KVS.Get RPC operations.
```

4
.changelog/13357.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:feature
agent: Added information about build date alongside other version information for Consul. Extended /agent/self endpoint and `consul version` commands
to report this. Agent also reports build date in log on startup.
```

3
.changelog/13394.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
ui: upgrade ember-composable-helpers to v5.x
```

3
.changelog/13409.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
ui: Fix incorrect text on certain page empty states
```

3
.changelog/13421.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
dns: Added support for specifying admin partition in node lookups.
```

3
.changelog/13431.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
connect: Update Envoy support matrix to latest patch releases (1.22.2, 1.21.3, 1.20.4, 1.19.5)
```

3
.changelog/13450.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:enhancement
api: `merge-central-config` query parameter support added to `/catalog/node-services/:node-name` API, to view a fully resolved service definition (especially when not written into the catalog that way).
```

4
.changelog/13481.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:improvement
command: Add support for enabling TLS in the Envoy Prometheus endpoint via the `consul connect envoy` command.
Adds the `-prometheus-ca-file`, `-prometheus-ca-path`, `-prometheus-cert-file` and `-prometheus-key-file` flags.
```

3
.changelog/13532.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:breaking-change
telemetry: config flag `telemetry { disable_compat_1.9 = (true|false) }` has been removed. Before upgrading you should remove this flag from your config if the flag is being used.
```

3
.changelog/13607.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
xds: Fix a bug that resulted in Lambda services not using the payload-passthrough option as expected.
```

3
.changelog/13658.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
streaming: Added topics for `ingress-gateway`, `mesh`, `service-intentions` and `service-resolver` config entry events.
```

4
.changelog/13677.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:feature
cli: A new flag for config delete to delete a config entry in a
valid config file, e.g., config delete -filename intention-allow.hcl
```

3
.changelog/13686.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:enhancement
ui: Add new CopyableCode component and use it in certain pre-existing areas
```

3
.changelog/13687.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
server: broadcast the public grpc port using lan serf and update the consul service in the catalog with the same data
```

3
.changelog/13699.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
xds: Fix a bug where terminating gateway upstream clusters weren't configured properly when the service protocol was `http2`.
```

3
.changelog/13722.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:feature
streaming: Added topic that can be used to consume updates about the list of services in a datacenter
```

3
.changelog/13787.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
cli: when `acl token read` is used with the `-self` and `-expanded` flags, return an error instead of panicking
```

6
.changelog/13807.txt Normal file
View File

@ -0,0 +1,6 @@
```release-note: improvement
connect: Add Envoy 1.23.0 to support matrix
```
```release-note: breaking-change
connect: Removes support for Envoy 1.19
```

3
.changelog/_12855.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
snapshot-agent: **(Enterprise only)** Fix a bug where providing the ACL token to the snapshot agent via a CLI or ENV variable without a license configured results in an error during license auto-retrieval.
```

3
.changelog/_1679.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:breaking-change
config-entry: Exporting a specific service name across all namespace is invalid.
```

3
.changelog/_1728.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
usagemetrics: **(Enterprise only)** Fix a bug where Consul usage metrics stopped being reported when upgrading servers from 1.10 to 1.11 or later.
```

3
.changelog/_1737.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
namespace: **(Enterprise Only)** Unreserve `consul` namespace to allow K8s namespace mirroring when deploying in `consul` K8s namespace .
```

5
.circleci/bash_env.sh
View File

@ -4,4 +4,7 @@ export GIT_COMMIT=$(git rev-parse --short HEAD)
export GIT_COMMIT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
export GIT_DIRTY=$(test -n "`git status --porcelain`" && echo "+CHANGES" || true)
export GIT_IMPORT=github.com/hashicorp/consul/version
export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY}"
# we're using this for build date because it's stable across platform builds
# the env -i and -noprofile are used to ensure we don't try to recursively call this profile when starting bash
export GIT_DATE=$(env -i /bin/bash --noprofile -norc ${CIRCLE_WORKING_DIRECTORY}/build-support/scripts/build-date.sh)
export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X ${GIT_IMPORT}.BuildDate=${GIT_DATE}"

384
.circleci/config.yml
View File

@ -12,18 +12,8 @@ parameters:
description: "Boolean whether to run the load test workflow"
references:
images:
# When updating the Go version, remember to also update the versions in the
# workflows section for go-test-lib jobs.
go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.17.5
ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:14-browsers
paths:
test-results: &TEST_RESULTS_DIR /tmp/test-results
cache:
yarn: &YARN_CACHE_KEY consul-ui-v7-{{ checksum "ui/yarn.lock" }}
environment: &ENVIRONMENT
TEST_RESULTS_DIR: *TEST_RESULTS_DIR
EMAIL: noreply@hashicorp.com
@ -31,7 +21,21 @@ references:
GIT_COMMITTER_NAME: circleci-consul
S3_ARTIFACT_BUCKET: consul-dev-artifacts-v2
BASH_ENV: .circleci/bash_env.sh
VAULT_BINARY_VERSION: 1.2.2
VAULT_BINARY_VERSION: 1.9.4
GO_VERSION: 1.18.1
envoy-versions: &supported_envoy_versions
- &default_envoy_version "1.20.6"
- "1.21.4"
- "1.22.2"
- "1.23.0"
images:
# When updating the Go version, remember to also update the versions in the
# workflows section for go-test-lib jobs.
go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.18.1
ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:14-browsers
ubuntu: &UBUNTU_CI_IMAGE ubuntu-2004:202201-02
cache:
yarn: &YARN_CACHE_KEY consul-ui-v9-{{ checksum "ui/yarn.lock" }}
steps:
install-gotestsum: &install-gotestsum
@ -169,6 +173,14 @@ jobs:
- run: go install github.com/hashicorp/lint-consul-retry@master && lint-consul-retry
- run: *notify-slack-failure
lint-enums:
docker:
- image: *GOLANG_IMAGE
steps:
- checkout
- run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./...
- run: *notify-slack-failure
lint:
description: "Run golangci-lint"
parameters:
@ -177,6 +189,7 @@ jobs:
default: ""
docker:
- image: *GOLANG_IMAGE
resource_class: xlarge
environment:
GOTAGS: "" # No tags for OSS but there are for enterprise
GOARCH: "<<parameters.go-arch>>"
@ -185,14 +198,12 @@ jobs:
- run: go env
- run:
name: Install golangci-lint
command: |
download=https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh
wget -O- -q $download | sh -x -s -- -d -b /home/circleci/go/bin v1.40.1
command: make lint-tools
- run: go mod download
- run:
name: lint
command: &lintcmd |
golangci-lint run --build-tags="$GOTAGS" -v --concurrency 2
golangci-lint run --build-tags="$GOTAGS" -v
- run:
name: lint api
working_directory: api
@ -224,22 +235,16 @@ jobs:
- image: *GOLANG_IMAGE
environment:
<<: *ENVIRONMENT
# tput complains if this isn't set to something.
TERM: ansi
steps:
- checkout
- run:
name: Install protobuf
command: |
wget https://github.com/protocolbuffers/protobuf/releases/download/v3.12.3/protoc-3.12.3-linux-x86_64.zip
sudo unzip -d /usr/local protoc-*.zip
sudo chmod +x /usr/local/bin/protoc
rm protoc-*.zip
command: make proto-tools
- run:
name: Install gogo/protobuf
command: |
gogo_version=$(go list -m github.com/gogo/protobuf | awk '{print $2}')
go install -v github.com/hashicorp/protoc-gen-go-binary@master
go install -v github.com/gogo/protobuf/protoc-gen-gofast@${gogo_version}
name: "Protobuf Format"
command: make proto-format
- run:
command: make --always-make proto
- run: |
@ -247,11 +252,14 @@ jobs:
echo "Generated code was not updated correctly"
exit 1
fi
- run:
name: "Protobuf Lint"
command: make proto-lint
go-test-arm64:
machine:
image: ubuntu-2004:202101-01
resource_class: arm.medium
image: *UBUNTU_CI_IMAGE
resource_class: arm.large
parallelism: 4
environment:
<<: *ENVIRONMENT
@ -262,10 +270,10 @@ jobs:
steps:
- checkout
- run:
command: |
command: |
sudo rm -rf /usr/local/go
wget https://golang.org/dl/go1.17.5.linux-arm64.tar.gz
sudo tar -C /usr/local -xzvf go1.17.5.linux-arm64.tar.gz
wget https://dl.google.com/go/go${GO_VERSION}.linux-arm64.tar.gz
sudo tar -C /usr/local -xzvf go${GO_VERSION}.linux-arm64.tar.gz
- run: *install-gotestsum
- run: go mod download
- run:
@ -278,10 +286,11 @@ jobs:
fi
- run-go-test-full:
go_test_flags: 'if ! [[ "$CIRCLE_BRANCH" =~ ^main$|^release/ ]]; then export GO_TEST_FLAGS="-short"; fi'
go-test:
docker:
- image: *GOLANG_IMAGE
resource_class: large
parallelism: 4
environment:
<<: *ENVIRONMENT
@ -330,14 +339,15 @@ jobs:
path: /tmp/jsonfile
- run: *notify-slack-failure
# go-test-32bit is to catch problems where 64-bit ints must be 64-bit aligned
# go-test-32bit is to catch problems where 64-bit ints must be 64-bit aligned
# to use them with sync/atomic. See https://golang.org/pkg/sync/atomic/#pkg-note-BUG.
# Running tests with GOARCH=386 seems to be the best way to detect this
# Running tests with GOARCH=386 seems to be the best way to detect this
# problem. Only runs tests that are -short to limit the time we spend checking
# for these bugs.
go-test-32bit:
docker:
- image: *GOLANG_IMAGE
resource_class: large
environment:
<<: *ENVIRONMENT
GOTAGS: "" # No tags for OSS but there are for enterprise
@ -411,6 +421,7 @@ jobs:
build-distros: &build-distros
docker:
- image: *GOLANG_IMAGE
resource_class: large
environment: &build-env
<<: *ENVIRONMENT
steps:
@ -420,7 +431,7 @@ jobs:
command: |
for os in $XC_OS; do
target="./pkg/bin/${GOOS}_${GOARCH}/"
GOOS="$os" CGO_ENABLED=0 go build -o "$target" -ldflags "$(GOLDFLAGS)" -tags "$(GOTAGS)"
GOOS="$os" CGO_ENABLED=0 go build -o "${target}" -ldflags "${GOLDFLAGS}" -tags "${GOTAGS}"
done
# save dev build to CircleCI
@ -448,6 +459,7 @@ jobs:
build-arm:
docker:
- image: *GOLANG_IMAGE
resource_class: large
environment:
<<: *ENVIRONMENT
CGO_ENABLED: 1
@ -480,6 +492,7 @@ jobs:
dev-build:
docker:
- image: *GOLANG_IMAGE
resource_class: large
environment:
<<: *ENVIRONMENT
steps:
@ -551,17 +564,17 @@ jobs:
# Run integration tests on nomad/v0.8.7
nomad-integration-0_8:
docker:
- image: docker.mirror.hashicorp.services/circleci/golang:1.10
- image: docker.mirror.hashicorp.services/cimg/go:1.10
environment:
<<: *ENVIRONMENT
NOMAD_WORKING_DIR: &NOMAD_WORKING_DIR /go/src/github.com/hashicorp/nomad
NOMAD_WORKING_DIR: &NOMAD_WORKING_DIR /home/circleci/go/src/github.com/hashicorp/nomad
NOMAD_VERSION: v0.8.7
steps: &NOMAD_INTEGRATION_TEST_STEPS
- run: git clone https://github.com/hashicorp/nomad.git --branch ${NOMAD_VERSION} ${NOMAD_WORKING_DIR}
# get consul binary
- attach_workspace:
at: /go/bin
at: /home/circleci/go/bin
# make dev build of nomad
- run:
@ -591,57 +604,13 @@ jobs:
# run integration tests on nomad/main
nomad-integration-main:
docker:
- image: docker.mirror.hashicorp.services/circleci/golang:1.17 # TODO: replace with cimg/go (requires steps update)
- image: docker.mirror.hashicorp.services/cimg/go:1.18
environment:
<<: *ENVIRONMENT
NOMAD_WORKING_DIR: /go/src/github.com/hashicorp/nomad
NOMAD_WORKING_DIR: /home/circleci/go/src/github.com/hashicorp/nomad
NOMAD_VERSION: main
steps: *NOMAD_INTEGRATION_TEST_STEPS
build-website-docker-image:
docker:
- image: docker.mirror.hashicorp.services/circleci/buildpack-deps
shell: /usr/bin/env bash -euo pipefail -c
steps:
- checkout
- setup_remote_docker
- run:
name: Build Docker Image if Necessary
command: |
# Ignore job if running an enterprise build
IMAGE_TAG=$(cat website/Dockerfile website/package-lock.json | sha256sum | awk '{print $1;}')
echo "Using $IMAGE_TAG"
if [ "$CIRCLE_REPOSITORY_URL" != "git@github.com:hashicorp/consul.git" ]; then
echo "Not Consul OSS Repo, not building website docker image"
elif curl https://hub.docker.com/v2/repositories/hashicorp/consul-website/tags/$IMAGE_TAG -fsL > /dev/null; then
echo "Dependencies have not changed, not building a new website docker image."
else
cd website/
docker build -t hashicorp/consul-website:$IMAGE_TAG .
docker tag hashicorp/consul-website:$IMAGE_TAG hashicorp/consul-website:latest
docker login -u $WEBSITE_DOCKER_USER -p $WEBSITE_DOCKER_PASS
docker push hashicorp/consul-website
fi
- run: *notify-slack-failure
algolia-index:
docker:
- image: docker.mirror.hashicorp.services/node:14
steps:
- checkout
- run:
name: Push content to Algolia Index
command: |
if [ "$CIRCLE_REPOSITORY_URL" != "git@github.com:hashicorp/consul.git" ]; then
echo "Not Consul OSS Repo, not indexing Algolia"
exit 0
fi
cd website/
npm install -g npm@latest
npm install
node scripts/index_search_content.js
- run: *notify-slack-failure
# build frontend yarn cache
frontend-cache:
docker:
@ -710,23 +679,6 @@ jobs:
- packages/consul-ui/dist
- run: *notify-slack-failure
# build static-assets file
build-static-assets:
docker:
- image: *GOLANG_IMAGE
steps:
- checkout
- attach_workspace:
at: ./pkg
- run: mv pkg/packages/consul-ui/dist pkg/web_ui # 'make static-assets' looks for the 'pkg/web_ui' path
- run: make tools
- run: make static-assets
- persist_to_workspace:
root: .
paths:
- ./agent/uiserver/bindata_assetfs.go
- run: *notify-slack-failure
# commits static assets to git
publish-static-assets:
docker:
@ -739,7 +691,12 @@ jobs:
- attach_workspace:
at: .
- run:
name: commit agent/uiserver/bindata_assetfs.go if there are UI changes
name: move compiled ui files to agent/uiserver
command: |
rm -rf agent/uiserver/dist
mv packages/consul-ui/dist agent/uiserver
- run:
name: commit agent/uiserver/dist/ if there are UI changes
command: |
# check if there are any changes in ui/
# if there are, we commit the ui static asset file
@ -747,14 +704,14 @@ jobs:
if ! git diff --quiet --exit-code HEAD^! ui/; then
git config --local user.email "github-team-consul-core@hashicorp.com"
git config --local user.name "hc-github-team-consul-core"
# -B resets the CI branch to main which may diverge history
# but we will force push anyways.
git checkout -B ci/main-assetfs-build main
short_sha=$(git rev-parse --short HEAD)
git add agent/uiserver/bindata_assetfs.go
git commit -m "auto-updated agent/uiserver/bindata_assetfs.go from commit ${short_sha}"
git add agent/uiserver/dist/
git commit -m "auto-updated agent/uiserver/dist/ from commit ${short_sha}"
git push --force origin ci/main-assetfs-build
else
echo "no UI changes so no static assets to publish"
@ -849,20 +806,82 @@ jobs:
command: make test-coverage-ci
- run: *notify-slack-failure
envoy-integration-test-1_17_4: &ENVOY_TESTS
docker:
# We only really need bash and docker-compose which is installed on all
# Circle images but pick Go since we have to pick one of them.
- image: *GOLANG_IMAGE
parallelism: 2
compatibility-integration-test:
machine:
image: *UBUNTU_CI_IMAGE
docker_layer_caching: true
parallelism: 1
steps:
- checkout
# Get go binary from workspace
- attach_workspace:
at: .
# Build the consul-dev image from the already built binary
- run:
command: |
sudo rm -rf /usr/local/go
wget https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
sudo tar -C /usr/local -xzvf go${GO_VERSION}.linux-amd64.tar.gz
environment:
<<: *ENVIRONMENT
- run: *install-gotestsum
- run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile .
- run:
name: Compatibility Integration Tests
command: |
mkdir -p /tmp/test-results/
cd ./test/integration/consul-container
docker run --rm consul:local consul version
gotestsum \
--format=short-verbose \
--debug \
--rerun-fails=3 \
--packages="./..." \
-- \
-timeout=30m \
./... \
--target-version local \
--latest-version latest
ls -lrt
environment:
# this is needed because of incompatibility between RYUK container and circleci
GOTESTSUM_JUNITFILE: /tmp/test-results/results.xml
GOTESTSUM_FORMAT: standard-verbose
COMPOSE_INTERACTIVE_NO_CLI: 1
# tput complains if this isn't set to something.
TERM: ansi
- store_artifacts:
path: ./test/integration/consul-container/upgrade/workdir/logs
destination: container-logs
- store_test_results:
path: *TEST_RESULTS_DIR
- store_artifacts:
path: *TEST_RESULTS_DIR
- run: *notify-slack-failure
envoy-integration-test: &ENVOY_TESTS
machine:
image: *UBUNTU_CI_IMAGE
parallelism: 4
resource_class: medium
parameters:
envoy-version:
type: enum
enum: *supported_envoy_versions
default: *default_envoy_version
xds-target:
type: enum
enum: ["server", "client"]
default: "server"
environment:
ENVOY_VERSION: "1.17.4"
ENVOY_VERSION: << parameters.envoy-version >>
XDS_TARGET: << parameters.xds-target >>
steps: &ENVOY_INTEGRATION_TEST_STEPS
- checkout
# Get go binary from workspace
- attach_workspace:
at: .
- setup_remote_docker
- run: *install-gotestsum
# Build the consul-dev image from the already built binary
- run: docker build -t consul-dev -f ./build-support/docker/Consul-Dev.dockerfile .
- run:
@ -889,21 +908,6 @@ jobs:
path: *TEST_RESULTS_DIR
- run: *notify-slack-failure
envoy-integration-test-1_18_6:
<<: *ENVOY_TESTS
environment:
ENVOY_VERSION: "1.18.6"
envoy-integration-test-1_19_3:
<<: *ENVOY_TESTS
environment:
ENVOY_VERSION: "1.19.3"
envoy-integration-test-1_20_2:
<<: *ENVOY_TESTS
environment:
ENVOY_VERSION: "1.20.2"
# run integration tests for the connect ca providers
test-connect-ca-providers:
docker:
@ -928,34 +932,6 @@ jobs:
path: *TEST_RESULTS_DIR
- run: *notify-slack-failure
# only runs on main: checks latest commit to see if the PR associated has a backport/* or docs* label to cherry-pick
cherry-picker:
docker:
- image: docker.mirror.hashicorp.services/alpine:3.12
steps:
- run: apk add --no-cache --no-progress git bash curl ncurses jq openssh-client
- checkout
- add_ssh_keys: # needs a key to push cherry-picked commits back to github
fingerprints:
- "fc:55:84:15:0a:1d:c8:e9:06:d0:e8:9c:7b:a9:b7:31"
- run: .circleci/scripts/cherry-picker.sh
- run: *notify-slack-failure
trigger-oss-merge:
docker:
- image: docker.mirror.hashicorp.services/alpine:3.12
steps:
- run: apk add --no-cache --no-progress curl jq
- run:
name: trigger oss merge
command: |
curl -s -X POST \
--header "Circle-Token: ${CIRCLECI_API_TOKEN}" \
--header "Content-Type: application/json" \
-d '{"build_parameters": {"CIRCLE_JOB": "oss-merge"}}' \
"https://circleci.com/api/v1.1/project/github/hashicorp/consul-enterprise/tree/${CIRCLE_BRANCH}" | jq -r '.build_url'
- run: *notify-slack-failure
# Run load tests against a commit
load-test:
docker:
@ -988,6 +964,7 @@ jobs:
LOCAL_COMMIT_SHA="<< pipeline.parameters.commit >>"
fi
echo "export LOCAL_COMMIT_SHA=${LOCAL_COMMIT_SHA}" >> $BASH_ENV
git checkout ${LOCAL_COMMIT_SHA}
short_ref=$(git rev-parse --short ${LOCAL_COMMIT_SHA})
echo "export TF_VAR_ami_owners=$LOAD_TEST_AMI_OWNERS" >> $BASH_ENV
@ -1007,7 +984,8 @@ jobs:
working_directory: .circleci/terraform/load-test
name: terraform init
command: |
echo "commit is ${LOCAL_COMMIT_SHA}"
short_ref=$(git rev-parse --short HEAD)
echo "Testing commit id: $short_ref"
terraform init \
-backend-config="bucket=${BUCKET}" \
-backend-config="key=${LOCAL_COMMIT_SHA}" \
@ -1023,7 +1001,7 @@ jobs:
when: always
name: terraform destroy
command: |
terraform destroy -auto-approve
for i in $(seq 1 5); do terraform destroy -auto-approve && s=0 && break || s=$? && sleep 20; done; (exit $s)
- run: *notify-slack-failure
# The noop job is a used as a very fast job in the verify-ci workflow because every workflow
@ -1039,7 +1017,7 @@ workflows:
# verify-ci is a no-op workflow that must run on every PR. It is used in a
# branch protection rule to detect when CI workflows are not running.
verify-ci:
jobs: [ noop ]
jobs: [noop]
go-tests:
unless: << pipeline.parameters.trigger-load-test >>
@ -1052,6 +1030,7 @@ workflows:
- /^docs\/.*/
- /^ui\/.*/
- check-generated-protobuf: *filter-ignore-non-go-branches
- lint-enums: *filter-ignore-non-go-branches
- lint-consul-retry: *filter-ignore-non-go-branches
- lint: *filter-ignore-non-go-branches
- lint:
@ -1062,29 +1041,30 @@ workflows:
- go-test-arm64: *filter-ignore-non-go-branches
- dev-build: *filter-ignore-non-go-branches
- go-test:
requires: [ dev-build ]
- go-test-lib:
name: "go-test-api go1.16"
path: api
go-version: "1.16"
requires: [ dev-build ]
requires: [dev-build]
- go-test-lib:
name: "go-test-api go1.17"
path: api
go-version: "1.17"
requires: [ dev-build ]
requires: [dev-build]
- go-test-lib:
name: "go-test-sdk go1.16"
path: sdk
go-version: "1.16"
<<: *filter-ignore-non-go-branches
name: "go-test-api go1.18"
path: api
go-version: "1.18"
requires: [dev-build]
- go-test-lib:
name: "go-test-sdk go1.17"
path: sdk
go-version: "1.17"
<<: *filter-ignore-non-go-branches
- go-test-lib:
name: "go-test-sdk go1.18"
path: sdk
go-version: "1.18"
<<: *filter-ignore-non-go-branches
- go-test-race: *filter-ignore-non-go-branches
- go-test-32bit: *filter-ignore-non-go-branches
- noop
build-distros:
unless: << pipeline.parameters.trigger-load-test >>
jobs:
@ -1103,20 +1083,12 @@ workflows:
- ember-build-prod:
requires:
- frontend-cache
- build-static-assets:
- publish-static-assets:
requires:
- ember-build-prod
- publish-static-assets:
filters:
branches:
only:
- main
- /release\/\d+\.\d+\.x$/
requires:
- build-static-assets
- dev-build:
requires:
- build-static-assets
- ember-build-prod
- dev-upload-s3:
requires:
- dev-build
@ -1124,6 +1096,7 @@ workflows:
requires:
- dev-build
context: consul-ci
- noop
test-integrations:
unless: << pipeline.parameters.trigger-load-test >>
jobs:
@ -1145,33 +1118,17 @@ workflows:
- nomad-integration-0_8:
requires:
- dev-build
- envoy-integration-test-1_17_4:
- envoy-integration-test:
requires:
- dev-build
- envoy-integration-test-1_18_6:
matrix:
parameters:
envoy-version: *supported_envoy_versions
xds-target: ["server", "client"]
- compatibility-integration-test:
requires:
- dev-build
- envoy-integration-test-1_19_3:
requires:
- dev-build
- envoy-integration-test-1_20_2:
requires:
- dev-build
website:
unless: << pipeline.parameters.trigger-load-test >>
jobs:
- build-website-docker-image:
context: website-docker-image
filters:
branches:
only:
- main
- algolia-index:
filters:
branches:
only:
- stable-website
- noop
frontend:
unless: << pipeline.parameters.trigger-load-test >>
jobs:
@ -1204,23 +1161,8 @@ workflows:
- ember-coverage:
requires:
- ember-build-ent
workflow-automation:
unless: << pipeline.parameters.trigger-load-test >>
jobs:
- trigger-oss-merge:
context: team-consul
filters:
branches:
only:
- main
- /release\/\d+\.\d+\.x$/
- cherry-picker:
context: team-consul
filters:
branches:
only:
- main
- /release\/\d+\.\d+\.x$/
- noop
load-test:
when: << pipeline.parameters.trigger-load-test >>
jobs:

195
.circleci/scripts/cherry-picker.sh
View File

@ -1,195 +0,0 @@
#!/usr/bin/env bash
#
# This script is meant to run on every new commit to main in CircleCI. If the commit comes from a PR, it will
# check the PR associated with the commit for labels. If the label matches `docs*` it will be cherry-picked
# to stable-website. If the label matches `backport/*`, it will be cherry-picked to the appropriate `release/*`
# branch.
# Requires $CIRCLE_PROJECT_USERNAME, $CIRCLE_PROJECT_REPONAME, and $CIRCLE_SHA1 from CircleCI
set -o pipefail
# colorized status prompt
function status {
tput setaf 4
echo "$@"
tput sgr0
}
# Returns the latest GitHub "backport/*" label
function get_latest_backport_label {
local resp
local ret
local latest_backport_label
resp=$(curl -f -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/labels?per_page=100")
ret="$?"
if [[ "$ret" -ne 0 ]]; then
status "The GitHub API returned $ret which means it was probably rate limited."
exit $ret
fi
latest_backport_label=$(echo "$resp" | jq -r '.[] | select(.name | startswith("backport/")) | .name' | sort -rV | head -n1)
echo "$latest_backport_label"
return 0
}
# This function will do the cherry-picking of a commit on a branch
# Exit 1 if cherry-picking fails
function cherry_pick_with_slack_notification {
# Arguments:
# $1 - branch to cherry-pick to
# $2 - commit to cherry-pick
# $3 - url to PR of commit
#
# Return:
# 0 for success
# 1 for error
local branch="$1"
local commit="$2"
local pr_url="$3"
git checkout "$branch" || exit 1
# If git cherry-pick fails or it fails to push, we send a failure notification
if ! (git cherry-pick --mainline 1 "$commit" && git push origin "$branch"); then
status "🍒❌ Cherry pick of commit ${commit:0:7} from $pr_url onto $branch failed!"
# send slack notification
curl -X POST -H 'Content-type: application/json' \
--data \
"{ \
\"attachments\": [ \
{ \
\"fallback\": \"Cherry pick failed!\", \
\"text\": \"🍒❌ Cherry picking of <$pr_url|${commit:0:7}> to \`$branch\` failed!\n\nBuild Log: ${CIRCLE_BUILD_URL}\", \
\"footer\": \"${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}\", \
\"ts\": \"$(date +%s)\", \
\"color\": \"danger\" \
} \
] \
}" "${CONSUL_SLACK_WEBHOOK_URL}"
# post PR comment to GitHub
github_message=":cherries::x: Cherry pick of commit ${commit} onto \`$branch\` failed! [Build Log]($CIRCLE_BUILD_URL)"
pr_id=$(basename ${pr_url})
curl -f -s -H "Authorization: token ${GITHUB_TOKEN}" \
-X POST \
-d "{ \"body\": \"${github_message}\"}" \
"https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/issues/${pr_id}/comments"
# run git status to leave error in CircleCI log
git status
return 1
# Else we send a success notification
else
status "🍒✅ Cherry picking of PR commit ${commit:0:7} from ${pr_url} succeeded!"
curl -X POST -H 'Content-type: application/json' \
--data \
"{ \
\"attachments\": [ \
{ \
\"fallback\": \"Cherry pick succeeded!\", \
\"text\": \"🍒✅ Cherry picking of <$pr_url|${commit:0:7}> to \`$branch\` succeeded!\", \
\"footer\": \"${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}\", \
\"ts\": \"$(date +%s)\", \
\"color\": \"good\" \
} \
] \
}" "${CONSUL_SLACK_WEBHOOK_URL}"
# post PR comment to GitHub
github_message=":cherries::white_check_mark: Cherry pick of commit ${commit} onto \`$branch\` succeeded!"
pr_id=$(basename ${pr_url})
curl -f -s -H "Authorization: token ${GITHUB_TOKEN}" \
-X POST \
-d "{ \"body\": \"${github_message}\"}" \
"https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/issues/${pr_id}/comments"
fi
return 0
}
# search for the PR labels applicable to the specified commit
resp=$(curl -f -s -H "Authorization: token ${GITHUB_TOKEN}" "https://api.github.com/search/issues?q=repo:${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}+sha:${CIRCLE_SHA1}")
ret="$?"
if [[ "$ret" -ne 0 ]]; then
status "The GitHub API returned $ret which means it was probably rate limited."
exit $ret
fi
# get the count from the GitHub API to check if the commit matched a PR
count=$(echo "$resp" | jq '.total_count')
if [[ "$count" -eq 0 ]]; then
status "This commit was not associated with a PR"
exit 0
fi
# save PR number
pr_number=$(echo "$resp" | jq '.items[].number')
# comment on the PR with the build number to make it easy to re-run the job when
# cherry-pick labels are added in the future
github_message=":cherries: If backport labels were added before merging, cherry-picking will start automatically.\n\nTo retroactively trigger a backport after merging, add backport labels and re-run ${CIRCLE_BUILD_URL}."
curl -f -s -H "Authorization: token ${GITHUB_TOKEN}" \
-X POST \
-d "{ \"body\": \"${github_message}\"}" \
"https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/issues/${pr_number}/comments"
# If the API returned a non-zero count, we have found a PR with that commit so we find
# the labels from the PR
# Sorts the labels from a PR via version sort
labels=$(echo "$resp" | jq --raw-output '.items[].labels[] | .name' | sort -rV)
ret="$?"
pr_url=$(echo "$resp" | jq --raw-output '.items[].pull_request.html_url')
if [[ "$ret" -ne 0 ]]; then
status "jq exited with $ret when trying to find label names. Are there labels applied to the PR ($pr_url)?"
# This can be a valid error but usually this means we do not have any labels so it doesn't signal
# cherry-picking is possible. Exit 0 for now unless we run into cases where these failures are important.
exit 0
fi
# Attach label for latest release branch if 'docs-cherrypick' is present. Will noop if already applied.
latest_backport_label=$(get_latest_backport_label)
status "latest backport label is $latest_backport_label"
if echo "$resp" | jq -e '.items[].labels[] | select(.name | contains("docs-cherrypick"))'; then
labels=$(curl -f -s -H "Authorization: token ${GITHUB_TOKEN}" -X POST -d "{\"labels\":[\"$latest_backport_label\"]}" "https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/issues/${pr_number}/labels" | jq --raw-output '.[].name' | sort -rV)
ret="$?"
if [[ "$ret" -ne 0 ]]; then
status "Error applying $latest_backport_label to $pr_url"
exit $ret
fi
fi
git config --local user.email "github-team-consul-core@hashicorp.com"
git config --local user.name "hc-github-team-consul-core"
backport_failures=0
# loop through all labels on the PR
for label in $labels; do
status "checking label: $label"
# if the label matches docs-cherrypick, it will attempt to cherry-pick to stable-website
if [[ $label =~ docs-cherrypick ]]; then
status "backporting to stable-website"
branch="stable-website"
cherry_pick_with_slack_notification "$branch" "$CIRCLE_SHA1" "$pr_url"
backport_failures=$((backport_failures + "$?"))
# else if the label matches backport/*, it will attempt to cherry-pick to the release branch
elif [[ $label =~ backport/* ]]; then
status "backporting to $label"
branch="${label/backport/release}.x"
cherry_pick_with_slack_notification "$branch" "$CIRCLE_SHA1" "$pr_url"
backport_failures=$((backport_failures + "$?"))
fi
# reset the working directory for the next label
git reset --hard
done
if [ "$backport_failures" -ne 0 ]; then
echo "$backport_failures backports failed"
exit 1
fi

4
.circleci/terraform/load-test/main.tf
View File

@ -10,15 +10,17 @@ provider "aws" {
}
module "load-test" {
source = "github.com/hashicorp/consul/test/load/terraform"
source = "../../../test/load/terraform"
vpc_az = ["us-east-2a", "us-east-2b"]
vpc_name = var.vpc_name
vpc_cidr = "10.0.0.0/16"
vpc_allwed_ssh_cidr = "0.0.0.0/0"
public_subnet_cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
private_subnet_cidrs = ["10.0.3.0/24"]
test_public_ip = true
ami_owners = var.ami_owners
consul_download_url = var.consul_download_url
cluster_name = var.cluster_name
cluster_tag_key = var.cluster_tag_key
}

6
.circleci/terraform/load-test/variables.tf
View File

@ -22,3 +22,9 @@ variable "cluster_name" {
type = string
default = "consul-example"
}
variable "cluster_tag_key" {
description = "The tag the EC2 Instances will look for to automatically discover each other and form a cluster."
type = string
default = "consul-ci-load-test"
}

3
.github/CODEOWNERS vendored
View File

@ -5,3 +5,6 @@
/website/content/api-docs/ @hashicorp/consul-docs
# release configuration
/.release/ @hashicorp/release-engineering @hashicorp/github-consul-core
/.github/workflows/build.yml @hashicorp/release-engineering @hashicorp/github-consul-core

38
.github/CONTRIBUTING.md vendored
View File

@ -85,6 +85,25 @@ To build Consul, run `make dev`. In a few moments, you'll have a working
Go provides [tooling to apply consistent code formatting](https://golang.org/doc/effective_go#formatting).
If you make any changes to the code, run `gofmt -s -w` to automatically format the code according to Go standards.
##### Organizing Imports
Group imports using `goimports -local github.com/hashicorp/consul/` to keep [local packages](https://github.com/golang/tools/commit/ed69e84b1518b5857a9f4e01d1f9cefdcc45246e) in their own section.
Example:
```
import (
"context"
"fmt"
"net/http"
"github.com/hashicorp/go-cleanhttp"
"github.com/mitchellh/mapstructure"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/lib"
)
```
#### Updating Go Module Dependencies
If a dependency is added or change, run `go mod tidy` to update `go.mod` and `go.sum`.
@ -137,15 +156,28 @@ When you're ready to submit a pull request:
if your changes aren't finalized but would benefit from in-process feedback.
5. If there's any reason Consul users might need to know about this change,
[add a changelog entry](../docs/contributing/add-a-changelog-entry.md).
6. After you submit, the Consul maintainers team needs time to carefully review your
6. Add labels to your pull request. A table of commonly use labels is below.
If you have any questions about which to apply, feel free to call it out in the PR or comments.
| Label | When to Use |
| --- | --- |
| `pr/no-changelog` | This PR does not have an intended changelog entry |
| `pr/no-metrics-test` | This PR does not require any testing for metrics |
| `backport/stable-website` | This PR contains documentation changes that are ready to be deployed immediately. Changes will also automatically get backported to the latest release branch |
| `backport/1.12.x` | Backport the changes in this PR to the targeted release branch. Consult the [Consul Release Notes](https://www.consul.io/docs/release-notes) page to view active releases. |
Other labels may automatically be added by the Github Action CI.
7. After you submit, the Consul maintainers team needs time to carefully review your
contribution and ensure it is production-ready, considering factors such as: security,
backwards-compatibility, potential regressions, etc.
7. After you address Consul maintainer feedback and the PR is approved, a Consul maintainer
8. After you address Consul maintainer feedback and the PR is approved, a Consul maintainer
will merge it. Your contribution will be available from the next major release (e.g., 1.x)
unless explicitly backported to an existing or previous major release by the maintainer.
9. Any backport labels will generate an additional PR to the targeted release branch.
These will be linked in the original PR.
Assuming the tests pass, the PR will be merged automatically.
If the tests fail, it is you responsibility to resolve the issues with backports and request another reviewer.
#### Checklists
Some common changes that many PRs require are documented through checklists as
`checklist-*.md` files in [docs/](../docs/), including:
- [Adding config fields](../docs/config/checklist-adding-config-fields.md)
- [Adding config fields](../docs/config/checklist-adding-config-fields.md)

18
.github/pull_request_template.md vendored Normal file
View File

@ -0,0 +1,18 @@
### Description
Describe why you're making this change, in plain English.
### Testing & Reproduction steps
* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions to replicate
* Call out any important/ relevant unit tests, e2e tests or integration tests you have added or are adding
### Links
Include any links here that might be helpful for people reviewing your PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc). If there are none, feel free to delete this section.
Please be mindful not to leak any customer or confidential information. HashiCorp employees may want to use our internal URL shortener to obfuscate links.
### PR Checklist
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] not a security concern

2
.github/scripts/metrics_checker.sh vendored
View File

@ -6,7 +6,7 @@ set -uo pipefail
### It is still up to the reviewer to make sure that any tests added are needed and meaningful.
# search for any "new" or modified metric emissions
metrics_modified=$(git --no-pager diff HEAD origin/main | grep -i "SetGauge\|EmitKey\|IncrCounter\|AddSample\|MeasureSince\|UpdateFilter")
metrics_modified=$(git --no-pager diff origin/main...HEAD | grep -i "SetGauge\|EmitKey\|IncrCounter\|AddSample\|MeasureSince\|UpdateFilter")
# search for PR body or title metric references
metrics_in_pr_body=$(echo "${PR_BODY-""}" | grep -i "metric")
metrics_in_pr_title=$(echo "${PR_TITLE-""}" | grep -i "metric")

240
.github/scripts/verify_artifact.sh vendored Executable file
View File

@ -0,0 +1,240 @@
#!/bin/bash
set -euo pipefail
# verify_artifact.sh is the top-level script that implements the logic to decide
# which individual verification script to invoke. It decides which verification
# script to use based on artifact name it is given. By putting the logic in here,
# it keeps the workflow file simpler and easier to manage. It also doubles as a means
# to run verifications locally when necessary.
# set this so we can locate and execute the individual verification scripts.
SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
function usage {
echo "verify_artifact.sh <artifact_path> <expect_version>"
}
# Arguments:
# $1 - artifact path (eg. /artifacts/consul-1.13.0~dev-1.i386.rpm)
# $2 - expected version to match against (eg. v1.13.0-dev)
function main {
local artifact_path="${1:-}"
local expect_version="${2:-}"
if [[ -z "${artifact_path}" ]]; then
echo "ERROR: artifact path argument is required"
usage
exit 1
fi
if [[ -z "${expect_version}" ]]; then
echo "ERROR: expected version argument is required"
usage
exit 1
fi
if [[ ! -e "${artifact_path}" ]]; then
echo "ERROR: ${artifact_path} does not exist"
usage
exit 1
fi
# match against the various artifact names:
# deb packages: consul_${version}-1_${arch}.deb
# rpm packages: consul-${version}-1.${arch}.rpm
# zip packages: consul_${version}_${os}_${arch}.zip
case "${artifact_path}" in
*.rpm) verify_rpm "${artifact_path}" "${expect_version}";;
*.deb) verify_deb "${artifact_path}" "${expect_version}";;
*.zip) verify_zip "${artifact_path}" "${expect_version}";;
*)
echo "${artifact_path} did not match known patterns"
exit 1
;;
esac
}
# Arguments:
# $1 - path to rpm (eg. consul-1.13.0~dev-1.aarch64.rpm)
# $2 - expected version to match against (eg. v1.13.0-dev)
function verify_rpm {
local artifact_path="${1:-}"
local expect_version="${2:-}"
local docker_image
local docker_platform
case "${artifact_path}" in
*.i386.rpm)
docker_platform="linux/386"
docker_image="i386/centos:7"
;;
*.x86_64.rpm)
docker_platform="linux/amd64"
docker_image="amd64/centos:7"
;;
*.armv7hl.rpm)
docker_platform="linux/arm/v7"
docker_image="arm32v7/fedora:36"
;;
*.aarch64.rpm)
docker_platform="linux/arm64"
docker_image="arm64v8/fedora:36"
;;
*)
echo "${artifact_path} did not match known patterns for rpms"
exit 1
;;
esac
echo "executing RPM verification in Docker with these parameters:"
echo "PLATFORM=${docker_platform}"
echo "IMAGE=${docker_image}"
docker run \
--platform=${docker_platform} \
-v $(pwd):/workdir \
-v ${SCRIPT_DIR}:/scripts \
-w /workdir \
${docker_image} \
/scripts/verify_rpm.sh \
"/workdir/${artifact_path}" \
"${expect_version}"
}
# Arguments:
# $1 - path to deb (eg. consul_1.13.0~dev-1_arm64.deb)
# $2 - expected version to match against (eg. v1.13.0-dev)
function verify_deb {
local artifact_path="${1:-}"
local expect_version="${2:-}"
local docker_image
local docker_platform
case "${artifact_path}" in
*_i386.deb)
docker_platform="linux/386"
docker_image="i386/debian:bullseye"
;;
*_amd64.deb)
docker_platform="linux/amd64"
docker_image="amd64/debian:bullseye"
;;
*_armhf.deb)
docker_platform="linux/arm/v7"
docker_image="arm32v7/debian:bullseye"
;;
*_arm64.deb)
docker_platform="linux/arm64"
docker_image="arm64v8/debian:bullseye"
;;
*)
echo "${artifact_path} did not match known patterns for debs"
exit 1
;;
esac
echo "executing DEB verification in Docker with these parameters:"
echo "PLATFORM=${docker_platform}"
echo "IMAGE=${docker_image}"
docker run \
--platform=${docker_platform} \
-v $(pwd):/workdir \
-v ${SCRIPT_DIR}:/scripts \
-w /workdir \
${docker_image} \
/scripts/verify_deb.sh \
"/workdir/${artifact_path}" \
"${expect_version}"
}
# Arguments:
# $1 - path to zip (eg. consul_1.13.0-dev_linux_amd64.zip)
# $2 - expected version to match against (eg. v1.13.0-dev)
function verify_zip {
local artifact_path="${1:-}"
local expect_version="${2:-}"
local machine_os=$(uname -s)
local machine_arch=$(uname -m)
unzip "${artifact_path}"
if [[ ! -e ./consul ]]; then
echo "ERROR: ${artifact_path} did not contain a consul binary"
exit 1
fi
case "${artifact_path}" in
*_darwin_amd64.zip)
if [[ "${machine_os}" = 'Darwin' ]]; then
# run the darwin binary if the host is Darwin.
${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version}
else
echo "cannot run darwin binary on a non-darwin host (${machine_os})"
fi
;;
*_linux_386.zip | *_linux_amd64.zip)
if [[ "${machine_os}" = 'Linux' && "${machine_arch}" = "x86_64" ]]; then
# run the binary directly on the host when it's x86_64 Linux
${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version}
else
# otherwise, use Docker/QEMU
docker run \
--platform=linux/amd64 \
-v $(pwd):/workdir \
-v ${SCRIPT_DIR}:/scripts \
-w /workdir \
amd64/debian \
/scripts/verify_bin.sh \
./consul \
"${expect_version}"
fi
;;
*_linux_arm.zip)
if [[ "${machine_os}" = 'Linux' && "${machine_arch}" = arm* ]]; then
# run the binary directly on the host when it's x86_64 Linux
${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version}
else
# otherwise, use Docker/QEMU
docker run \
--platform=linux/arm/v7 \
-v $(pwd):/workdir \
-v ${SCRIPT_DIR}:/scripts \
-w /workdir \
arm32v7/debian \
/scripts/verify_bin.sh \
./consul \
"${expect_version}"
fi
;;
*_linux_arm64.zip)
if [[ "${machine_os}" = 'Linux' && "${machine_arch}" = arm* ]]; then
# run the binary directly on the host when it's x86_64 Linux
${SCRIPT_DIR}/verify_bin.sh ./consul ${expect_version}
else
# otherwise, use Docker/QEMU
docker run \
--platform=linux/arm64 \
-v $(pwd):/workdir \
-v ${SCRIPT_DIR}:/scripts \
-w /workdir \
arm64v8/debian \
/scripts/verify_bin.sh \
./consul \
"${expect_version}"
fi
;;
*)
echo "${artifact_path} did not match known patterns for zips"
exit 1
;;
esac
}
main "$@"

44
.github/scripts/verify_bin.sh vendored Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
set -euo pipefail
# verify_bin.sh validates the file at the path given and then runs `./consul version` and inspects its output. If its
# output doesn't match the version given, the script will exit 1 and report why it failed.
# This is meant to be run as part of the build workflow to verify the built .zip meets some basic criteria for validity.
function usage {
echo "./verify_bin.sh <path_to_bin> <expect_version>"
}
function main {
local bin_path="${1:-}"
local expect_version="${2:-}"
local got_version
if [[ -z "${bin_path}" ]]; then
echo "ERROR: path to binary argument is required"
usage
exit 1
fi
if [[ -z "${expect_version}" ]]; then
echo "ERROR: expected version argument is required"
usage
exit 1
fi
if [[ ! -e "${bin_path}" ]]; then
echo "ERROR: package at ${bin_path} does not exist."
exit 1
fi
got_version="$( awk '{print $2}' <(head -n1 <(${bin_path} version)) )"
if [ "${got_version}" != "${expect_version}" ]; then
echo "Test FAILED"
echo "Got: ${got_version}, Want: ${expect_version}"
exit 1
fi
echo "Test PASSED"
}
main "$@"

57
.github/scripts/verify_deb.sh vendored Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
set -euo pipefail
# verify_deb.sh tries to install the .deb package at the path given before running `consul version`
# to inspect its output. If its output doesn't match the version given, the script will exit 1 and
# report why it failed. This is meant to be run as part of the build workflow to verify the built
# .deb meets some basic criteria for validity.
# set this so we can locate and execute the verify_bin.sh script for verifying version output
SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
function usage {
echo "./verify_deb.sh <path_to_deb> <expect_version>"
}
function main {
local deb_path="${1:-}"
local expect_version="${2:-}"
local got_version
if [[ -z "${deb_path}" ]]; then
echo "ERROR: package path argument is required"
usage
exit 1
fi
if [[ -z "${expect_version}" ]]; then
echo "ERROR: expected version argument is required"
usage
exit 1
fi
# expand globs for path names, if this fails, the script will exit
deb_path=$(echo ${deb_path})
if [[ ! -e "${deb_path}" ]]; then
echo "ERROR: package at ${deb_path} does not exist."
usage
exit 1
fi
# we have to install the 'arm' architecture in order to install the 'arm'
# package, otherwise we will git a 'package architecture does not match system' error
if [[ ${deb_path} = *_arm.deb ]]; then
dpkg --add-architecture arm
fi
apt -y update
apt -y install openssl
dpkg -i ${deb_path}
# use the script that should be located next to this one for verifying the output
exec "${SCRIPT_DIR}/verify_bin.sh" $(which consul) "${expect_version}"
}
main "$@"

Some files were not shown because too many files have changed in this diff Show More