Commit Graph

62 Commits

Author SHA1 Message Date
Seth Hoenig 3f29e59e6e
build: update go version to go1.19.1 (#14653)
minor update, no CL needed
2022-09-22 09:40:01 -05:00
Luiz Aoqui ad48401219
chore: move changelog file to the right folder (#14639) 2022-09-21 13:50:22 -04:00
Luiz Aoqui c3c8ae584f
api: provide more detail on ACL bootstrap request error (#14629) 2022-09-20 21:20:04 -04:00
Seth Hoenig bf0e83e3a0
deps: run all dependabot configs over the weekend (#14608) 2022-09-16 10:50:57 -05:00
Seth Hoenig c9bbe5230d
ci: no need to run unit tests for e2e/ui changes (#14607) 2022-09-16 09:58:06 -05:00
Seth Hoenig 91e32eec9b build: update to go1.19 2022-08-16 08:40:57 -05:00
Luiz Aoqui e91d36902f
ci: delete generated files after build (#14070)
The generated files are created as part of the final build process but
should not present in the repository afterwards.
2022-08-10 20:36:03 -04:00
Seth Hoenig 35c76098d6 build: update to go1.18.5 2022-08-02 07:36:35 -05:00
Michael Schurter adb3de7abb
deps: run dependabot weekly (#13723) 2022-07-12 12:50:09 -07:00
Seth Hoenig 8392ee8988 build: update to go1.18.3
Release Notes:
https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg

Contains 4 security fixes - the 2 related to Windows might be relevant.
2022-07-01 10:12:56 -05:00
Charlie Voiselle a5045b3f0f
Quote assignees value to fix dependabot.yaml parsing error (#13372) 2022-06-14 15:07:52 -04:00
Luiz Aoqui 5adec31cea
ci: remove step that generates GO_LDFLAGS (#13314)
These flags were not being used because GNUmakefile overwrites them with
another value. We also don't want to set `-s -w` since they remove
information that is important for production debug.

In other projects this variable is used to override the default `-dev`
prerelease that is set even if `VersionPrerelease` is empty, but in
Nomad this check is never actually done because this conditional in
`version/version.go` is always false:

```go
func GetVersion() *VersionInfo {
  // ...
  rel := VersionPrerelease
  // ...
  if GitDescribe == "" && rel == "" && VersionPrerelease != "" {
    rel = "dev"
  }
  // ...
}
```

This seems like some leftover from a previous release process, but I
decided the leave the code as is.
2022-06-14 12:36:15 -04:00
Tim Gross 141823da58
website: set dependabot assignees (#12969)
The website build code has been moved out to another repository, so
what's remaining here is local development tooling. Assign these PRs to
the web platform team, but also cut down on the noise we're sending
their way.
2022-06-01 11:40:32 -04:00
Seth Hoenig f7c0e078a9 build: update golang version to 1.18.2
This PR update to Go 1.18.2. Also update the versions of hclfmt
and go-hclogfmt which includes newer dependencies necessary for dealing
with go1.18.

The hcl v2 branch is now 'nomad-v2.9.1+tweaks2', to include a fix for
newer macOS versions: 8927e75e82
2022-05-25 10:04:04 -05:00
Seth Hoenig 626a345fb2 ci: switch to 22.04 LTS for GHA Core CI tests 2022-05-25 08:19:40 -05:00
Thomas Wunderlich ba6f81d843
Use the postinstall script
It appears that the postinstall script was created but never used.
This change is to actually use the post-install script.
2022-05-19 12:49:44 -04:00
Luiz Aoqui eb50273b32
ci: update backport assitant workflow (#12899)
Remove the step to automatically backport `backport/website` PRs to the
latest release. This will be done manually by adding the proper tags.

Also use squash backports to match the pattern we use for `main`.
2022-05-06 10:15:59 -04:00
Luiz Aoqui c502a249b9
ci: revert file changes and add some checks (#12873)
During the release there are several files that need to be modified:

  - .release/ci.hcl: the notification channel needs to be updated to a
    channel with greater team visibility during the release.
  - version/version.go: the Version and VersionPrerelease variables
    need to be set so they match the release version.

After the release these files need to be reverted.

For GA releases the following additional changes also need to happen:

  - version/version.go: the Version variable needs to be bumped to the
    next version number.
  - GNUMakefile: the LAST_RELEASE variable needs to be set to the
    version that was just released.

Since the release process will commit file changes to the branch being
used for the release, it should _never_ run on main, so the first step
is now to protect against that.

It also adds a validation to make the user input version is correct.

After looking at the different release options and steps I noticed that
automatic CHANGELOG generation is actually the exception, so it would be
better to have the default to be false.
2022-05-05 18:07:51 -04:00
Phil Renaud b67bd4c377
Percy snapshot tests (#12872)
* Sample percy test added

* Node engine up to 14.x for UI prep

* Force ui test rerun

* Updated config.yml

* Node v upgraded to 14 for docker image

* Expect length in test

* Running ember tests under percy exec

* Percy exec format

* Percy cli added

* Noop to rerun tests with updated percy_token

* Evals full list and details open snapshots

* Pretty legit use of assert so disable the warning

* Jobs list tests

* Snapshots for top-level clients, servers, ACL, topology, and storage lists

* Expect caveat for Topology test

* Stabilizing tests with faker seeded to 1

* Seed-stabilizing any tests with percySnapshots

* Faker import

* Drop unused param

* Assets and test audit using an older node version

* New strategy: avoid seeding, just use percyCSS to hide certain things
2022-05-05 16:05:13 -04:00
Luiz Aoqui 6c3473b778
ci: update the `hashicorp/actions-generate-metadata` action version (#12813) 2022-04-28 15:24:55 -04:00
Luiz Aoqui 0830e3c787
ci: fix build workflow trigger on push (#12806) 2022-04-28 11:15:54 -04:00
Luiz Aoqui cca49a054f
ci: setup release process with CRT (#12781) 2022-04-27 20:14:23 -04:00
Seth Hoenig bf54ef26be build: update golang to 1.17.9 2022-04-21 11:43:01 -05:00
Seth Hoenig 47040391bb ci: ensure package coverage of test-core 2022-04-14 19:04:06 -05:00
Luiz Aoqui 8b2ea6b61b
ci: fix backport target branch pattern (#12571) 2022-04-14 14:12:41 -04:00
claire labry d2a3fa1921
updates for backport assistant (#12311) 2022-04-12 14:01:19 -04:00
Luiz Aoqui cd15e3386c
ci: skip prerelease if triggered by the generate assets workflow (#12504) 2022-04-07 16:04:53 -04:00
claire labry 6f7f7277d5
[Main] Onboard to CRT (#12276) 2022-04-06 11:47:02 -04:00
Seth Hoenig 52aaf86f52 raw_exec: make raw exec driver work with cgroups v2
This PR adds support for the raw_exec driver on systems with only cgroups v2.

The raw exec driver is able to use cgroups to manage processes. This happens
only on Linux, when exec_driver is enabled, and the no_cgroups option is not
set. The driver uses the freezer controller to freeze processes of a task,
issue a sigkill, then unfreeze. Previously the implementation assumed cgroups
v1, and now it also supports cgroups v2.

There is a bit of refactoring in this PR, but the fundamental design remains
the same.

Closes #12351 #12348
2022-04-04 16:11:38 -05:00
Seth Hoenig 4381aa122f ci: correctly ignore subpaths in gha 2022-04-01 09:49:40 -05:00
Seth Hoenig e256afdfee ci: set test log level off in gha 2022-03-25 13:43:33 -05:00
Seth Hoenig e85fbaf0ac ci: cleanup verbose mode and enable for gha
test_checks.sh was removed in 2019 and now just breaks if VERBOSE is
set when running tests via make targets

in GHA, use verbose mode to display what tests are running
2022-03-24 15:15:05 -05:00
Seth Hoenig 2e5c6de820 client: enable support for cgroups v2
This PR introduces support for using Nomad on systems with cgroups v2 [1]
enabled as the cgroups controller mounted on /sys/fs/cgroups. Newer Linux
distros like Ubuntu 21.10 are shipping with cgroups v2 only, causing problems
for Nomad users.

Nomad mostly "just works" with cgroups v2 due to the indirection via libcontainer,
but not so for managing cpuset cgroups. Before, Nomad has been making use of
a feature in v1 where a PID could be a member of more than one cgroup. In v2
this is no longer possible, and so the logic around computing cpuset values
must be modified. When Nomad detects v2, it manages cpuset values in-process,
rather than making use of cgroup heirarchy inheritence via shared/reserved
parents.

Nomad will only activate the v2 logic when it detects cgroups2 is mounted at
/sys/fs/cgroups. This means on systems running in hybrid mode with cgroups2
mounted at /sys/fs/cgroups/unified (as is typical) Nomad will continue to
use the v1 logic, and should operate as before. Systems that do not support
cgroups v2 are also not affected.

When v2 is activated, Nomad will create a parent called nomad.slice (unless
otherwise configured in Client conifg), and create cgroups for tasks using
naming convention <allocID>-<task>.scope. These follow the naming convention
set by systemd and also used by Docker when cgroups v2 is detected.

Client nodes now export a new fingerprint attribute, unique.cgroups.version
which will be set to 'v1' or 'v2' to indicate the cgroups regime in use by
Nomad.

The new cpuset management strategy fixes #11705, where docker tasks that
spawned processes on startup would "leak". In cgroups v2, the PIDs are
started in the cgroup they will always live in, and thus the cause of
the leak is eliminated.

[1] https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html

Closes #11289
Fixes #11705 #11773 #11933
2022-03-23 11:35:27 -05:00
Seth Hoenig 8eea6e3aa3 ci: scope to push, ignore more dirs, update go update script 2022-03-18 12:47:38 -05:00
Seth Hoenig 57bd480062 ci: turn on testing in github actions 2022-03-18 11:12:24 -05:00
Luiz Aoqui 5e9f4be2a1
ci: add semgrep (#11934) 2022-01-26 16:32:47 -05:00
Kevin Wang 9f9e813515
fix: backport release branch target (#11627) 2021-12-07 09:45:46 -05:00
Kevin Wang f3104cadab
feat: `backport.yml` (#11613) 2021-12-06 17:35:33 -05:00
Luiz Aoqui c80f760db7
ui: update node version in GitHub Actions 2021-11-05 20:33:40 -04:00
Luiz Aoqui 84416303b2
dependabot: set proper theme/* labels (#11154) 2021-09-10 09:41:05 -04:00
Kent 'picat' Gruber 907442656f Add configuration for `/api` using Go modules 2021-09-03 08:43:05 -04:00
Kent 'picat' Gruber b70ad3c190 Add configuration for `/website` using NPM 2021-07-29 11:03:26 -04:00
Kent 'picat' Gruber ec69a71c63 Add initial Dependabot configuration 2021-07-29 10:52:25 -04:00
Zachary Shilton 9f14bb2c67
website: support hidden pages in nav-data (#10510)
* website: bump to docs-page prerelease with hidden page support

* website: remove temp check for hidden pages, covered by docs-page

* website: bump to stable docs-page, w next-mdx-remote bump
2021-05-06 13:20:03 -04:00
Zachary Shilton b1bd139c3c
website: add check for unlinked content (#10425)
* website: add unlinked content check

* website: remove unused guides-navigation.js
2021-04-23 11:11:09 -04:00
Drew Bailey 08f02ecf3b
fix typo (#10112) 2021-03-03 15:16:57 -05:00
Drew Bailey e5a854017c
adds issue templates for bugs and features, links to discuss, learn guides (#10111)
* adds issue templates for bugs and features, links to discuss and learn guides

* fix smart quotes
2021-03-03 14:59:57 -05:00
Buck Doyle 528b13f69d
Fix audit workflow action versions (#9877)
This fixes the version reference error seen in this workflow failure:
https://github.com/hashicorp/nomad/actions/runs/504695096

I’ve also included an update to the sticky comment action version to address this warning in the above link:

marocchino/sticky-pull-request-comment@33a6cfb looks like the shortened version of a commit SHA. Referencing actions by the short SHA will be disabled soon. Please see https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions.

We were previously using 33a6cfb after the maintainer merged my PR to allow the comment to be read from a file, there was no released version with that, but it’s now included in v2.0.0.
2021-01-26 09:06:22 -06:00
Buck Doyle 27f73f2b7b
Change to fork of audit to log flaky tests (#9518)
This will report the names of flaky tests instead of just counting them.
2021-01-21 08:25:16 -06:00
Jamie Finnigan a70dbe9a6a remove local SECURITY.md in favor of org-wide policy 2020-08-24 15:41:28 -07:00