-
Notifications
You must be signed in to change notification settings - Fork 4.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'NET-6409' of ssh://github.com/hashicorp/consul into NET…
…-6409
- Loading branch information
Showing
210 changed files
with
9,188 additions
and
4,333 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
```release-note:security | ||
Upgrade `google.golang.org/grpc` to 1.56.3. | ||
This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -487,6 +487,88 @@ jobs: | |
DD_ENV: ci | ||
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml | ||
|
||
integration-test-with-deployer: | ||
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} | ||
needs: | ||
- setup | ||
permissions: | ||
id-token: write # NOTE: this permission is explicitly required for Vault auth. | ||
contents: read | ||
strategy: | ||
fail-fast: false | ||
env: | ||
DEPLOYER_CONSUL_DATAPLANE_IMAGE: "docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.3-dev" | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. | ||
- name: Setup Git | ||
if: ${{ endsWith(github.repository, '-enterprise') }} | ||
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" | ||
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | ||
with: | ||
go-version-file: 'go.mod' | ||
- run: go env | ||
- name: Build image | ||
run: make test-compat-integ-setup | ||
- name: Integration Tests | ||
run: | | ||
mkdir -p "${{ env.TEST_RESULTS_DIR }}" | ||
export NOLOGBUFFER=1 | ||
cd ./test-integ | ||
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ | ||
--raw-command \ | ||
--format=standard-verbose \ | ||
--debug \ | ||
-- \ | ||
go test \ | ||
-tags "${{ env.GOTAGS }}" \ | ||
-timeout=20m \ | ||
-parallel=2 \ | ||
-json \ | ||
`go list -tags "${{ env.GOTAGS }}" ./... | grep -v peering_commontopo` \ | ||
--target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ | ||
--target-version local \ | ||
--latest-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ | ||
--latest-version latest | ||
env: | ||
# this is needed because of incompatibility between RYUK container and GHA | ||
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml | ||
GOTESTSUM_FORMAT: standard-verbose | ||
COMPOSE_INTERACTIVE_NO_CLI: 1 | ||
# tput complains if this isn't set to something. | ||
TERM: ansi | ||
# NOTE: ENT specific step as we store secrets in Vault. | ||
- name: Authenticate to Vault | ||
if: ${{ endsWith(github.repository, '-enterprise') }} | ||
id: vault-auth | ||
run: vault-auth | ||
|
||
# NOTE: ENT specific step as we store secrets in Vault. | ||
- name: Fetch Secrets | ||
if: ${{ endsWith(github.repository, '-enterprise') }} | ||
id: secrets | ||
uses: hashicorp/[email protected] | ||
with: | ||
url: ${{ steps.vault-auth.outputs.addr }} | ||
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} | ||
token: ${{ steps.vault-auth.outputs.token }} | ||
secrets: | | ||
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; | ||
- name: prepare datadog-ci | ||
if: ${{ !endsWith(github.repository, '-enterprise') }} | ||
run: | | ||
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" | ||
chmod +x /usr/local/bin/datadog-ci | ||
- name: upload coverage | ||
# do not run on forks | ||
if: github.event.pull_request.head.repo.full_name == github.repository | ||
env: | ||
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" | ||
DD_ENV: ci | ||
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml | ||
|
||
test-integrations-success: | ||
needs: | ||
|
@@ -498,6 +580,7 @@ jobs: | |
- generate-envoy-job-matrices | ||
- envoy-integration-test | ||
- compatibility-integration-test | ||
- integration-test-with-deployer | ||
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} | ||
if: always() && needs.conditional-skip.outputs.skip-ci != 'true' | ||
steps: | ||
|
Oops, something went wrong.