From f60092be56eeaf5eb033fc3d2fac2e3d53eadf80 Mon Sep 17 00:00:00 2001 From: BugFest Date: Sat, 18 Nov 2023 17:06:12 +0100 Subject: [PATCH] release/0.10.0 (helm chart 0.1.15) (#70) * Add release branch filter for helm chart release * fix/controller: fix auth client dir permissions * release/0.10.0 --------- Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> --- .github/workflows/main-tag.yml | 9 +- .github/workflows/main.yml | 6 +- .github/workflows/release.yml | 3 +- CHANGELOG.md | 164 +++++++++++++++++++++++++------ Dockerfile.tor-daemon | 2 +- Dockerfile.tor-daemon-manager | 2 +- README.md | 6 +- agents/tor/local/controller.go | 2 +- charts/tor-controller/Chart.yaml | 4 +- charts/tor-controller/README.md | 6 +- 10 files changed, 160 insertions(+), 44 deletions(-) diff --git a/.github/workflows/main-tag.yml b/.github/workflows/main-tag.yml index 27eb5c6..bed5dfb 100644 --- a/.github/workflows/main-tag.yml +++ b/.github/workflows/main-tag.yml @@ -3,10 +3,13 @@ name: Build multiarch image - tag on: push: tags: - - '[0-9]+.[0-9]+.[0-9]+' - + - "[0-9]+.[0-9]+.[0-9]+" + - "[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+" + branches: + - master + - release/* workflow_dispatch: - + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 50e4977..da04047 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,9 +2,11 @@ name: Build multiarch image - latest on: push: - branches: [ master ] + branches: + - master pull_request: - branches: [ master ] + branches: + - master workflow_dispatch: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cd956d3..f64047d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,7 @@ on: push: branches: - master + - release/* workflow_dispatch: @@ -27,7 +28,7 @@ jobs: version: v3.5.0 - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/CHANGELOG.md b/CHANGELOG.md index db1020c..d72a3d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,98 @@ All notable changes to this project will be documented in this file. -## [0.9.2] - 2023-08-28 +## [0.10.0] - 2023-11-18 + +### Bug Fixes + +- Fix auth client dir permissions + +## [0.10.0-rc.2] - 2023-11-13 + +### Bug Fixes + +- Fix tag filter + +Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> + +- Fix tag filter II + +Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> + +- Fix tag filter III + +Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> + +- Fix tag filter IV + +Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> + + +### Generic + +- Rc.2 build + +Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> + + +## [tor-controller-0.1.15-rc.1] - 2023-11-13 + +### Bug Fixes + +- Avoid failure when /app already exists ([#65](https://github.com/bugfest/tor-controller/issues/65)) +- Tor instances missing volume/volumeMounts and default DataDirectory config ([#68](https://github.com/bugfest/tor-controller/issues/68)) + +### Generic + +- Update Onionbalance URL ([#61](https://github.com/bugfest/tor-controller/issues/61)) + + +- Update tor version to 0.4.8.7 ([#63](https://github.com/bugfest/tor-controller/issues/63)) + +* Update latest tor version - 0.4.8.7 +- Tor 0.4.8.8, minor fixes; consistenecy ([#66](https://github.com/bugfest/tor-controller/issues/66)) + +* update: remove redundant config, tor version 0.4.8.8, Dockerfile, minor fixes, security settings, docs +* fix: permissions on folder +- Release/0.1.15-rc.1 + +Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> + +- Add release branch filter for helm chart release + +Signed-off-by: Bug Fest <52962234+bugfest@users.noreply.github.com> + + +## [tor-controller-0.1.14] - 2023-08-28 ### Bug Fixes -- Limit CRD description fields to 80 chars ([#57](https://github.com/bugfest/tor-controller/issues/57)) - Invalid selector for OnionBalancedService #58 +- Fixed python version breaks tor-onionbalance-manager dependencies install + +### Generic + +- Helm chart release 0.1.14 + +- [ci-skip] update changelog + +- [ci-skip] forced chart re-release + +- [ci-skip] forced chart re-release 0.9.2/0.1.14 + +- [ci-skip] Add workflow_dispatch to helm chart release + + +## [tor-controller-0.1.13] - 2023-07-27 + +### Bug Fixes + +- Fix: limit CRD description fields to 80 chars ([#57](https://github.com/bugfest/tor-controller/issues/57)) +fix: tor-controller manager path moved to /app/manager +fix: README typos + + +## [tor-controller-0.1.12] - 2023-07-19 ### Documentation @@ -39,10 +125,8 @@ Signed-off-by: Aleksey Sviridkin Signed-off-by: Aleksey Sviridkin - Make improvements to containers ([#50](https://github.com/bugfest/tor-controller/issues/50)) -- Helm chart release 0.1.14 - -## [0.9.0] - 2023-03-14 +## [tor-controller-0.1.11] - 2023-03-14 ### Generic @@ -56,7 +140,7 @@ Tor daemon and manager bumped to 0.4.7.13 (including obfs4proxy binary) * [FEATURE] Controller deployment automatic rollout on chart upgrade #41 * [DOC] Update instructions to use bridges and custom Tor daemon configs -## [0.8.0] - 2023-02-05 +## [tor-controller-0.1.10] - 2023-02-05 ### Generic @@ -64,7 +148,7 @@ Tor daemon and manager bumped to 0.4.7.13 (including obfs4proxy binary) -## [0.7.2] - 2023-01-18 +## [tor-controller-0.1.9] - 2023-01-18 ### Bug Fixes @@ -76,7 +160,7 @@ Tor daemon and manager bumped to 0.4.7.13 (including obfs4proxy binary) -## [0.7.1] - 2023-01-15 +## [tor-controller-0.1.8] - 2023-01-15 ### Bug Fixes @@ -93,7 +177,7 @@ Tor daemon and manager bumped to 0.4.7.13 (including obfs4proxy binary) - [ci-skip] build help release -## [0.7.0] - 2022-09-19 +## [tor-controller-0.1.7] - 2022-09-19 ### Bug Fixes @@ -122,6 +206,13 @@ Tor daemon and manager bumped to 0.4.7.13 (including obfs4proxy binary) ### Generic +- [ci-skip] Reformat README. Fix some typos + + +## [tor-controller-0.1.6] - 2022-07-28 + +### Generic + - [ci-skip] Updated helm chart to use version 0.6.0 - Tor crd 0.6.1 ([#20](https://github.com/bugfest/tor-controller/issues/20)) @@ -143,10 +234,8 @@ Tor daemon and manager bumped to 0.4.7.13 (including obfs4proxy binary) * fix: helm chart project config. ClusterRole update. Default Tor daemon image * chore(release): prepare for 0.6.1 -- [ci-skip] Reformat README. Fix some typos - -## [0.6.0] - 2022-07-12 +## [tor-controller-0.1.5] - 2022-07-12 ### Features @@ -154,12 +243,17 @@ Tor daemon and manager bumped to 0.4.7.13 (including obfs4proxy binary) ### Generic -- [ci-skip] Updated helm chart to use version 0.5.1 - - * Updating dependencies - version v0.6.0 * Updating Helm Chart - preparing helm chart version v0.1.5 +## [tor-controller-0.1.4] - 2022-03-10 + +### Generic + +- [ci-skip] Updated helm chart to use version 0.5.1 + + ## [0.5.1] - 2022-03-10 ### Generic @@ -178,7 +272,7 @@ Add QEMU arm64 instructions to get a k3s sanbox -## [0.5.0] - 2022-02-20 +## [tor-controller-0.1.3] - 2022-02-20 ### Generic @@ -192,16 +286,10 @@ Metrics exporters (controller and managers) Helm chart service monitor creation (controller) Updated CRDs to enable Service Monitor creation -## [0.4.0] - 2022-02-10 +## [tor-controller-0.1.2] - 2022-02-10 ### Generic -- [ci-skip] reverting chart version - -- [ci-skip] App version 0.3.2, Chart version 0.1.1 - -- [ci-skip] Updated Chart Readme - - [ci-skip] Update issue templates - [ci-skip] Updated Changelog @@ -235,22 +323,20 @@ Updated CRDs to enable Service Monitor creation OnionBalancedService implementation - Fixes #8 -## [0.3.2] - 2022-01-29 +## [tor-controller-0.1.1] - 2022-01-29 ### Generic -- #1 Helm chart for installing +- [ci-skip] reverting chart version -- Merge pull request #2 from bugfest/helm +- [ci-skip] App version 0.3.2, Chart version 0.1.1 -Helm chart for installing. Fixes #1 -- Updated CHANGELOG +- [ci-skip] Updated Chart Readme -- Preparing chart-releaser-action changes -- Updating chart repo URL and instructions +## [0.3.2] - 2022-01-29 -- Update action branch: master +### Generic - Update action branch: master @@ -269,6 +355,24 @@ Fixing tags typo - Testing CI workflows with a blank commit +## [tor-controller-0.1.0] - 2022-01-29 + +### Generic + +- #1 Helm chart for installing + +- Merge pull request #2 from bugfest/helm + +Helm chart for installing. Fixes #1 +- Updated CHANGELOG + +- Preparing chart-releaser-action changes + +- Updating chart repo URL and instructions + +- Update action branch: master + + ## [0.3.1] - 2022-01-05 ### Bug Fixes diff --git a/Dockerfile.tor-daemon b/Dockerfile.tor-daemon index 07ba0da..33ae344 100644 --- a/Dockerfile.tor-daemon +++ b/Dockerfile.tor-daemon @@ -1,4 +1,4 @@ -ARG TOR_VERSION="0.4.8.7" +ARG TOR_VERSION="0.4.8.9-r1" ARG TOR_IMAGE="quay.io/bugfest/tor" FROM ${TOR_IMAGE}:${TOR_VERSION} as tor diff --git a/Dockerfile.tor-daemon-manager b/Dockerfile.tor-daemon-manager index cefda81..6c68b3a 100644 --- a/Dockerfile.tor-daemon-manager +++ b/Dockerfile.tor-daemon-manager @@ -1,4 +1,4 @@ -ARG TOR_VERSION="0.4.8.7" +ARG TOR_VERSION="0.4.8.9-r1" ARG TOR_IMAGE="quay.io/bugfest/tor" FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20 as builder diff --git a/README.md b/README.md index a63142a..ce7bd3b 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ helm repo update helm upgrade \ --install \ --create-namespace \ - --namespace tor-controller-system \ + --namespace tor-controller \ tor-controller \ bugfest/tor-controller ``` @@ -103,6 +103,9 @@ Full changelog: [CHANGELOG](CHANGELOG.md) - Upgraded Tor daemon to 0.4.7.x - Bridges support (obfs4 pluggable transport shipped alongside Tor daemon) - Implemented ExtraConfig in OnionService +- **v0.10.x** + - Tor & controllers running as non-root + - Tor compiled with PoW anti-DoS protection Roadmap / TODO -------------- @@ -666,6 +669,7 @@ Versions | 0.1.12 | 0.9.1 | 0.4.7.13 | Obfs4-0.0.14 | | 0.1.13 | 0.9.1 | 0.4.7.13 | Obfs4-0.0.14 | | 0.1.14 | 0.9.2 | 0.4.7.13 | Obfs4-0.0.14 | +| 0.1.15 | 0.10.0 | 0.4.8.9 | Obfs4-0.0.14 | References ---------- diff --git a/agents/tor/local/controller.go b/agents/tor/local/controller.go index fb015e4..ee11854 100644 --- a/agents/tor/local/controller.go +++ b/agents/tor/local/controller.go @@ -168,7 +168,7 @@ func (c *Controller) sync(key string) error { } else { // Create `authorized_clients_dir` directory if it does not exist if _, err := os.Stat(authorizedClientsDir); errors.Is(err, os.ErrNotExist) { - err := os.Mkdir(authorizedClientsDir, os.ModePerm) + err := os.Mkdir(authorizedClientsDir, 0o700) if err != nil { log.Fatalf("Creating directory %s failed with %v", authorizedClientsDir, err) } diff --git a/charts/tor-controller/Chart.yaml b/charts/tor-controller/Chart.yaml index 8f2d14c..08f639a 100644 --- a/charts/tor-controller/Chart.yaml +++ b/charts/tor-controller/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.9.2" +appVersion: "0.10.0" diff --git a/charts/tor-controller/README.md b/charts/tor-controller/README.md index 574ccd8..78dd29d 100644 --- a/charts/tor-controller/README.md +++ b/charts/tor-controller/README.md @@ -1,6 +1,6 @@ # tor-controller -![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.1](https://img.shields.io/badge/AppVersion-0.9.1-informational?style=flat-square) +![Version: 0.1.15](https://img.shields.io/badge/Version-0.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.10.0](https://img.shields.io/badge/AppVersion-0.10.0-informational?style=flat-square) Tor hidden services controller for kubernetes @@ -27,6 +27,8 @@ Tor hidden services controller for kubernetes | replicaCount | int | `1` | Daemonset replica count | | resources | object | `{}` | | | securityContext.allowPrivilegeEscalation | bool | `false` | | +| securityContext.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.runAsNonRoot | bool | `true` | | | service.port | int | `8443` | | | service.type | string | `"ClusterIP"` | | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | @@ -36,4 +38,4 @@ Tor hidden services controller for kubernetes | upgradeRollout | bool | `true` | Automatically rollout controller deployment after upgrade | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)