Closed
Conversation
Signed-off-by: Alex Xu <hejie.xu@intel.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
ci: disable non-RBE cache for release branches Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Previously `/var/run/docker.sock` is readable/writable inside docker run because group ID of `envoygroup` coincidentally matches host docker group, while it is no longer true during rolling out new image. Fixing that by forcing `envoygroup` has host docker group ID. Risk Level: Low Testing: CI Docs Changes: Release Notes: Platform Specific Features: Signed-off-by: Lizan Zhou <lizan@tetrate.io> Signed-off-by: Dario Cillerai <dcillera@redhat.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Xie Zhihao <zhihao.xie@intel.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: wbpcode <wangbaiping@corp.netease.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
As noted in #21060, building with gcc in "opt" mode results in a compilation error:
```
ERROR: /workspaces/envoy/source/common/config/BUILD:414:17: Compiling source/common/config/watch_map.cc failed: (Exit 1): gcc failed: error executing command /usr/bin/gcc -U_FORTIFY_SOURCE -fstack-protector -Wall -Wunused-but-set-parameter -Wno-free-nonheap-object -fno-omit-frame-pointer -g0 -O2 '-D_FORTIFY_SOURCE=1' -DNDEBUG -ffunction-sections ... (remaining 154 arguments skipped)
Use --sandbox_debug to see verbose messages from the sandbox
source/common/config/watch_map.cc: In member function 'virtual void Envoy::Config::WatchMap::onConfigUpdate(const google::protobuf::RepeatedPtrField<envoy::service::discovery::v3::Resource>&, const google::protobuf::RepeatedPtrField<std::__cxx11::basic_string<char> >&, const string&)':
source/common/config/watch_map.cc:215:69: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
215 | type_url_, reinterpret_cast<std::vector<DecodedResourcePtr>&>(decoded_resources),
| ^~~~~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors
```
This PR changes the type of the original vector to be the base class type.
Risk Level: Low-Medium (no features changes, but updates config-plane code).
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Adi Suissa-Peleg <adip@google.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
…(#20843) Signed-off-by: johnlanni ztywto@qq.com Commit Message: Handle null plugins handle when skipping config canarying for duplicate filters and also when the remote code fetch is in progress or fails. Risk Level: low Testing: ok Signed-off-by: 澄潭 <ztywto@qq.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ingwon Song <igsong@google.com> Signed-off-by: Ingwon Song <102102227+ingwonsong@users.noreply.github.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Ryan Northey <ryan@synca.io>
…2117) Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
…izer for 12 fields) (#21414) Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: He Jie Xu <hejie.xu@intel.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Fix #23685 Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: phlax <phlax@users.noreply.github.com>
The HeaderEvaluatorConfigUpdate test needs to wait for a listener to be replaced. Its previous attempt to achieve that did not account for the intermediate warming state of new listeners, which could lead to the test continuing prematurely and failing. Signed-off-by: Benjamin Peterson <benjamin@engflow.com> Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: Ryan Northey <ryan@synca.io>
…24089) * deps: bump `com_github_wasmtime` -> 1.0.0 (#23232) Signed-off-by: river phillips <riverphillips1@gmail.com> Signed-off-by: Ryan Northey <ryan@synca.io> * wasm: update WAVM to nightly/2022-05-14. (#22491) Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Ryan Northey <ryan@synca.io> * wasm: update Proxy-Wasm C++ Host to latest. (#22575) Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Ryan Northey <ryan@synca.io> * deps: Bump `com_github_wasmtime` -> 1.0.2 (#24086) Fix: - CVE-2022-39392 - CVE-2022-39393 - CVE-2022-39394 Signed-off-by: Ryan Northey <ryan@synca.io> * bazel: update rules_rust This gets us on rust 1.60 Signed-off-by: Keith Smiley <keithbsmiley@gmail.com> Signed-off-by: Ryan Northey <ryan@synca.io> * deps: Bump `rules_rust` -> 0.8.1 (#22253) Fix #22073 Signed-off-by: Ryan Northey <ryan@synca.io> * wasm: fix V8 build on older versions of Linux. (#22228) wasm: fix build on older versions of Linux. Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Ryan Northey <ryan@synca.io> * backport: macOS: Allow to load .wasm on Apple silicon (#23299) backport: macOS: Enable wasm and allow to load .wasm on Apple silicon This applies https://chromium-review.googlesource.com/c/v8/v8/+/3700352 as a fix for MemoryAllocator::PartialFreeMemory() which shouldn't try to change permissions of RWX pages. This mainly affects macOS > 11.2 due to mprotect behavior changes (#23243) on Apple silicon. This is cherry-picked from: envoyproxy/envoy@63f27a6 Signed-off-by: Dhi Aurrahman <dio@rockybars.com> Signed-off-by: Dhi Aurrahman <dio@rockybars.com> Signed-off-by: Ryan Northey <ryan@synca.io> * deps: Bump `v8` to 10.7.193.13 and `proxy_wasm_cpp_host` to b0a0594 (#23434) Signed-off-by: Dhi Aurrahman <dio@rockybars.com> * ci: Disable wasm coverage tests (#24169) and adjust-coverage-total Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: phlax <phlax@users.noreply.github.com> * deps: Bump `com_github_wasmtime` -> 2.0.2 (+related) (#24150) deps: Bump `com_github_wasmtime` -> 2.0.2 - `proxy_wasm_cpp_host` - `proxy_wasm_rust_sdk` Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: river phillips <riverphillips1@gmail.com> Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Dhi Aurrahman <dio@rockybars.com> Signed-off-by: phlax <phlax@users.noreply.github.com> Co-authored-by: River <6375745+RiverPhillips@users.noreply.github.com> Co-authored-by: Piotr Sikora <piotrsikora@google.com> Co-authored-by: Keith Smiley <keithbsmiley@gmail.com> Co-authored-by: Dhi Aurrahman <dio@rockybars.com>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
Signed-off-by: Ryan Northey <ryan@synca.io>
…ian11:nonroot) (#24647) Signed-off-by: Michael Kaufmann <michael.kaufmann@ergon.ch> Signed-off-by: Michael Kaufmann <mkauf@users.noreply.github.com>
…0562a7` in /ci (#24736) build(deps): bump distroless/base-nossl-debian11 in /ci Bumps distroless/base-nossl-debian11 from `036581b` to `50562a7`. --- updated-dependencies: - dependency-name: distroless/base-nossl-debian11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <ryan@synca.io>
…ee458a` in /ci (#24830) build(deps): bump distroless/base-nossl-debian11 in /ci Bumps distroless/base-nossl-debian11 from `6f20a31` to `3ee458a`. --- updated-dependencies: - dependency-name: distroless/base-nossl-debian11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…d7fe70` in /ci (#25153) build(deps): bump distroless/base-nossl-debian11 in /ci Bumps distroless/base-nossl-debian11 from `3ee458a` to `cd7fe70`. --- updated-dependencies: - dependency-name: distroless/base-nossl-debian11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <ryan@synca.io>
…f61596` in /ci (#25291) build(deps): bump distroless/base-nossl-debian11 in /ci Bumps distroless/base-nossl-debian11 from `cd7fe70` to `bf61596`. --- updated-dependencies: - dependency-name: distroless/base-nossl-debian11 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <ryan@synca.io>
jwendell
reviewed
Feb 27, 2023
| # patches = ["@envoy//bazel/external:proxy-wasm-cpp-host-s390x-support.patch"], | ||
| # patch_args = ["-p1"], | ||
| ) | ||
| external_http_archive(name = "proxy_wasm_cpp_host") |
Member
There was a problem hiding this comment.
If I understand correctly the upstream fix is only present in our 2.4 branch, so I think we still need this in 2.3.
jwendell
reviewed
Feb 27, 2023
|
|
||
| TEST_F(DnsFilterTest, RandomizeFirstAnswerTest) { | ||
| // FIXME (Maistra): See https://github.com/envoyproxy/envoy/pull/24330 | ||
| TEST_F(DnsFilterTest, DISABLED_RandomizeFirstAnswerTest) { |
Member
There was a problem hiding this comment.
Do you want to track this in our Jira? If so, create an issue and mention it here.
BTW, next time it might be easier to just cherry-pick the commit from one branch to another, e.g. git cherry-pick d032ce917328e388d40c3fe5ba1a49c3b570486d. This preserves the original metadata (title, author, etc).
jwendell
reviewed
Feb 27, 2023
| strip_prefix = "compiler-rt-{version}.src", | ||
| urls = ["https://github.com/llvm/llvm-project/releases/download/llvmorg-{version}/compiler-rt-{version}.src.tar.xz"], | ||
| release_date = "2021-07-09", | ||
| release_date = "2022-03-23", |
Member
There was a problem hiding this comment.
I think you could just cherry-pick / use my commit, which has a better message: jwendell@bf597f3
Member
There was a problem hiding this comment.
And probably you should mention OSSM-3429 in the commit title (which my commit message does), which I think should not have been closed until the fix is actually merged.
Contributor
Author
|
Closing as replaced with #234 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update Maistra code base to align with 1.22.6 upstream.