Merge branch 'v23.3.x' into backport-pr-17027-v23.3.x-998

vbotbuildovich · Nov 25, 2024 · 6d67e2d · 6d67e2d
2 parents 1577194 + 2801802
commit 6d67e2d
Show file tree

Hide file tree

Showing 655 changed files with 39,028 additions and 10,306 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -1,21 +1,27 @@
 area/k8s:
-- src/go/k8s/**/*
+- changed-files:
+  - any-glob-to-any-file: ['src/go/k8s/**/*']
 
 k8s/tests:
-- src/go/k8s/**/*
+- changed-files:
+  - any-glob-to-any-file: ['src/go/k8s/**/*']
 
 area/build:
-- cmake/**/*
-- .github/**/*
+- changed-files:
+  - any-glob-to-any-file: ['cmake/**/*', '.github/**/*']
 
 area/docs:
-- docs/**/*
+- changed-files:
+  - any-glob-to-any-file: ['docs/**/*']
 
 area/rpk:
-- src/go/rpk/**/*
+- changed-files:
+  - any-glob-to-any-file: ['src/go/rpk/**/*']
 
 area/redpanda:
-- src/v/**/*
+- changed-files:
+  - any-glob-to-any-file: ['src/v/**/*']
 
 area/wasm:
-- src/transform-sdk/**/*
+- changed-files:
+  - any-glob-to-any-file: ['src/transform-sdk/**/*']
diff --git a/.github/workflows/backport-command.yml b/.github/workflows/backport-command.yml
@@ -25,11 +25,25 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: get secrets from aws sm
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: |
+            ,sdlc/prod/github/actions_bot_token
+          parse-json-secrets: true
 
       - name: Get type of backport (issue or PR)
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
           CLIENT_PAYLOAD: ${{ toJson(github.event.client_payload) }}
         id: get_backport_type
         run: $SCRIPT_DIR/get_backport_type.sh
@@ -39,7 +53,7 @@ jobs:
         uses: peter-evans/create-or-update-comment@v1
         if: failure()
         with:
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
           comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
           reaction-type: "-1"
@@ -48,7 +62,7 @@ jobs:
         if: failure()
         env:
           COMMENTED_ON: ${{ steps.get_backport_type.outputs.commented_on }}
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
         run: $SCRIPT_DIR/post_error.sh
         shell: bash
 
@@ -62,11 +76,11 @@ jobs:
       BACKPORT_BRANCH: ${{ needs.backport-type.outputs.backport_branch }}
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Get user
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
         id: user
         run: |
           username=$(gh api user --jq .login)
@@ -82,7 +96,7 @@ jobs:
 
       - name: Discover and create milestone
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
           TARGET_MILESTONE: ${{ needs.backport-type.outputs.target_milestone }}
         id: create_milestone
         run: $SCRIPT_DIR/create_milestone.sh
@@ -91,7 +105,7 @@ jobs:
       - name: Create issue
         if: needs.backport-type.outputs.commented_on == 'issue'
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
           TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
           ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
           ORIG_LABELS: ${{ toJson(github.event.client_payload.github.payload.issue.labels) }}
@@ -111,23 +125,23 @@ jobs:
         if: needs.backport-type.outputs.commented_on == 'pr'
         env:
           BACKPORT_PR_NUMBER: ${{ github.event.client_payload.pull_request.number }}
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
         id: backport_commits
         run: |
           backport_commits=$(gh api "repos/$TARGET_FULL_REPO/pulls/$BACKPORT_PR_NUMBER/commits" --jq .[].sha | paste -s -d ' ' -)
           echo "backport_commits=$backport_commits" >> $GITHUB_OUTPUT
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         if: needs.backport-type.outputs.commented_on == 'pr'
         with:
           repository: ${{ steps.user.outputs.username }}/${{ steps.user.outputs.repo }}
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           path: ./fork
 
       - name: Backport commits and get details
         if: needs.backport-type.outputs.commented_on == 'pr'
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
           ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
           BACKPORT_COMMITS: ${{ steps.backport_commits.outputs.backport_commits }}
           IS_MERGED: ${{ github.event.client_payload.pull_request.merged }}
@@ -142,7 +156,7 @@ jobs:
       - name: Create pull request
         if: needs.backport-type.outputs.commented_on == 'pr'
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
           TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
           ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
           ORIG_REVIEWERS: ${{ steps.reviewers.outputs.reviewers }}
@@ -158,7 +172,7 @@ jobs:
       - name: Add reaction
         uses: peter-evans/create-or-update-comment@v1
         with:
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
           comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
           reaction-type: hooray
@@ -167,7 +181,7 @@ jobs:
         uses: peter-evans/create-or-update-comment@v1
         if: failure()
         with:
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
           comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
           reaction-type: "-1"
@@ -176,14 +190,14 @@ jobs:
         if: failure()
         env:
           COMMENTED_ON: ${{ needs.backport-type.outputs.commented_on }}
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
         run: $SCRIPT_DIR/post_error.sh
         shell: bash
 
       - name: Create Issue On Error
         if: failure()
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
           TARGET_MILESTONE: ${{ steps.create_milestone.outputs.milestone }}
           ORIG_TITLE: ${{ github.event.client_payload.github.payload.issue.title }}
           ORIG_LABELS: ${{ toJson(github.event.client_payload.github.payload.issue.labels) }}

diff --git a/.github/workflows/backport-on-merge.yml b/.github/workflows/backport-on-merge.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Find the PR associated with this push, if there is one.
       - uses: jwalton/gh-find-current-pr@v1
@@ -29,10 +29,21 @@ jobs:
         if: success() && steps.findPr.outputs.number
         env:
           PR: ${{ steps.findPr.outputs.pr }}
-
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+      - name: get secrets from aws sm
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: |
+            ,sdlc/prod/github/actions_bot_token
+          parse-json-secrets: true
       - name: Backport On Merge
         env:
-          GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          GITHUB_TOKEN: ${{ env.ACTIONS_BOT_TOKEN }}
         id: extract_required_backports_from_pr_body
         run: $SCRIPT_DIR/backport_on_merge.sh
         shell: bash
diff --git a/.github/workflows/buildkite-slash-commands.yml b/.github/workflows/buildkite-slash-commands.yml
@@ -14,31 +14,46 @@ jobs:
   run-build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_SM_READONLY_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SM_READONLY_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: get secrets from aws sm
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: |
+            ,sdlc/prod/github/actions_bot_token
+            ,sdlc/prod/github/buildkite_token
+          parse-json-secrets: true
+
+      - uses: actions/checkout@v4
         with: 
           repository: redpanda-data/sparse-checkout 
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           path: sparse-checkout
 
       - uses: ./sparse-checkout 
         with:
           repository: redpanda-data/vtools
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           patterns: actions
           path: ghca 
 
       - name: Buildkite slash command action
         uses: ./ghca/actions/buildkite-slash-commands
         with:
-          buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
+          buildkite_token: ${{ env.BUILDKITE_TOKEN }}
           buildkite_org: redpanda
           buildkite_pipeline: redpanda
           command: ${{ github.event.client_payload.slash_command.command }}
 
       - name: Success reaction
         uses: peter-evans/create-or-update-comment@v2
         with:
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
           comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
           reaction-type: hooray
@@ -47,5 +62,5 @@ jobs:
         if: failure()
         uses: ./ghca/actions/slash-command-error
         with:
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           body: ${{ env.ERROR_MSG }}
diff --git a/.github/workflows/cloud-installpack-bk-trigger.yml b/.github/workflows/cloud-installpack-bk-trigger.yml
@@ -1,30 +1,40 @@
+---
 name: check formatting
 on:
   release:
     types: [published]
-
 jobs:
   trigger-bump:
     runs-on: ubuntu-latest
-
+    permissions:
+      id-token: write
+      contents: read
     steps:
-      - uses: actions/checkout@v3
-        with: 
-          repository: redpanda-data/sparse-checkout 
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.RP_AWS_CRED_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }}
+      - uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: |
+            ,sdlc/prod/github/actions_bot_token
+            ,sdlc/prod/github/buildkite_token
+          parse-json-secrets: true
+      - uses: actions/checkout@v4
+        with:
+          repository: redpanda-data/sparse-checkout
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           path: sparse-checkout
-
-      - uses: ./sparse-checkout 
+      - uses: ./sparse-checkout
         with:
           repository: redpanda-data/vtools
-          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          token: ${{ env.ACTIONS_BOT_TOKEN }}
           patterns: actions
-          path: ghca 
-
+          path: ghca
       - name: Trigger Versions Bump Buildkite Job
         uses: ./ghca/actions/buildkite-pipeline-trigger
         with:
-          buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
+          buildkite_token: ${{ env.BUILDKITE_TOKEN }}
           buildkite_org: redpanda
           buildkite_pipeline: ${{ vars.CLOUD_PIPELINE }}
           commit: HEAD

diff --git a/.github/workflows/kics-iac.yml b/.github/workflows/kics-iac.yml
diff --git a/.github/workflows/lint-cpp.yml b/.github/workflows/lint-cpp.yml
@@ -27,18 +27,14 @@ jobs:
     steps:
 
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Run clang-format
       run: |
         docker run \
-        -v $PWD:/redpanda ubuntu \
+        -v $PWD:/redpanda ubuntu:noble \
         bash -c "cd /redpanda && \
           apt update && \
-          apt install -y wget git lsb-release wget software-properties-common gnupg && \
-          wget https://apt.llvm.org/llvm.sh && \
-          chmod +x llvm.sh && \
-          ./llvm.sh 16 && \
-          apt-get install -y clang-format-16 && \
+          apt install -y git clang-format-16  && \
           find . -type f -regex '.*\.\(cpp\|h\|hpp\|cc\|proto\|java\)' | xargs -n1 clang-format-16 -i -style=file -fallback-style=none"
         git diff --exit-code