Skip to content

Commit

Permalink
Fix upstream conflict (#187)
Browse files Browse the repository at this point in the history
* fix(oauth): remove circular dependency on ExternalAuthTokenFilter bean in OAuth2SsoConfig when oauth2 is enabled (spinnaker#1492)

Previously in spring 2.2.5, if oauth2 is enabled there is no circular
dependency on ExternalAuthTokenFilter bean in OAuth2SsoConfig.

In spring 2.2.13, if oauth2 is enabled there is a circular dependency
error on ExternalAuthTokenFilter bean. This circular dependency results
in an error when the gate application tries to start up. The application
fails with error:

BeanCurrentlyInCreationException: Error creating bean with name
'OAuth2SsoConfig': Bean with name 'OAuth2SsoConfig' has been injected
into other beans [externalAuthTokenFilter] in its raw version as part
of a circular reference, but has eventually been wrapped.

To fix this error, add the Component annotation to
ExternalAuthTokenFilter and remove the ExternalAuthTokenFilter bean
from OAuth2SsoConfig.

Co-authored-by: David Byron <dbyron@salesforce.com>

* fix(web): disable keel by default as it is an optional service (spinnaker#1453)

Co-authored-by: Justin Field <justin.field@armory.io>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* fix(api): fix movie quotes to match movie script (spinnaker#1423)

Co-authored-by: Justin Field <justin.field@armory.io>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* chore(build): gradle 6.8.1 (spinnaker#1413)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* chore(dependencies): Autobump korkVersion (spinnaker#1493)

Co-authored-by: root <root@265713e22300>

* chore(dependencies): Autobump korkVersion (spinnaker#1495)

Co-authored-by: root <root@ca7e6659c3b3>

* chore(dependencies): Autobump korkVersion (spinnaker#1496)

Co-authored-by: root <root@7e927306ac3d>

* fix(vulnerability): avoid expose gate endpoints (spinnaker#1497)

* chore(dependencies): Autobump korkVersion (spinnaker#1501)

Co-authored-by: root <root@01b270ba5f94>

* chore(dependencies): Autobump fiatVersion (spinnaker#1504)

Co-authored-by: root <root@73790eeb50df>

* chore(dependencies): Autobump korkVersion (spinnaker#1502)

Co-authored-by: root <root@a229fbda21b3>
Co-authored-by: Matt <6519811+mattgogerly@users.noreply.github.com>

* feat(web): Expose experimental account storage API (spinnaker#1494)

* feat(web): Expose experimental account storage API

This adds some of the REST APIs introduced in the experimental account
storage API in Clouddriver to Gate. Initially, these APIs are only
available for admins.

* Combine account and credentials endpoints

* Add docs on AccountDefinition

* Add alpha annotations

* chore(build): update mergify config (spinnaker#1506)

Co-authored-by: Cameron Motevasselani <cameron@armory.io>

* fix(gate): Typos in Account Management API (spinnaker#1510)

* fix(gate/web): Fix typo in PreAuthorize annotation

It appears that some variables were renamed while I worked on the PR
and didn't update the annotations to match.

* fix(gate/core): Fix retrofit signature error

* fix(gate/web): Add explicit name property to AccountDefinition (spinnaker#1514)

This fixes an authorization check error where Jackson knows how to
handle the `name` property of an account definition, but SpEL does
not see the property. Now the PostFilter annotation should work
equivalently to the same filter check in Clouddriver.

* chore(dependencies): Autobump korkVersion (spinnaker#1515)

Co-authored-by: root <root@d38215f0a8da>

* fix(authn/oauth2): prevent oauth2 redirect loops (spinnaker#1517)

During setup of spinnaker authentication with oauth2 a common hurdle is a redirect loop.

For example:

spinnaker/spinnaker#5794
spinnaker/spinnaker#1630

Also, many threads in Slack discuss these problems. In fact this appears to be a common
pitfall for the spring-security-oauth2-autoconfigure library in general. A light refresher
on the ouath2 flow in play here seems worthwhile. The user is redirected from `/login` in gate
to the external auth provider (google, github, etc.) and after successfully authenticating
they are redirected back to the gate `/login` endpoint but this time with a code parameter
that is to be used to request an access token.

This request can fail for a variety of reasons, and if it does, the underlying spring library
triggers a redirect to the `/error` endpoint. What causes the redirect loop for gate in particular
(and for other users of the library in a similar fashion) is that the WebSecurityConfigurerAdapter
in play is treating `/error` as an authenticated path and so instead of just returning with a 401,
it re-redirects to `/login` and the redirect loop continues.

My thought is that instead of a redirect loop, simply allowing the 401 to be returned will be a stronger
more helpful signal as to what is going on. Hopefully it will save future first-time installers headaches.

Spinnaker docs have included several troubleshooting hints and tips for how where you terminate SSL
affects configuration etc. Even after following all of these and lots of spelunking through spinnaker
github issues and combing over threads in slack, I found myself still experiencing a redirect loop even
though I had applied all the combined wisdom that was applicable to my setup.

As it turns out, I had a bad copy/paste of my client secret in my configuration. So the request
to turn the code from google into an access token from google was failing with a 401. After much
debugging and deep diving into the spring security code I found that had I turned on DEBUG in gate
for these classes in gate-local.yml:

```
logging:
  level:
    org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler: DEBUG
    org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter: DEBUG
```

Then I would have seen in the logs that a 401 response was returned from google and perhaps it would have
caused me to look closer at my botched client secret configuration. I think perhaps we don't want to require
that all operators of spinnaker become spring-security-oauth2 experts. So I'm proposing adding `/error` to
the list of paths in gate that aren't treated as authenticated. Thus short-circuiting the redirect loop and
bringing to light helpful troubleshooting info that was previously more or less swallowed.

* chore(ci): update setup-java GHA to v2 (spinnaker#1518)

closes: spinnaker/spinnaker#6611

* fix(dependency): Issue with jackson-bom and kotlin-bom version conflict resolution while upgrading the spring-boot 2.3.x (spinnaker#1505)

* fix(dependency): Introducing spring dependency management gradle plugin

Spring boot has moved to gradle based dependency management from v2.3.x. This change has brought issue of conflict resolution failure of the Jackson-bom version and kotlin-bom version with gate service when it consumes the maven-bom generated by kork. The issue details are available in given link.
https://docs.google.com/document/d/1Ck4KeoB1ER0aQUTnf3e-x-M3i2Ur0It7YaaxEMiMXls/edit

To resolve this issue while upgrading gate service with spring v2.3.x, we must require the spring dependency management gradle plugin.

* Revert "fix(dependency): Introducing spring dependency management gradle plugin"

This reverts commit b3b2c9e.

* fix(dependency): Issue with jackson-bom and kotlin-bom version conflict resolution while upgrading the spring-boot 2.3.x.

The root cause of this issue is uncontrolled conflict resolution of jackson-bom and kotlin-bom dependency version imported from external maven BOM provided by kork-bom, as per the gradle documentation https://docs.gradle.org/6.9.1/userguide/platforms.html#sub:bom_import, we can use gradle enforcedPlatform closure as part of the implementation to strictly adhere the versions of direct and transitive dependencies imported BOM.

implementation(enforcedPlatform("io.spinnaker.kork:kork-bom:$korkVersion"))

* chore(dependencies): Autobump spinnakerGradleVersion (spinnaker#1519)

Co-authored-by: root <root@92ccf252161e>

* chore(dependencies): Autobump spinnakerGradleVersion (spinnaker#1520)

Co-authored-by: root <root@8e952337838c>

* chore(dependencies): Autobump spinnakerGradleVersion (spinnaker#1521)

Co-authored-by: root <root@e15a7ff336aa>

* chore(dependencies): Autobump spinnakerGradleVersion (spinnaker#1522)

Co-authored-by: root <root@00e70a80e3dd>

* chore(dependencies): Autobump spinnakerGradleVersion (spinnaker#1523)

Co-authored-by: root <root@4cdab225ba98>

* chore(dependencies): Autobump spinnakerGradleVersion (spinnaker#1524)

Co-authored-by: root <root@2bf6cb9b4370>

* chore(dependencies): Autobump fiatVersion (spinnaker#1528)

Co-authored-by: root <root@69a0efe35201>

* chore(ci): GHA - container image and apt package build & push (spinnaker#1529)

to Google Artifact Registry

see: spinnaker/rosco#841

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* chore(ci): GHA - simplify build versioning (spinnaker#1530)

- collapse version info gathering steps into single `build_variables` step
- collapse version info parts into single string and use everywhere.
- use short git sha: `(git rev-parse --short HEAD)`

Note `build.yml` versioning is not compatible with Debian package
building as gradle plugin enforces `^[0-9]+`.
We don't publish master branch or release-* branches to GAR apt
repository though.
Prefixing the version with `<tag>-dev-` or something and publishing Debian
packages is possible but may pollute `apt-cache policy spinnaker-rosco` output
and overall be unnecessary with regular releases.

* fix(plugins-test): try harder for the version of versionNotSupportedPlugin to actually not be supported (spinnaker#1532)

Before this, a gate version >= 2.0.0 would cause versionNotSupportedPlugin to get used,
causing tests to fail, and making it impossible to e.g. release gate.

* chore(cit): GHA - plugin builds require SemVer (spinnaker#1531)

I wanted to avoid confusion between a git tag `X` building version `X` and a
master or release branch building version `X-dev-*` but it seems unavoidable.
SemVer is required by plugins.
See constraint: https://github.com/spinnaker/kork/blob/5dc6bb98615667f1b4f3e18445c1651d773c9f6b/kork-plugins/src/main/kotlin/com/netflix/spinnaker/kork/plugins/SpinnakerServiceVersionManager.kt#L47

changes:
- fetch full git repository so that we can access previous tag in branch.
  Convert `release.yml` to this method instead of `run: git.. --unshallow`.
- use previous git tag as start of version string. Cut the 'v' prefix from the
  tag, 'v1.2.3' -> '1.2.3' as required for Plugins (and Debians fwiw):
  `Caused by: Unexpected character 'LETTER(v)' at position '0', expecting '[DIGIT]'`
- append `-dev-<branch_name|'pr'>` to designate that it is not an
  official version. The short git SHA and date time are NOT present on
  release versions (eg: 1.2.3) so that also differs.
- do this version setting in `pr.yml` as well so we might pick up version
  issues in PR's and not just at merge.

* chore(dependencies): Autobump korkVersion (spinnaker#1536)

Co-authored-by: root <root@3f84b148af75>

* chore(dependencies): Autobump spinnakerGradleVersion (spinnaker#1537)

Co-authored-by: root <root@87e31b5c1a0c>

* feat(credentials): Update account type discriminator (spinnaker#1533)

This normalizes the type discriminator in account definitions to match that of account credentials instances (i.e., the type of CredentialsDefinition instance and Credentials instance are both specified through the "type" property).

This also removes redundant authorization annotations that are better enforced by AccountDefinitionService in Clouddriver.

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* resolved  AuthConfig file conflict.

Co-authored-by: Calvin Tse <sam.calvin.tse@gmail.com>
Co-authored-by: David Byron <dbyron@salesforce.com>
Co-authored-by: Emmanouil Katefidis <e.katefidis@outlook.com>
Co-authored-by: Justin Field <justin.field@armory.io>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Thomas Swanson <tomswanson4444@gmail.com>
Co-authored-by: Cameron Fieber <cfieber@netflix.com>
Co-authored-by: spinnakerbot <spinbot@spinnaker.io>
Co-authored-by: root <root@265713e22300>
Co-authored-by: root <root@ca7e6659c3b3>
Co-authored-by: root <root@7e927306ac3d>
Co-authored-by: Cristhian Castaneda <ccastanedarivera@gmail.com>
Co-authored-by: root <root@01b270ba5f94>
Co-authored-by: root <root@73790eeb50df>
Co-authored-by: root <root@a229fbda21b3>
Co-authored-by: Matt <6519811+mattgogerly@users.noreply.github.com>
Co-authored-by: Matt Sicker <boards@gmail.com>
Co-authored-by: Cameron Motevasselani <cmotevasselani@gmail.com>
Co-authored-by: Cameron Motevasselani <cameron@armory.io>
Co-authored-by: Matt Sicker <msicker@apple.com>
Co-authored-by: root <root@d38215f0a8da>
Co-authored-by: Chris Phillips <4722632+chris-h-phillips@users.noreply.github.com>
Co-authored-by: kskewes-sf <96093759+kskewes-sf@users.noreply.github.com>
Co-authored-by: Sandesh <sandeshjainhyd@gmail.com>
Co-authored-by: root <root@92ccf252161e>
Co-authored-by: root <root@8e952337838c>
Co-authored-by: root <root@e15a7ff336aa>
Co-authored-by: root <root@00e70a80e3dd>
Co-authored-by: root <root@4cdab225ba98>
Co-authored-by: root <root@2bf6cb9b4370>
Co-authored-by: root <root@69a0efe35201>
Co-authored-by: David Byron <82477955+dbyron-sf@users.noreply.github.com>
Co-authored-by: root <root@3f84b148af75>
Co-authored-by: root <root@87e31b5c1a0c>
  • Loading branch information
35 people authored Mar 31, 2022
1 parent 0de6353 commit 254b339
Show file tree
Hide file tree
Showing 14 changed files with 281 additions and 45 deletions.
55 changes: 47 additions & 8 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:

env:
GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g
CONTAINER_REGISTRY: us-docker.pkg.dev/spinnaker-community/docker

jobs:
branch-build:
Expand All @@ -16,14 +17,52 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: 11
- uses: actions/cache@v1
fetch-depth: 0
- uses: actions/setup-java@v2
with:
path: ~/.gradle
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: |
${{ runner.os }}-gradle-
java-version: 11
distribution: 'zulu'
cache: 'gradle'
- name: Prepare build variables
id: build_variables
run: |
echo ::set-output name=REPO::${GITHUB_REPOSITORY##*/}
echo ::set-output name=VERSION::"$(git describe --tags --abbrev=0 --match="v[0-9]*" | cut -c2-)-dev-${GITHUB_REF_NAME}-$(git rev-parse --short HEAD)-$(date --utc +'%Y%m%d%H%M')"
- name: Build
run: ./gradlew build --stacktrace
env:
ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }}
run: ./gradlew build --stacktrace ${{ steps.build_variables.outputs.REPO }}-web:installDist
- name: Login to GAR
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/login-action@v1
# use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1
with:
registry: us-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_JSON_KEY }}
- name: Build and publish slim container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.slim
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-unvalidated-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-unvalidated-slim"
- name: Build and publish ubuntu container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.ubuntu
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-unvalidated-ubuntu"
48 changes: 36 additions & 12 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,44 @@ on: [ pull_request ]

env:
GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g
CONTAINER_REGISTRY: us-docker.pkg.dev/spinnaker-community/docker

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: 11
- uses: actions/cache@v1
with:
path: ~/.gradle
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Build
run: ./gradlew build
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-java@v2
with:
java-version: 11
distribution: 'zulu'
cache: 'gradle'
- name: Prepare build variables
id: build_variables
run: |
echo ::set-output name=REPO::${GITHUB_REPOSITORY##*/}
echo ::set-output name=VERSION::"$(git describe --tags --abbrev=0 --match="v[0-9]*" | cut -c2-)-dev-pr-$(git rev-parse --short HEAD)-$(date --utc +'%Y%m%d%H%M')"
- name: Build
env:
ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }}
run: ./gradlew build ${{ steps.build_variables.outputs.REPO }}-web:installDist
- name: Build slim container image
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.slim
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-slim"
- name: Build ubuntu container image
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.ubuntu
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-ubuntu"
55 changes: 51 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,20 @@ on:

env:
GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g
CONTAINER_REGISTRY: us-docker.pkg.dev/spinnaker-community/docker

jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: git fetch --prune --unshallow
- uses: actions/setup-java@v1
with:
fetch-depth: 0
- uses: actions/setup-java@v2
with:
java-version: 11
distribution: 'zulu'
cache: 'gradle'
- name: Assemble release info
id: release_info
env:
Expand All @@ -28,8 +32,12 @@ jobs:
echo ::set-output name=SKIP_RELEASE::${SKIP_RELEASE}
echo ::set-output name=IS_CANDIDATE::${IS_CANDIDATE}
echo ::set-output name=RELEASE_VERSION::${RELEASE_VERSION}
- name: Prepare build variables
id: build_variables
run: |
echo ::set-output name=REPO::${GITHUB_REPOSITORY##*/}
echo ::set-output name=VERSION::"$(git rev-parse --short HEAD)-$(date --utc +'%Y%m%d%H%M')"
- name: Release build
if: steps.release_info.outputs.IS_CANDIDATE == 'false'
env:
ORG_GRADLE_PROJECT_version: ${{ steps.release_info.outputs.RELEASE_VERSION }}
ORG_GRADLE_PROJECT_nexusPublishEnabled: true
Expand All @@ -38,7 +46,46 @@ jobs:
ORG_GRADLE_PROJECT_nexusPgpSigningKey: ${{ secrets.NEXUS_PGP_SIGNING_KEY }}
ORG_GRADLE_PROJECT_nexusPgpSigningPassword: ${{ secrets.NEXUS_PGP_SIGNING_PASSWORD }}
run: |
./gradlew --info publishToNexus closeAndReleaseNexusStagingRepository
./gradlew --info build ${{ steps.build_variables.outputs.REPO }}-web:installDist publishToNexus closeAndReleaseNexusStagingRepository
- name: Publish apt packages to Google Artifact Registry
env:
ORG_GRADLE_PROJECT_version: ${{ steps.release_info.outputs.RELEASE_VERSION }}
ORG_GRADLE_PROJECT_artifactRegistryPublishEnabled: true
GAR_JSON_KEY: ${{ secrets.GAR_JSON_KEY }}
run: |
./gradlew --info publish
- name: Login to GAR
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/login-action@v1
# use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1
with:
registry: us-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_JSON_KEY }}
- name: Build and publish slim container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.slim
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-unvalidated-slim"
- name: Build and publish ubuntu container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile.ubuntu
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-unvalidated-ubuntu"
- name: Create release
if: steps.release_info.outputs.SKIP_RELEASE == 'false'
uses: actions/create-release@v1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release_info.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
# Only look to the latest release to determine the previous tag -- this allows us to skip unsupported tag formats (like `version-1.0.0`)
export PREVIOUS_TAG=`curl --silent "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'`
echo "PREVIOUS_TAG=$PREVIOUS_TAG"

export NEW_TAG=${GITHUB_REF/refs\/tags\//}
echo "NEW_TAG=$NEW_TAG"
export CHANGELOG=`git log $NEW_TAG...$PREVIOUS_TAG --oneline`
Expand Down Expand Up @@ -31,5 +30,6 @@ SEMVER_REGEX="\
# Used in downstream steps to determine if the release should be marked as a "prerelease" and if the build should build candidate release artifacts
export IS_CANDIDATE=`[[ $NEW_TAG =~ $SEMVER_REGEX && ! -z ${BASH_REMATCH[4]} ]] && echo "true" || echo "false"`

# This is the version string we will pass to the build, trim off leading 'v' if present
export RELEASE_VERSION=`[[ $NEW_TAG =~ $SEMVER_REGEX ]] && echo "${NEW_TAG:1}" || echo "${NEW_TAG}"`
echo "RELEASE_VERSION=$RELEASE_VERSION"
25 changes: 15 additions & 10 deletions .mergify.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
queue_rules:
- name: default
conditions:
- status-success=build

pull_request_rules:
- name: Automatically merge on CI success and review
conditions:
Expand All @@ -6,9 +11,9 @@ pull_request_rules:
- "label=ready to merge"
- "approved-reviews-by=@oss-approvers"
actions:
merge:
queue:
method: squash
strict: smart
name: default
label:
add: ["auto merged"]
- name: Automatically merge release branch changes on CI success and release manager review
Expand All @@ -18,9 +23,9 @@ pull_request_rules:
- "label=ready to merge"
- "approved-reviews-by=@release-managers"
actions:
merge:
queue:
method: squash
strict: smart
name: default
label:
add: ["auto merged"]
# This rule exists to handle release branches that are still building using Travis CI instead of
Expand All @@ -32,9 +37,9 @@ pull_request_rules:
- "label=ready to merge"
- "approved-reviews-by=@release-managers"
actions:
merge:
queue:
method: squash
strict: smart
name: default
label:
add: ["auto merged"]
- name: Automatically merge PRs from maintainers on CI success and review
Expand All @@ -44,9 +49,9 @@ pull_request_rules:
- "label=ready to merge"
- "author=@oss-approvers"
actions:
merge:
queue:
method: squash
strict: smart
name: default
label:
add: ["auto merged"]
- name: Automatically merge autobump PRs on CI success
Expand All @@ -56,9 +61,9 @@ pull_request_rules:
- "label~=autobump-*"
- "author:spinnakerbot"
actions:
merge:
queue:
method: squash
strict: smart
name: default
label:
add: ["auto merged"]
- name: Request reviews for autobump PRs on CI failure
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ allprojects {
}

dependencies {
implementation platform("io.spinnaker.kork:kork-bom:$korkVersion")
implementation enforcedPlatform("io.spinnaker.kork:kork-bom:$korkVersion")
annotationProcessor platform("io.spinnaker.kork:kork-bom:$korkVersion")
annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
testAnnotationProcessor platform("io.spinnaker.kork:kork-bom:$korkVersion")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@ class AuthConfig {
http
.requestMatcher(requestMatcherProvider.requestMatcher())
.authorizeRequests()
.antMatchers("/error").permitAll()
.antMatchers('/favicon.ico').permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/images/**").permitAll()
.antMatchers("/js/**").permitAll()
Expand Down Expand Up @@ -156,6 +158,8 @@ class AuthConfig {
http
.requestMatcher(requestMatcherProvider.requestMatcher())
.authorizeRequests()
.antMatchers("/error").permitAll()
.antMatchers('/favicon.ico').permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/images/**").permitAll()
.antMatchers("/js/**").permitAll()
Expand Down Expand Up @@ -211,6 +215,8 @@ class AuthConfig {
http
.requestMatcher(requestMatcherProvider.requestMatcher())
.authorizeRequests()
.antMatchers("/error").permitAll()
.antMatchers('/favicon.ico').permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/images/**").permitAll()
.antMatchers("/js/**").permitAll()
Expand Down Expand Up @@ -257,6 +263,8 @@ class AuthConfig {
http
.requestMatcher(requestMatcherProvider.requestMatcher())
.authorizeRequests()
.antMatchers("/error").permitAll()
.antMatchers('/favicon.ico').permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/images/**").permitAll()
.antMatchers("/js/**").permitAll()
Expand Down
Loading

0 comments on commit 254b339

Please sign in to comment.