Merge remote-tracking branch 'upstream/main' into feat/otel-resource-…

…detectors-env Signed-off-by: Joao Grassi <joao.grassi@dynatrace.com>
envoyproxy · Oct 24, 2023 · 4d2fa4a · 4d2fa4a
2 parents a374106 + 4eedea6
commit 4d2fa4a
Show file tree

Hide file tree

Showing 84 changed files with 863 additions and 913 deletions.
diff --git a/.github/workflows/_cache_docker.yml b/.github/workflows/_cache_docker.yml
@@ -37,7 +37,7 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/docker/cache/prime@actions-v0.0.18
+    - uses: envoyproxy/toolshed/gh-actions/docker/cache/prime@actions-v0.0.27
       name: Prime Docker cache (${{ inputs.image_repo }}:${{ inputs.image_tag }}@sha256:${{ inputs.image_sha }})
       with:
         image_tag: "${{ inputs.image_repo }}:${{ inputs.image_tag }}@sha256:${{ inputs.image_sha }}"
diff --git a/.github/workflows/_ci.yml b/.github/workflows/_ci.yml
@@ -95,7 +95,7 @@ jobs:
     steps:
     - if: ${{ inputs.cache_build_image }}
       name: Restore Docker cache (${{ inputs.cache_build_image }})
-      uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.0.27
       with:
         image_tag: ${{ inputs.cache_build_image }}
 
@@ -108,7 +108,7 @@ jobs:
     - if: ${{ steps.context.outputs.use_appauth == 'true' }}
       name: Fetch token for app auth
       id: appauth
-      uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.0.27
       with:
         app_id: ${{ secrets.app_id }}
         key: ${{ secrets.app_key }}
@@ -138,15 +138,15 @@ jobs:
       run: git config --global --add safe.directory /__w/envoy/envoy
 
     - if: ${{ inputs.diskspace_hack }}
-      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.27
     - run: |
         echo "disk space at beginning of build:"
         df -h
       name: "Check disk space at beginning"
 
     - if: ${{ inputs.run_pre }}
       name: Run pre action ${{ inputs.run_pre && format('({0})', inputs.run_pre) || '' }}
-      uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.27
       with:
         uses: ${{ inputs.run_pre }}
         with: ${{ inputs.run_pre_with }}
@@ -170,7 +170,7 @@ jobs:
 
     - if: ${{ inputs.run_post }}
       name: Run post action ${{ inputs.run_pre && format('({0})', inputs.run_post) || '' }}
-      uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.27
       with:
         uses: ${{ inputs.run_post }}
         with: ${{ inputs.run_post_with }}

diff --git a/.github/workflows/_stage_publish.yml b/.github/workflows/_stage_publish.yml
@@ -116,7 +116,7 @@ jobs:
     needs:
     - publish
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.0.18
+    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.0.27
       with:
         app_id: ${{ secrets.ENVOY_CI_SYNC_APP_ID }}
         key: "${{ secrets.ENVOY_CI_SYNC_APP_KEY }}"

diff --git a/.github/workflows/_workflow-start.yml b/.github/workflows/_workflow-start.yml
@@ -29,7 +29,7 @@ jobs:
 
     - if: ${{ steps.env.outputs.trusted != 'true' }}
       name: Start status check
-      uses: envoyproxy/toolshed/gh-actions/status@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/status@actions-v0.0.27
       with:
         authToken: ${{ secrets.GITHUB_TOKEN }}
         context: ${{ inputs.workflow_name }}

diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
     - name: Pre-cleanup
-      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.27
       with:
         to_remove: |
           /usr/local/lib/android

diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml
@@ -24,7 +24,7 @@ jobs:
       actions: write
       checks: read
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.0.18
+    - uses: envoyproxy/toolshed/gh-actions/retest@actions-v0.0.27
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         azp_org: cncf

diff --git a/.github/workflows/envoy-dependency.yml b/.github/workflows/envoy-dependency.yml
@@ -43,13 +43,13 @@ jobs:
     steps:
     - id: checkout
       name: Checkout Envoy repository
-      uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.0.25
+      uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.0.27
       with:
         app_id: ${{ secrets.ENVOY_CI_DEP_APP_ID }}
         app_key: ${{ secrets.ENVOY_CI_DEP_APP_KEY }}
     - id: version
       name: Shorten (possible) SHA
-      uses: envoyproxy/toolshed/gh-actions/str/sub@actions-v0.0.25
+      uses: envoyproxy/toolshed/gh-actions/str/sub@actions-v0.0.27
       with:
         string: ${{ inputs.version }}
         length: 7
@@ -64,13 +64,13 @@ jobs:
         TARGET: ${{ inputs.task == 'bazel' && 'update' || 'api-update' }}
         TASK: ${{ inputs.task == 'bazel' && 'bazel' || 'api/bazel' }}
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - uses: envoyproxy/toolshed/gh-actions/upload/diff@actions-v0.0.25
+    - uses: envoyproxy/toolshed/gh-actions/upload/diff@actions-v0.0.27
       name: Upload diff
       with:
         name: ${{ inputs.dependency }}-${{ steps.version.outputs.string }}
     - name: Create a PR
       if: ${{ inputs.pr }}
-      uses: envoyproxy/toolshed/gh-actions/github/pr@actions-v0.0.25
+      uses: envoyproxy/toolshed/gh-actions/github/pr@actions-v0.0.27
       with:
         base: main
         body: |
@@ -79,6 +79,10 @@ jobs:
           ${{ inputs.pr_message }}
         branch: >-
           dependency/${{ inputs.task }}/${{ inputs.dependency }}/${{ steps.version.outputs.string }}
+        commit-message: |
+          ${{ inputs.task == 'bazel' && 'deps' || 'deps/api' }}: Bump `${{ inputs.dependency }}` -> ${{ steps.version.outputs.string }}
+
+          Signed-off-by: ${{ env.COMMITTER_NAME }} <${{ env.COMMITTER_EMAIL }}>
         committer-name: ${{ env.COMMITTER_NAME }}
         committer-email: ${{ env.COMMITTER_EMAIL }}
         title: >-
@@ -93,7 +97,7 @@ jobs:
     steps:
     - name: Fetch token for app auth
       id: appauth
-      uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.0.23
+      uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.0.27
       with:
         app_id: ${{ secrets.ENVOY_CI_DEP_APP_ID }}
         key: ${{ secrets.ENVOY_CI_DEP_APP_KEY }}
@@ -133,7 +137,7 @@ jobs:
 
     - name: Check Docker SHAs
       id: build-images
-      uses: envoyproxy/toolshed/gh-actions/docker/shas@actions-v0.0.23
+      uses: envoyproxy/toolshed/gh-actions/docker/shas@actions-v0.0.27
       with:
         images: |
            sha: envoyproxy/envoy-build-ubuntu:${{ steps.build-tools.outputs.tag }}
@@ -162,13 +166,17 @@ jobs:
       name: Update SHAs
       working-directory: envoy
     - name: Create a PR
-      uses: envoyproxy/toolshed/gh-actions/github/pr@actions-v0.0.23
+      uses: envoyproxy/toolshed/gh-actions/github/pr@actions-v0.0.27
       with:
         base: main
         body: Created by Envoy dependency bot
         branch: dependency-envoy/build-image/latest
         committer-name: ${{ env.COMMITTER_NAME }}
         committer-email: ${{ env.COMMITTER_EMAIL }}
+        commit-message: |
+          deps: Bump build images -> `${{ steps.build-tools.outputs.tag_short }}`
+
+          Signed-off-by: ${{ env.COMMITTER_NAME }} <${{ env.COMMITTER_EMAIL }}>
         title: 'deps: Bump build images -> `${{ steps.build-tools.outputs.tag_short }}`'
         GITHUB_TOKEN: ${{ steps.appauth.outputs.token }}
         working-directory: envoy
diff --git a/.github/workflows/envoy-release.yml b/.github/workflows/envoy-release.yml
@@ -24,7 +24,7 @@ jobs:
     steps:
     - name: Fetch token for app auth
       id: appauth
-      uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.0.27
       with:
         app_id: ${{ secrets.ENVOY_CI_PUBLISH_APP_ID }}
         key: ${{ secrets.ENVOY_CI_PUBLISH_APP_KEY }}

diff --git a/.github/workflows/envoy-sync.yml b/.github/workflows/envoy-sync.yml
@@ -28,7 +28,7 @@ jobs:
         - data-plane-api
         - mobile-website
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.0.18
+    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.0.27
       with:
         repository: "envoyproxy/${{ matrix.downstream }}"
         ref: main

diff --git a/.github/workflows/mobile-android_tests.yml b/.github/workflows/mobile-android_tests.yml
@@ -34,7 +34,7 @@ jobs:
     - name: Pre-cleanup
       # Using the defaults in
       # https://github.com/envoyproxy/toolshed/blob/main/gh-actions/diskspace/action.yml.
-      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.27
     - uses: actions/checkout@v4
     - name: Add safe directory
       run: git config --global --add safe.directory /__w/envoy/envoy
@@ -68,7 +68,7 @@ jobs:
     - name: Pre-cleanup
       # Using the defaults in
       # https://github.com/envoyproxy/toolshed/blob/main/gh-actions/diskspace/action.yml.
-      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.0.27
     - uses: actions/checkout@v4
     - name: Add safe directory
       run: git config --global --add safe.directory /__w/envoy/envoy

diff --git a/.github/workflows/mobile-release.yml b/.github/workflows/mobile-release.yml
@@ -130,3 +130,119 @@ jobs:
             envoy-pom.xml.asc \
             envoy-sources.jar.asc \
             envoy-javadoc.jar.asc
+
+  android_xds_release_artifacts:
+    if: >-
+      ${{
+          github.repository == 'envoyproxy/envoy'
+          && (github.event.schedule
+              || !contains(github.actor, '[bot]'))
+      }}
+    needs: env
+    permissions:
+      contents: read
+      packages: read
+    name: android_xds_release_artifacts
+    runs-on: ${{ needs.env.outputs.agent_ubuntu }}
+    timeout-minutes: 120
+    container:
+      image: ${{ needs.env.outputs.build_image_ubuntu_mobile }}
+      env:
+        CC: /opt/llvm/bin/clang
+        CXX: /opt/llvm/bin/clang++
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Add safe directory
+      run: git config --global --add safe.directory /__w/envoy/envoy
+    - name: 'Build envoy_xds.aar distributable'
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      working-directory: mobile
+      run: |
+        version="0.5.0.$(date '+%Y%m%d')"
+        ./bazelw build \
+          --config=mobile-remote-release-clang \
+          --remote_header="Authorization=Bearer $GITHUB_TOKEN" \
+          --fat_apk_cpu=x86,x86_64,armeabi-v7a,arm64-v8a \
+          --define=pom_version="$version" \
+          --define=google_grpc=enabled \
+          --config=mobile-release-android \
+          --linkopt=-fuse-ld=lld \
+          //:android_xds_dist
+    - name: 'Tar artifacts'
+      run: |
+        tar -czvf envoy_xds_android_aar_sources.tar.gz \
+            bazel-bin/library/kotlin/io/envoyproxy/envoymobile/envoy_xds.aar \
+            bazel-bin/library/kotlin/io/envoyproxy/envoymobile/envoy_xds-pom.xml \
+            bazel-bin/library/kotlin/io/envoyproxy/envoymobile/envoy_xds-sources.jar \
+            bazel-bin/library/kotlin/io/envoyproxy/envoymobile/envoy_xds-javadoc.jar
+      working-directory: mobile
+    - uses: actions/upload-artifact@v3
+      with:
+        name: envoy_xds_android_aar_sources
+        path: mobile/envoy_xds_android_aar_sources.tar.gz
+
+  android_xds_release_deploy:
+    name: android_xds_release_deploy
+    needs: android_xds_release_artifacts
+    permissions:
+      contents: read
+      packages: read
+    runs-on: ubuntu-22.04
+    timeout-minutes: 20
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Add safe directory
+      run: git config --global --add safe.directory /__w/envoy/envoy
+    - uses: actions/download-artifact@v3
+      with:
+        name: envoy_xds_android_aar_sources
+        path: .
+    - name: Expand archive
+      run: |
+        tar -xvf envoy_xds_android_aar_sources.tar.gz
+        mv bazel-bin/library/kotlin/io/envoyproxy/envoymobile/* .
+    - name: 'Configure gpg signing'
+      env:
+        GPG_KEY: ${{ secrets.EM_GPG_KEY }}
+        GPG_KEY_NAME: ${{ secrets.EM_GPG_KEY_NAME }}
+        GPG_PASSPHRASE: ${{ secrets.EM_GPG_PASSPHRASE }}
+      run: |
+        # https://github.com/keybase/keybase-issues/issues/2798
+        export GPG_TTY=$(tty)
+        # Import gpg keys and warm the passphrase to avoid the gpg
+        # passphrase prompt when initating a deploy
+        # `--pinentry-mode=loopback` could be needed to ensure we
+        # suppress the gpg prompt
+        echo $GPG_KEY | base64 --decode > signing-key
+        gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key
+        shred signing-key
+
+        gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab envoy_xds.aar
+        gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab envoy_xds-pom.xml
+        gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab envoy_xds-javadoc.jar
+        gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab envoy_xds-sources.jar
+    - name: 'Release to sonatype repository'
+      env:
+        READWRITE_USER: ${{ secrets.EM_SONATYPE_USER }}
+        READWRITE_API_KEY: ${{ secrets.EM_SONATYPE_PASSWORD }}
+        SONATYPE_PROFILE_ID: ${{ secrets.EM_SONATYPE_PROFILE_ID }}
+      run: |
+        version="0.5.0.$(date '+%Y%m%d')"
+        python mobile/ci/sonatype_nexus_upload.py \
+          --profile_id=$SONATYPE_PROFILE_ID \
+          --version=$version \
+          --files \
+            envoy_xds.aar \
+            envoy_xds-pom.xml \
+            envoy_xds-sources.jar \
+            envoy_xds-javadoc.jar \
+          --signed_files \
+            envoy_xds.aar.asc \
+            envoy_xds-pom.xml.asc \
+            envoy_xds-sources.jar.asc \
+            envoy_xds-javadoc.jar.asc
diff --git a/.github/workflows/workflow-complete.yml b/.github/workflows/workflow-complete.yml
@@ -53,7 +53,7 @@ jobs:
         echo "state=${STATE}" >> "$GITHUB_OUTPUT"
       id: job
     - name: Complete status check
-      uses: envoyproxy/toolshed/gh-actions/status@actions-v0.0.18
+      uses: envoyproxy/toolshed/gh-actions/status@actions-v0.0.27
       with:
         authToken: ${{ secrets.GITHUB_TOKEN }}
         context: Verify/examples

diff --git a/RELEASES.md b/RELEASES.md
@@ -90,7 +90,8 @@ deadline of 3 weeks.
 | 1.25.0  | 2023/01/15 | 2023/01/18 |   +3 days  | 2024/01/18  |
 | 1.26.0  | 2023/04/15 | 2023/04/18 |   +3 days  | 2024/04/18  |
 | 1.27.0  | 2023/07/14 | 2023/07/27 |  +13 days  | 2024/07/27  |
-| 1.28.0  | 2023/10/16 |            |            |             |
+| 1.28.0  | 2023/10/16 | 2023/10/19 |  +3 days   | 2024/10/19  |
+| 1.29.0  | 2024/01/16 |            |            |             |
 
 ### Cutting a major release
 

diff --git a/api/envoy/extensions/filters/http/json_to_metadata/v3/json_to_metadata.proto b/api/envoy/extensions/filters/http/json_to_metadata/v3/json_to_metadata.proto
@@ -62,7 +62,6 @@ message JsonToMetadata {
   }
 
   message Selector {
-    // TODO(kuochunghsu): Explore matchers for array handling.
     oneof selector {
       // key to match
       string key = 1 [(validate.rules).string = {min_len: 1}];

diff --git a/bazel/foreign_cc/ipp-crypto-bn2lebinpad.patch b/bazel/foreign_cc/ipp-crypto-bn2lebinpad.patch
@@ -0,0 +1,17 @@
+diff --git a/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c b/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c
+index 1099518..7526fdc 100644
+--- a/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c
++++ b/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c
+@@ -168,12 +168,6 @@ __INLINE void transform_8sb_to_mb8(U64 out_mb8[], int bitLen, int8u *inp[8], int
+    }
+ }
+
+-#ifdef OPENSSL_IS_BORINGSSL
+-static int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) {
+-    return BN_bn2le_padded(to, tolen, a);
+-}
+-#endif
+-
+ #ifndef BN_OPENSSL_DISABLE
+ // Convert BIGNUM into MB8(Radix=2^52) format
+ // Returns bitmask of succesfully converted values
diff --git a/bazel/grpc.patch b/bazel/grpc.patch
@@ -23,4 +23,17 @@ index 1bb970e049..81265483e9 100644
 +        "-layering_check",
      ],
  )
-
+
+diff --git a/src/core/lib/channel/channel_args.h b/src/core/lib/channel/channel_args.h
+index 38bb070213..b53086e680 100644
+--- a/src/core/lib/channel/channel_args.h
++++ b/src/core/lib/channel/channel_args.h
+@@ -284,7 +284,7 @@ class ChannelArgs {
+
+   class Value {
+    public:
+-    explicit Value(int n) : rep_(reinterpret_cast<void*>(n), &int_vtable_) {}
++    explicit Value(int n) : rep_(reinterpret_cast<void*>(static_cast<intptr_t>(n)), &int_vtable_) {}
+     explicit Value(std::string s)
+         : rep_(RefCountedString::Make(s).release(), &string_vtable_) {}
+     explicit Value(Pointer p) : rep_(std::move(p)) {}