{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":243394576,"defaultBranch":"main","name":"pixie","ownerLogin":"pixie-io","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-02-27T00:22:45.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/82631609?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726701112.0","currentOid":""},"activityList":{"items":[{"before":"777c3f9f03f951f084581c205cfbb9deffeb6735","after":"40719105813f60b11a9fa7a59067513fc6a45c92","ref":"refs/heads/main","pushedAt":"2024-09-18T23:53:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"[bot][releases] Update readme with link to latest cloud release. (#2028)\n\nSummary: TSIA\r\n\r\nType of change: /kind cleanup\r\n\r\nTest Plan: N/A\r\n\r\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"[bot][releases] Update readme with link to latest cloud release. (#2028)"}},{"before":"1f96cff7186dd2a124a7cfb94556bc4fe64ac41c","after":"777c3f9f03f951f084581c205cfbb9deffeb6735","ref":"refs/heads/main","pushedAt":"2024-09-18T17:45:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Fix self hosted cloud image pull error for plugin db updater Job (#2026)\n\nSummary: Fix self hosted cloud image pull error for plugin db updater\r\nJob\r\n\r\nDuring the 0.1.8 cloud prerelease testing, I noticed that the plugin db\r\nupdater Job hits an image pull error. This was something that was also\r\nreported in the Community slack for the latest release (0.1.7).\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: The Job is successfully created without any additional\r\nmanifest edits\r\n\r\nChangelog Message: Fixed an issue where the self-hosted cloud install\r\nhit an image pull error for the plugin db updater Job\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Fix self hosted cloud image pull error for plugin db updater Job (#2026)"}},{"before":"2704ade09782a48a07b739593634e5e44aca916d","after":"1f96cff7186dd2a124a7cfb94556bc4fe64ac41c","ref":"refs/heads/main","pushedAt":"2024-09-18T17:44:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Fix cloud proxy entrypoint by avoiding modifying a RO directory (Configmap mount directory) (#2027)\n\nSummary: Fix cloud proxy entrypoint by avoiding modifying a RO directory\r\n(Configmap mount directory)\r\n\r\nThis bug was introduced between 0a44b36b3b058402739426dd2b1c7aa67646869c\r\nand c3e0fba3ce266d19dca4207295d58b8737305f46 on #2018 when the\r\nindividual file mounts were changed to a directory mount. Deploying the\r\ncloud proxy from main results in the following error:\r\n\r\n```\r\n$ kubectl -n plc logs cloud-proxy-5df85487bf-hrglr\r\nDefaulted container \"cloud-proxy-server\" out of: cloud-proxy-server, envoy\r\n/scripts/entrypoint.sh: line 20: can't create /usr/local/openresty/nginx/conf/nginx.conf: Read-only file system\r\n```\r\n\r\nWhen I originally tested the final change, I must have only looked at\r\nthe resulting directory and missed that the pod was crashing. This issue\r\nwas detected during the 0.1.8 cloud prerelease testing.\r\n\r\nRelevant Issues: #2017 #2013\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: Verified that the cloud proxy image starts up successfully\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Fix cloud proxy entrypoint by avoiding modifying a RO directory (Conf…"}},{"before":"6fc0f1834b40abd8e3ab027be96f507fb8843ccc","after":"2704ade09782a48a07b739593634e5e44aca916d","ref":"refs/heads/main","pushedAt":"2024-09-16T23:25:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Allow configuring all ConnTrackers' debug trace level at runtime (#2023)\n\nSummary: Allow configuring all ConnTrackers' debug trace level at\r\nruntime\r\n\r\nWhen debugging tracing issues with servers that handle requests\r\npre-fork, it's not practical to use `--stirling_conn_trace_pid` (each\r\nrequest is served by a new PID). This change allows enabling debug\r\ntracing for all conn trackers to facilitate easier debugging.\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind feature\r\n\r\nTest Plan: Skaffolded this change and verified that the following\r\n`stirling_ctrl` command enables `CONN_TRACE` globally.\r\n```\r\n$ ./stirling_ctrl ${pid_of_pem} 1 2\r\n```\r\n\r\nChangelog Message: Provide mechanism for debugging a PEM's connection\r\ntracking more easily at runtime\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Allow configuring all ConnTrackers' debug trace level at runtime (#2023)"}},{"before":"9b5f295a23ff618d4b60f91db51a1f3983bd0f84","after":"6fc0f1834b40abd8e3ab027be96f507fb8843ccc","ref":"refs/heads/main","pushedAt":"2024-09-16T23:25:10.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Use correct byte ordering function for kernel struct member (skc_num) (#2002)\n\nSummary: Use correct byte ordering function for kernel struct member\r\n(skc_num)\r\n\r\nThis change doesn't result in a functional difference since `ntohs` and\r\n`htons` are inverses of each other on little endian machines (and noops\r\nfor big endian machines). This field's byte order caused me confusion in\r\n#1989, so I wanted to make this struct access consistent.\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind cleanup\r\n\r\nTest Plan: Testing during #1989 (details\r\n[here](https://github.com/pixie-io/pixie/pull/1989#discussion_r1743081397))\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Use correct byte ordering function for kernel struct member (skc_num) ("}},{"before":"5bac2504a653950b909046bf49c87510a7c5f1c1","after":"9b5f295a23ff618d4b60f91db51a1f3983bd0f84","ref":"refs/heads/main","pushedAt":"2024-09-16T21:28:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Remove nginx config files from cloud proxy container in favor of Configmaps for easier runtime overrides (#2018)\n\nSummary: Remove nginx config files from cloud proxy container in favor\r\nof Configmaps for easier runtime overrides\r\n\r\nThis is an alternative approach to #2014 and #2016. While this doesn't\r\nprovide an environment variable for configuring the intended behavior,\r\nthis approach is more flexible since many Nginx directives don't work\r\nwith variables (`server_name`, `resolver`, among others ).\r\n\r\nBecause nginx prohibits variables in these directives, it makes it very\r\ndifficult to provide environment variable based settings without our\r\nprevious `sed` approach. The `sed` approach also has its problems since\r\nit requires\r\n[hacks](https://github.com/pixie-io/pixie/pull/2014/files#diff-5ec7ca8d0f624fe1f4eb3778cc96dcee2f999bf39bad422807b67b15ce2f8e7bR27)\r\nto support configuration removals. Rather than trying to solve all\r\npotential use cases, this PR opts to make the configuration easy to swap\r\nout via the `pl-proxy-nginx-config` Configmap.\r\n\r\nI plan to update the self hosted cloud docs to call out that this\r\nConfigmap exists and should be used if custom nginx configuration is\r\nneeded outside of the upstream defaults.\r\n\r\nRelevant Issues: #2017\r\n\r\nType of change: /kind feature\r\n\r\nTest Plan: Deployed to a cloud environment and verified that the\r\nupstream defaults and `PL_DOMAIN_NAME` apply as expected\r\n\r\nChangelog Message: Removed nginx configuration from the container image\r\ninto `pl-proxy-nginx-config` Configmap for easier runtime overrides\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Remove nginx config files from cloud proxy container in favor of Conf…"}},{"before":null,"after":"0e8ecce51932d5982e7194469d00a4aa54f8049b","ref":"refs/heads/dependabot/npm_and_yarn/src/ui/express-4.21.0","pushedAt":"2024-09-13T21:30:02.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump express from 4.19.2 to 4.21.0 in /src/ui\n\nBumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.21.0.\n- [Release notes](https://github.com/expressjs/express/releases)\n- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)\n- [Commits](https://github.com/expressjs/express/compare/4.19.2...4.21.0)\n\n---\nupdated-dependencies:\n- dependency-name: express\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump express from 4.19.2 to 4.21.0 in /src/ui"}},{"before":"a68986a7b279e369d6b1103b4558b5298ce461d0","after":"5bac2504a653950b909046bf49c87510a7c5f1c1","ref":"refs/heads/main","pushedAt":"2024-09-11T02:54:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"[bot][releases] Update readme with link to latest cli release. (#2020)","shortMessageHtmlLink":"[bot][releases] Update readme with link to latest cli release. (#2020)"}},{"before":"254d8282a4c6c35422eb47b8881f242879241c43","after":"bc051264744ed2ea1c47bfa3b1114ccd026e4f92","ref":"refs/heads/gh-pages","pushedAt":"2024-09-11T02:23:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Update artifact manifest\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"Update artifact manifest"}},{"before":"7d0e48e0c73d2eb93e4ea92f9a987211292d5738","after":null,"ref":"refs/tags/release/cli/v0.8.3","pushedAt":"2024-09-11T02:06:45.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"4528883d85f3f372f9b298346d74b36aba87febd","after":"a68986a7b279e369d6b1103b4558b5298ce461d0","ref":"refs/heads/main","pushedAt":"2024-09-11T01:27:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Fix path to cli artifacts and output file now that container volume mounts are removed (#2019)","shortMessageHtmlLink":"Fix path to cli artifacts and output file now that container volume m…"}},{"before":"fcf7d01233b163042653924f46b939f6aba2af76","after":null,"ref":"refs/tags/release/cli/v0.8.5","pushedAt":"2024-09-10T21:46:36.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"a613465b3337fa9a47f5eadba0e4ff17ec78dc42","after":null,"ref":"refs/tags/release/cli/v0.8.4","pushedAt":"2024-09-10T21:46:34.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"4c9a8695b2d0b96c7bc949b52d2b4299094a83d5","after":null,"ref":"refs/tags/release/cli/v0.8.3","pushedAt":"2024-09-10T21:45:46.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"07fff004cbf4cdb43910daa5e9b93da293dbf690","after":"4528883d85f3f372f9b298346d74b36aba87febd","ref":"refs/heads/main","pushedAt":"2024-09-10T17:50:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Use fpm binary from within dev_image_extras container for cli releases (#2015)\n\nSummary: Use fpm binary from within dev_image_extras container for cli\r\nreleases\r\n\r\nWith #2012 merged, the `dev_image_with_extras` container image now\r\ncontains `fpm`. This change removes the use of podman to avoid the\r\npermission issues seen in recent cli builds. This should allow the\r\nproduction cli release build to succeed.\r\n\r\nRelevant Issues: Closes #1993\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: Verified that `fpm` exists in most recent image and packaging\r\nbuilding commands work (see testing on #2012). Running a production cli\r\nrelease build is needed after this is merged to complete the testing.\r\n```\r\n$ ./scripts/run_docker.sh\r\nsha256:c14b06e5753d4d9c6b2ff8671843043113cdcfa3f3cb36a492a665d71dc42fad\r\ngrep: /etc/bazelrc: No such file or directory\r\nRun Parameters:\r\n Build Buddy: Disabled\r\n Shell: /bin/bash\r\n+ docker run --rm --hostname px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal -it -v /dev/shm:/dev/shm -v /home/ddelnano:/home/ddelnano -v /var/run/docker.sock:/var/run/docker.sock -v /home/ddelnano/code/pixie-worktree:/px/src/px.dev/pixie --network=host -v /usr/local/bin/px:/bin/px px_dev_image:202409092344 /bin/bash\r\nddelnano@px-dev-docker-dev-vm:/px/src/px.dev/pixie (ddelnano/use-fpm-within-dev_image_extras-container) $ fpm --version\r\n1.15.1\r\n\r\n```\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Use fpm binary from within dev_image_extras container for cli releases ("}},{"before":"a4b8bc53eb1c44bed3753c6706325a27c28d93f0","after":"07fff004cbf4cdb43910daa5e9b93da293dbf690","ref":"refs/heads/main","pushedAt":"2024-09-10T15:40:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Add fpm to dev container image to avoid podman in docker in GitHub actions (#2012)\n\nSummary: Add fpm to dev container image to avoid podman in docker in\r\nGitHub actions\r\n\r\nThe production cli release build fails on these steps. The container\r\nrunning the job is unable to create new namespaces and runs into the\r\nfollowing error:\r\n\r\n```\r\n+ podman run -i --rm -v /tmp/tmp.oCPtyljlYd:/src/ -v /__w/pixie/pixie:/image docker.io/cdrx/fpm-fedora:24 fpm -f -p /image/pixie-px-0.8.3.x86_64.rpm -s dir -t rpm -n pixie-px -v 0.8.3 --prefix /usr/local/bin px\r\ntime=\"2024-09-06T18:10:15Z\" level=warning msg=\"\\\"/\\\" is not a shared mount, this could cause issues or missing mounts with rootless containers\"\r\ncannot clone: Operation not permitted\r\nError: cannot re-exec process\r\n```\r\n\r\nRather than fix the namespace creation problem, which has been difficult\r\nto debug, this installs the necessary tools within the container. This\r\nwill allow us to avoid using podman to run `fpm`.\r\n\r\nThis change also reverts the previous attempt at fixing this and removes\r\ngenny from the container image. See [this\r\ncomment](https://github.com/pixie-io/pixie/pull/2012#discussion_r1751309786)\r\nfor more details on the genny removal.\r\n\r\nRelevant Issues: #1993\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: Verified that building the deb and rpm packages works from\r\nthe ubuntu based dev container image and that installing the packages is\r\nsuccessful in their respective distros\r\n```\r\n$ docker run --entrypoint bash -it docker.io/ddelnano/dev_image:202409082304\r\nroot@f65d4d86e9be:/src# fpm -f -s dir -t rpm -n pixie-px -v 0.8.3 --prefix /usr/local/bin -p pixie-px-0.8.3.x86_64.rpm px\r\nCreated package {:path=>\"pixie-px-0.8.3.x86_64.rpm\"}\r\nroot@f65d4d86e9be:/src# fpm -f -s dir -t deb -n pixie-px -v 0.8.3 --prefix /usr/local/bin -p pixie-px-0.8.3.deb px\r\nCreated package {:path=>\"pixie-px-0.8.3.deb\"}\r\n\r\n# Install the rpm package and test px in a fedora container\r\n$ docker run --entrypoint bash -it -v $(pwd):/src/ -w /src fedora\r\n[root@90a53608bae0 src]# rpm -i pixie-px-0.8.3.x86_64.rpm\r\n[root@90a53608bae0 src]# px --version\r\nPixie CLI\r\n```\r\n- Verified chef works against a Ubuntu noble VM\r\n- [ ] Ran `#ci:ignore-deps` and `#ci:bpf-build-all-kernels` build due to\r\ngenny removal\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Add fpm to dev container image to avoid podman in docker in GitHub ac…"}},{"before":"52c82470f5072ca6c12623ce2553015989c856c2","after":null,"ref":"refs/tags/release/cli/v0.8.3","pushedAt":"2024-09-06T21:19:07.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"5dc122a5fcefd57605a49fe3a841ded9f8892203","after":"a4b8bc53eb1c44bed3753c6706325a27c28d93f0","ref":"refs/heads/main","pushedAt":"2024-09-06T21:18:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"},"commit":{"message":"Use privileged container for running cli build release steps (#2011)\n\nSummary: Use privileged container for running cli build release steps\r\n\r\nThis reverts my second attempt at fixing the issue with our recent cli\r\nbuilds and tries to address the issue by running the GitHub action's\r\ncontainer privileged. This is to address the following error seen in\r\nrecent cli release builds:\r\n\r\n```\r\n+ podman run -i --rm -v /tmp/tmp.xkTyDurlVW:/src/ -v /__w/pixie/pixie:/image docker.io/cdrx/fpm-fedora:24 fpm -f -p /image/pixie-px-0.8.3.x86_64.rpm -s dir -t rpm -n pixie-px -v 0.8.3 --prefix /usr/local/bin px\r\ntime=\"2024-09-05T22:47:26Z\" level=warning msg=\"\\\"/\\\" is not a shared mount, this could cause issues or missing mounts with rootless containers\"\r\ncannot clone: Operation not permitted\r\nError: cannot re-exec process\r\n```\r\n\r\nRelevant Issues: #1993\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: Reproduced the `clone: Operation not permitted` issue on my\r\ndev VM. Verified that adding `--privileged` no longer sees the issue\r\n```\r\n# Note: running podman without sudo runs into an issue before the clone issue happens.\r\n# This may not be the most representative test but hopefully it reproduces the issue closely enough\r\n\r\n$ ./scripts/run_docker.sh\r\nsha256:e8d76daa1fe01efdff68cacf982f00a94a674b1d450f8eab11b98f5bd6a5c397\r\ngrep: /etc/bazelrc: No such file or directory\r\nRun Parameters:\r\n Build Buddy: Disabled\r\n Shell: /bin/bash\r\n+ docker run --rm --hostname px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal -it -v /dev/shm:/dev/shm -v /home/ddelnano:/home/ddelnano -v /var/run/docker.sock:/var/run/docker.sock -v /home/ddelnano/code/pixie-worktree:/px/src/px.dev/pixie --network=host -v /usr/local/bin/px:/bin/px px_dev_image:202405102250 /bin/bash\r\n\r\n$ sudo podman info\r\nsudo: unable to resolve host px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal: Name or service not known\r\nWARN[0000] \"/\" is not a shared mount, this could cause issues or missing mounts with rootless containers\r\ncannot clone: Operation not permitted\r\nError: cannot re-exec process\r\n\r\n# Run same ./scripts/run_docker.sh but with --privileged added\r\n\r\n$ docker run --rm --hostname px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal -it -v /dev/shm:/dev/shm -v /home/ddelnano:/home/ddelnano -v /var/run/docker.sock:/var/run/docker.sock -v /home/ddelnano/code/pixie-worktree:/px/src/px.dev/pixie --network=host -v /usr/local/bin/px:/bin/px --privileged px_dev_image:202405102250 /bin/bash\r\n\r\n# podman info succeeds\r\n$ sudo podman info\r\nsudo: unable to resolve host px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal: Name or service not known\r\nhost:\r\n arch: amd64\r\n```\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Use privileged container for running cli build release steps (#2011)"}},{"before":"0a82bfa235d4d04715b9276f62a9bab7309c8ce9","after":null,"ref":"refs/tags/release/cli/v0.8.3","pushedAt":"2024-09-06T18:06:27.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"aa1f72a69f0a072d97accd721081f89cb8108fd1","after":"5dc122a5fcefd57605a49fe3a841ded9f8892203","ref":"refs/heads/main","pushedAt":"2024-09-06T18:00:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Another attempt to remediate user namespace issues with ubuntu24 runners (#2010)\n\nSummary: Another attempt to remediate user namespace issues with ubuntu\r\n24.04 runners\r\n\r\nThis reverts the failed previous attempt and re-enables user namespaces\r\non ubuntu 24.04. This is a well known behavior change between Ubuntu\r\n22.04 and 24.04\r\n(https://github.com/actions/runner-images/issues/10443#issuecomment-2296608244).\r\nSince podman is running rootless, I think it's possible that the user\r\nnamespace creation (clone syscall) is failing.\r\n\r\nRelevant Issues: #1993\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: Run another production release build after merging this\r\n- Verified that this sysctl cli invocation is similar to our [existing\r\nexample](https://github.com/pixie-io/pixie/blob/aa1f72a69f0a072d97accd721081f89cb8108fd1/.github/workflows/build_and_test.yaml#L87)\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Another attempt to remediate user namespace issues with ubuntu24 runn…"}},{"before":"7b0a04e68bbc42fd8ff049a33527c4710b90e02f","after":null,"ref":"refs/tags/release/cli/v0.8.4","pushedAt":"2024-09-06T16:57:39.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"7af9fe339cd621c1c8b8ff4d45fca9c5ec53b947","after":null,"ref":"refs/tags/release/cli/v0.8.3","pushedAt":"2024-09-06T16:55:50.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"}},{"before":"3a76a2723ba050fdd9908ef41d04d5cac0075cc0","after":"aa1f72a69f0a072d97accd721081f89cb8108fd1","ref":"refs/heads/main","pushedAt":"2024-09-06T16:10:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Fix production cli release build by using seccomp profile recommended by podman maintainers (#2008)\n\nSummary: Fix production cli release build by using seccomp profile\r\nrecommended by podman maintainers\r\n\r\nThe cli pre-release builds do not trigger our RPM and deb packaging.\r\nThis packaging step is accomplished by running podman containers and\r\nfailed during our most recent production cli release (error below):\r\n\r\n```\r\n+ podman run -i --rm -v /tmp/tmp.xkTyDurlVW:/src/ -v /__w/pixie/pixie:/image docker.io/cdrx/fpm-fedora:24 fpm -f -p /image/pixie-px-0.8.3.x86_64.rpm -s dir -t rpm -n pixie-px -v 0.8.3 --prefix /usr/local/bin px\r\ntime=\"2024-09-05T22:47:26Z\" level=warning msg=\"\\\"/\\\" is not a shared mount, this could cause issues or missing mounts with rootless containers\"\r\ncannot clone: Operation not permitted\r\nError: cannot re-exec process\r\n```\r\n\r\nThis is an attempt to remediate the issue by following what was\r\nrecommended by podman's maintainers in a [past\r\nissue](https://github.com/containers/podman/issues/10802#issuecomment-869925846).\r\n\r\nRelevant Issues: #1993\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: Requires building a production release cli since this logic\r\nis skipped otherwise\r\n- [x] Verified this seccomp profile is a dependency of the podman Ubuntu\r\npackage and installed in our dev image that the CI job uses.\r\n```\r\nddelnano@dev-vm:~/code/pixie-worktree (ddelnano/address-unable-to-clone-error) $ ./scripts/run_docker.sh pwd && ls -alh /usr/share/containers/seccomp.json\r\nsha256:e8d76daa1fe01efdff68cacf982f00a94a674b1d450f8eab11b98f5bd6a5c397\r\ngrep: /etc/bazelrc: No such file or directory\r\nRun Parameters:\r\n Build Buddy: Disabled\r\n Shell: /bin/bash\r\n+ docker run --rm --hostname px-dev-docker-dev-vm.us-west1-a.c.endless-datum-422018.internal -it -v /dev/shm:/dev/shm -v /home/ddelnano:/home/ddelnano -v /var/run/docker.sock:/var/run/docker.sock -v /home/ddelnano/code/pixie-worktree:/px/src/px.dev/pixie --network=host -v /usr/local/bin/px:/bin/px px_dev_image:202405102250 /bin/bash -c pwd\r\n/px/src/px.dev/pixie\r\n-rw-r--r-- 1 root root 17K Feb 1 2024 /usr/share/containers/seccomp.json\r\n\r\nddelnano@px-dev-docker-dev-vm:/px/src/px.dev/pixie (ddelnano/address-unable-to-clone-error) $ dpkg -S /usr/share/containers/seccomp.json\r\ngolang-github-containers-common: /usr/share/containers/seccomp.json\r\nddelnano@px-dev-docker-dev-vm:/px/src/px.dev/pixie (ddelnano/address-unable-to-clone-error) $ apt-cache rdepends golang-github-containers-common | grep podman\r\n podman\r\n\r\n\r\n```\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Fix production cli release build by using seccomp profile recommended…"}},{"before":"6a8af6575ac7c125f92f2f42c7e885f7a0fcf253","after":"254d8282a4c6c35422eb47b8881f242879241c43","ref":"refs/heads/gh-pages","pushedAt":"2024-09-05T22:05:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Update artifact manifest\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"Update artifact manifest"}},{"before":"0c1fdd2f14c28bd2f3588df5da29e78de4a79d3f","after":"3a76a2723ba050fdd9908ef41d04d5cac0075cc0","ref":"refs/heads/main","pushedAt":"2024-09-05T21:45:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Use maintained gon fork to address Apple signing deprecation (#1997)\n\nSummary: Use maintained gon fork to address Apple signing deprecation\r\n\r\nThis is a continuation of #1994. Rather than using the macos tools\r\ndirectly, we can continue using gon by switching to the maintained fork\r\n([github.com/Bearer/gon](https://github.com/Bearer/gon))\r\n\r\nRelevant Issues: Closes https://github.com/pixie-io/pixie/issues/1993\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: cli-release GitHub workflow\r\n[succeeds](https://github.com/pixie-io/pixie/actions/runs/10724342153/job/29740236170)\r\nwhen built from this branch\r\n\r\nChangelog Message: Fix macos signing for px cli releases\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Use maintained gon fork to address Apple signing deprecation (#1997)"}},{"before":"2e227d47b7966b4739a580df4c4eee8f3004bd04","after":"6a8af6575ac7c125f92f2f42c7e885f7a0fcf253","ref":"refs/heads/gh-pages","pushedAt":"2024-09-05T16:40:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Update artifact manifest\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"Update artifact manifest"}},{"before":"afffb8e6089071ebf568f595ea710bd6d2536e23","after":"0c1fdd2f14c28bd2f3588df5da29e78de4a79d3f","ref":"refs/heads/main","pushedAt":"2024-09-05T16:16:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Populate client side trace's local address via tcp kprobes (#1989)\n\nSummary: Populate client side trace's local address via tcp kprobes\r\n\r\nThis change populates client side trace's `local_addr` and `local_port`\r\ncolumns for the following use cases:\r\n1. To provide more consistency for the protocol data tables. Having\r\ncolumns that are empty make it difficult for end users to understand\r\nwhat is being traced and make them less useful\r\n2. To facilitate addressing a portion of the short lived process\r\nproblems (#1638)\r\n\r\nFor 2, the root of the issue is that `df.ctx[\"pod\"]` syntax relies on\r\nthe\r\n[px.upid_to_pod_name](https://docs.px.dev/reference/pxl/udf/upid_to_pod_name/)\r\nfunction. If a PEM misses the short lived process during its metadata\r\nupdate, this function fails to resolve the pod name. For client side\r\ntraces where the pod is making an outbound connection (non localhost),\r\nthe `local_addr` column provides an alternative pod name lookup for\r\nshort lived processes when the pod is long lived. This means the\r\nfollowing would be equivalent to the `df.ctx[\"pod\"]` lookup:\r\n`px.pod_id_to_pod_name(px.ip_to_pod_id(df.local_addr))`.\r\n\r\nI intend to follow this PR with a compiler change that will make\r\n`df.ctx[\"pod\"]` try both methods should `px.upid_to_pod_name` fail to\r\nresolve. This will allow the existing pxl scripts to display the\r\npreviously missed short lived processes.\r\n\r\n**Alternatives**\r\n\r\nAnother approach I considered was expanding our use of the `sock_alloc`\r\nkprobe. I used ftrace on a simple curl command to see what other options\r\ncould be used (`sudo trace-cmd record -F -p function_graph\r\nhttp://google.com`). The `socket` syscall calls `sock_alloc`, which\r\nwould be another mechanism for accessing the `struct sock`. I decided\r\nagainst this approach because I don't think its viable to assume that\r\nthe same thread/process that calls `socket` will be the one that does\r\nthe later syscalls (how our BPF maps are set up). It's common to have a\r\nforking web server model, which means a different process/thread can\r\ncall `socket` than the ones that later read/write to it.\r\n\r\n**Probe stability**\r\n\r\nThese probes appear to be stable from our oldest and newest supported\r\nkernel. These functions exist in the\r\n[tcp_prot](https://elixir.bootlin.com/linux/v4.14.336/source/net/ipv4/tcp_ipv4.c#L2422),\r\n[tcpv6_prot](https://elixir.bootlin.com/linux/v4.14.336/source/net/ipv6/tcp_ipv6.c#L1941)\r\nstructs and I've seen that other projects and bcc tools use these\r\nprobes. This makes me believe that these functions have a pretty well\r\ndefined interface.\r\n\r\nRelevant Issues: #1829, #1638\r\n\r\nType of change: /kind feature\r\n\r\nTest Plan: New tests verify that ipv4 and ipv6 cases work\r\n- [x] Ran `for i in $(seq 0 1000); do curl http://google.com/$i; sleep\r\n2; done` within a pod and verified that `local_addr` is populated with\r\nthis change and `px.pod_id_to_pod_name(px.ip_to_pod_id(df.local_addr))`\r\nworks for pod name resolution.\r\n\r\n- [x] Verified the above curl test results in traces without\r\n`local_addr` without this change\r\n\r\n![local-addr-testing](https://github.com/user-attachments/assets/344be022-97a0-4096-8af7-8de20d741e40)\r\n- Tested on the following k8s offerings and machine images\r\n- [x] GKE COS and Ubuntu\r\n- [x] EKS Amazon Linux 2\r\n\r\nChangelog Message: Populate socket tracer data table `local_addr` and\r\n`local_port` column for client side traces.\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Populate client side trace's local address via tcp kprobes (#1989)"}},{"before":"9ae53a86bb73cfb020977638f79c28fe6da941a0","after":"afffb8e6089071ebf568f595ea710bd6d2536e23","ref":"refs/heads/main","pushedAt":"2024-09-04T22:00:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Fix bug where cli manifests with `AT_DARWIN_ARM64` ArtifactTypes fail to parse (#2005)\n\nSummary: Fix bug where cli manifests with `AT_DARWIN_ARM64`\r\nArtifactTypes fail to parse\r\n\r\nThis was an error I ran into when testing #1997. You can see the failure\r\noutput from the [following\r\nbuild](https://github.com/pixie-io/pixie/actions/runs/10705210930/job/29681122220?pr=1997)\r\n(also copied below).\r\n\r\n```\r\nINFO: Running command line: bazel-bin/src/utils/artifacts/manifest_updater/manifest_updater_/manifest_updater '--manifest_updates=/__w/pixie/pixie/manifest_updates.json' '--manifest_path=/__w/pixie/pixie/gh-pages/artifacts/manifest.json'\r\ntime=\"2024-09-04T16:17:53Z\" level=fatal msg=\"failed to read manifest updates\" error=\"unknown value \\\"AT_DARWIN_ARM64\\\" for enum px.versions.ArtifactType\"\r\n```\r\n\r\nRelevant Issues: #1993\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: Built the manifest_updater binary and verified it no longer\r\nfails with a parse error\r\n```\r\n$ ./manifest_updater --manifest_updates manifest_updates.json --manifest_path=manifest.json\r\n$\r\n```\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Del Nano ","shortMessageHtmlLink":"Fix bug where cli manifests with AT_DARWIN_ARM64 ArtifactTypes fail…"}},{"before":"df3992f460ceeb942084fc90a625f580f139092b","after":"9ae53a86bb73cfb020977638f79c28fe6da941a0","ref":"refs/heads/main","pushedAt":"2024-09-04T15:58:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Update GitHub matrix to use correct 6.1.x kernel (#2004)\n\nSummary: Update GitHub matrix to use correct 6.1.x kernel\r\n\r\nBuilds after #1995 would fail since GitHub would attempt to run the\r\n6.1.8 kernel build, which bazel no longer understands. This also updates\r\nthe qemu test runner kernel that was incorrectly updated in #1999. I\r\nthought I had exercised that default value with my testing, but it\r\ndidn't trigger that default value.\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind bugfix\r\n\r\nTest Plan: GitHub build on #2002 which pulls in the matrix change is no\r\nlonger failing","shortMessageHtmlLink":"Update GitHub matrix to use correct 6.1.x kernel (#2004)"}},{"before":null,"after":"9d541038e02c072e4d690f80c627f8fcf62b3392","ref":"refs/heads/dependabot/pip/src/api/python/cryptography-43.0.1","pushedAt":"2024-09-04T00:07:18.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump cryptography from 42.0.4 to 43.0.1 in /src/api/python\n\nBumps [cryptography](https://github.com/pyca/cryptography) from 42.0.4 to 43.0.1.\n- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)\n- [Commits](https://github.com/pyca/cryptography/compare/42.0.4...43.0.1)\n\n---\nupdated-dependencies:\n- dependency-name: cryptography\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump cryptography from 42.0.4 to 43.0.1 in /src/api/python"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xOFQyMzo1MzozMy4wMDAwMDBazwAAAAS6Qqhr","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xOFQyMzo1MzozMy4wMDAwMDBazwAAAAS6Qqhr","endCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0wNFQwMDowNzoxOC4wMDAwMDBazwAAAASsILp2"}},"title":"Activity · pixie-io/pixie"}