From d670ecbe55977e02bc83a3d6ff94e911c6f39d7f Mon Sep 17 00:00:00 2001 From: Jelle Besseling Date: Mon, 1 Jul 2024 02:24:41 +0200 Subject: [PATCH 01/14] docs: Fix typo in bootstrap config (#3710) Fix typo in bootstrap config Signed-off-by: Jelle Besseling --- site/content/en/v0.6.0/user/customize-envoyproxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/v0.6.0/user/customize-envoyproxy.md b/site/content/en/v0.6.0/user/customize-envoyproxy.md index 356a3d7b089..7f9bfb7cdc0 100644 --- a/site/content/en/v0.6.0/user/customize-envoyproxy.md +++ b/site/content/en/v0.6.0/user/customize-envoyproxy.md @@ -236,7 +236,7 @@ metadata: spec: bootstrap: type: Replace - bootstrap: | + value: | admin: access_log: - name: envoy.access_loggers.file From 4a74e608fffe59b3a20f6e7160dfa17b13289677 Mon Sep 17 00:00:00 2001 From: Kensei Nakada Date: Mon, 1 Jul 2024 09:25:00 +0900 Subject: [PATCH 02/14] chore: preallocate a list of addresses (#3712) Signed-off-by: sanposhiho <44139130+sanposhiho@users.noreply.github.com> --- internal/gatewayapi/status/gateway.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/gatewayapi/status/gateway.go b/internal/gatewayapi/status/gateway.go index aeeabf88d3b..e9c204066f4 100644 --- a/internal/gatewayapi/status/gateway.go +++ b/internal/gatewayapi/status/gateway.go @@ -75,7 +75,7 @@ func UpdateGatewayStatusProgrammedCondition(gw *gwapiv1.Gateway, svc *corev1.Ser } } - var gwAddresses []gwapiv1.GatewayStatusAddress + gwAddresses := make([]gwapiv1.GatewayStatusAddress, 0, len(addresses)+len(hostnames)) for i := range addresses { addr := gwapiv1.GatewayStatusAddress{ Type: ptr.To(gwapiv1.IPAddressType), From ab2575780e925198d3059c1dda4a1d656853a620 Mon Sep 17 00:00:00 2001 From: zirain Date: Mon, 1 Jul 2024 19:21:52 +0800 Subject: [PATCH 03/14] chore: remove incorrect comment (#3716) Signed-off-by: zirain --- .../testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml index dd96ed4b01e..38d1e20e04a 100644 --- a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml +++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.in.yaml @@ -10,7 +10,7 @@ envoyProxyForGatewayClass: settings: - matches: - "response.code >= 400" - - ")++++" # invalid CEL expression will be ignored + - ")++++" format: type: Text text: | From c2983b53607470cdfead3b1889413dab0d4ac058 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Mon, 1 Jul 2024 09:07:06 -0700 Subject: [PATCH 04/14] chore: add "extproc" to extproc ir name (#3697) add "extproc" to extproc ir name Signed-off-by: Huabing Zhao --- internal/gatewayapi/envoyextensionpolicy.go | 11 +++++------ .../envoyextensionpolicy-override-replace.out.yaml | 4 ++-- ...policy-with-extproc-with-backendtlspolicy.out.yaml | 4 ++-- ...cy-with-extproc-with-multiple-backendrefs.out.yaml | 2 +- .../xds/translator/testdata/in/xds-ir/ext-proc.yaml | 8 ++++---- .../testdata/out/xds-ir/ext-proc.listeners.yaml | 8 ++++---- .../testdata/out/xds-ir/ext-proc.routes.yaml | 8 ++++---- 7 files changed, 22 insertions(+), 23 deletions(-) diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go index af7904ec3bf..5baecbcb505 100644 --- a/internal/gatewayapi/envoyextensionpolicy.go +++ b/internal/gatewayapi/envoyextensionpolicy.go @@ -430,7 +430,7 @@ func (t *Translator) buildExtProcs(policy *egv1a1.EnvoyExtensionPolicy, resource } for idx, ep := range policy.Spec.ExtProc { - name := irConfigNameForEEP(policy, idx) + name := irConfigNameForExtProc(policy, idx) extProcIR, err := t.buildExtProc(name, utils.NamespacedName(policy), ep, idx, resources, envoyProxy) if err != nil { return nil, err @@ -534,12 +534,11 @@ func (t *Translator) buildExtProc( return extProcIR, err } -func irConfigNameForEEP(policy *egv1a1.EnvoyExtensionPolicy, idx int) string { +func irConfigNameForExtProc(policy *egv1a1.EnvoyExtensionPolicy, index int) string { return fmt.Sprintf( - "%s/%s/%d", - strings.ToLower(egv1a1.KindEnvoyExtensionPolicy), - utils.NamespacedName(policy).String(), - idx) + "%s/extproc/%s", + irConfigName(policy), + strconv.Itoa(index)) } func (t *Translator) buildWasms( diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml index 76a40d590b1..295ca972ef1 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml @@ -230,7 +230,7 @@ xdsIR: settings: - protocol: GRPC weight: 1 - name: envoyextensionpolicy/default/policy-for-route-1/0 + name: envoyextensionpolicy/default/policy-for-route-1/extproc/0 hostname: gateway.envoyproxy.io isHTTP2: false name: httproute/default/httproute-1/rule/0/match/0/gateway_envoyproxy_io @@ -254,7 +254,7 @@ xdsIR: settings: - protocol: GRPC weight: 1 - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/0 + name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/extproc/0 hostname: gateway.envoyproxy.io isHTTP2: false name: httproute/default/httproute-2/rule/0/match/0/gateway_envoyproxy_io diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml index c5accb66279..4be44031a2f 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml @@ -315,7 +315,7 @@ xdsIR: name: policy-btls-grpc-2/default-ca sni: grpc-backend-2 weight: 1 - name: envoyextensionpolicy/default/policy-for-http-route/0 + name: envoyextensionpolicy/default/policy-for-http-route/extproc/0 requestHeaderProcessing: true responseHeaderProcessing: true hostname: www.foo.com @@ -349,7 +349,7 @@ xdsIR: weight: 1 failOpen: true messageTimeout: 5s - name: envoyextensionpolicy/default/policy-for-gateway/0 + name: envoyextensionpolicy/default/policy-for-gateway/extproc/0 requestBodyProcessingMode: Buffered requestHeaderProcessing: true responseBodyProcessingMode: Streamed diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml index dcc1e7522b1..800cafff090 100644 --- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml +++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml @@ -335,7 +335,7 @@ xdsIR: name: policy-btls-backend-ip/envoy-gateway-ca sni: ip-backend weight: 1 - name: envoyextensionpolicy/default/policy-for-http-route/0 + name: envoyextensionpolicy/default/policy-for-http-route/extproc/0 hostname: www.foo.com isHTTP2: false name: httproute/default/httproute-1/rule/0/match/0/www_foo_com diff --git a/internal/xds/translator/testdata/in/xds-ir/ext-proc.yaml b/internal/xds/translator/testdata/in/xds-ir/ext-proc.yaml index 64773de0a1d..8209c2947e3 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ext-proc.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ext-proc.yaml @@ -19,7 +19,7 @@ http: protocol: HTTP weight: 1 extProc: - - name: envoyextensionpolicy/default/policy-for-route-2/0 + - name: envoyextensionpolicy/default/policy-for-route-2/extproc/0 failOpen: true messageTimeout: 5s requestHeaderProcessing: true @@ -31,7 +31,7 @@ http: settings: - protocol: GRPC weight: 1 - - name: envoyextensionpolicy/default/policy-for-route-1/0 + - name: envoyextensionpolicy/default/policy-for-route-1/extproc/0 failOpen: true messageTimeout: 5s responseHeaderProcessing: true @@ -59,14 +59,14 @@ http: protocol: HTTP weight: 1 extProc: - - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-2/0 + - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-2/extproc/0 authority: grpc-backend-3.envoy-gateway:3000 destination: name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-2/0/grpc-backend-3 settings: - protocol: GRPC weight: 1 - - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/0 + - name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/extproc/0 failOpen: false messageTimeout: 15s authority: grpc-backend.envoy-gateway:9000 diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml index eed8c83a0fe..8e85e79cf9e 100755 --- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml @@ -15,7 +15,7 @@ maxConcurrentStreams: 100 httpFilters: - disabled: true - name: envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-2/0 + name: envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-2/extproc/0 typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor failureModeAllow: true @@ -33,7 +33,7 @@ responseHeaderMode: SKIP responseTrailerMode: SKIP - disabled: true - name: envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-1/0 + name: envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-1/extproc/0 typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor failureModeAllow: true @@ -50,7 +50,7 @@ responseHeaderMode: SEND responseTrailerMode: SKIP - disabled: true - name: envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-2/0 + name: envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-2/extproc/0 typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor grpcService: @@ -64,7 +64,7 @@ responseHeaderMode: SKIP responseTrailerMode: SKIP - disabled: true - name: envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/0 + name: envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/extproc/0 typedConfig: '@type': type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor grpcService: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.routes.yaml index 0daf1919cb2..c17e6456d15 100755 --- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.routes.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.routes.yaml @@ -13,10 +13,10 @@ upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: - envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-1/0: + envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-1/extproc/0: '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig config: {} - envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-2/0: + envoy.filters.http.ext_proc/envoyextensionpolicy/default/policy-for-route-2/extproc/0: '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig config: {} - match: @@ -27,9 +27,9 @@ upgradeConfigs: - upgradeType: websocket typedPerFilterConfig: - envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/0: + envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/extproc/0: '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig config: {} - envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-2/0: + envoy.filters.http.ext_proc/envoyextensionpolicy/envoy-gateway/policy-for-gateway-2/extproc/0: '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig config: {} From 828edfb1cf320fd56002e29ddc01aa639cf71265 Mon Sep 17 00:00:00 2001 From: sh2 Date: Tue, 2 Jul 2024 01:22:07 +0800 Subject: [PATCH 05/14] chore: move benchmark-test job in build_and_test.yaml (#3692) * add benchmark-test job in build_and_test.yaml Signed-off-by: shawnh2 * fix lint Signed-off-by: shawnh2 * reduce benchmark test duration to boost ci Signed-off-by: shawnh2 --------- Signed-off-by: shawnh2 --- .github/workflows/benchmark.yaml | 56 --------------------------- .github/workflows/build_and_test.yaml | 23 +++++++++++ 2 files changed, 23 insertions(+), 56 deletions(-) delete mode 100644 .github/workflows/benchmark.yaml diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml deleted file mode 100644 index 9f87ca4cbc3..00000000000 --- a/.github/workflows/benchmark.yaml +++ /dev/null @@ -1,56 +0,0 @@ -name: Benchmarking Tests at Scale -on: - pull_request: - branches: - - "main" - - "release/v*" - workflow_dispatch: - inputs: - rps: - description: "The target requests-per-second rate. Default: 10000" - default: '10000' - type: string - required: false - connections: - description: "The maximum allowed number of concurrent connections per event loop. HTTP/1 only. Default: 100." - default: '100' - type: string - required: false - duration: - description: "The number of seconds that the test should run. Default: 90." - default: '90' - type: string - required: false - cpu_limits: - description: "The CPU resource limits for the envoy gateway, in unit 'm'. Default: 1000." - default: '1000' - type: string - required: false - memory_limits: - description: "The memory resource limits for the envoy gateway, in unit 'Mi'. Default: 1024." - default: '1024' - type: string - required: false - -jobs: - benchmark-test: - name: Benchmark Test - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - uses: ./tools/github-actions/setup-deps - - - name: Run Benchmark tests - env: - KIND_NODE_TAG: v1.28.0 - IMAGE_PULL_POLICY: IfNotPresent - BENCHMARK_RPS: ${{ github.event.inputs.rps || 10000 }} - BENCHMARK_CONNECTIONS: ${{ github.event.inputs.connections || 100 }} - BENCHMARK_DURATION: ${{ github.event.inputs.duration || 90 }} - BENCHMARK_CPU_LIMITS: ${{ github.event.inputs.cpu_limits || 1000 }} - BENCHMARK_MEMORY_LIMITS: ${{ github.event.inputs.memory_limits || 2048 }} - run: make benchmark - - - name: Read Benchmark report - run: cat test/benchmark/benchmark_report.md diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 72a03539ad2..f7079180f18 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -135,6 +135,29 @@ jobs: IMAGE_PULL_POLICY: IfNotPresent run: make e2e + benchmark-test: + runs-on: ubuntu-latest + needs: [build] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: ./tools/github-actions/setup-deps + + # Benchmark + - name: Run Benchmark tests + env: + KIND_NODE_TAG: v1.28.9 + IMAGE_PULL_POLICY: IfNotPresent + # Args for benchmark test + BENCHMARK_RPS: 10000 + BENCHMARK_CONNECTIONS: 100 + BENCHMARK_DURATION: 30 + BENCHMARK_CPU_LIMITS: 1000 + BENCHMARK_MEMORY_LIMITS: 2000 + run: make benchmark + + - name: Read Benchmark report + run: cat test/benchmark/benchmark_report.md + publish: runs-on: ubuntu-latest needs: [conformance-test, e2e-test] From 62949fe650caba3bf706de9f9105dc6302dc4985 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:02:30 +0800 Subject: [PATCH 06/14] build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#3723) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.10 to 3.25.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/23acc5c183826b7a8a97bce3cecc52db901f8251...b611370bb5703a7efb587f9d136a52ea24c5c38c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5035275d134..da76ee7aea0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,14 +36,14 @@ jobs: - uses: ./tools/github-actions/setup-deps - name: Initialize CodeQL - uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index fe20eff3c14..03b7272a1da 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,6 +40,6 @@ jobs: retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: results.sarif From da06a68a60406be8974af5fa5d96758b35c8c32b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:02:54 +0800 Subject: [PATCH 07/14] build(deps): bump google/osv-scanner-action from 1.7.4 to 1.8.1 (#3721) Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.7.4 to 1.8.1. - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](https://github.com/google/osv-scanner-action/compare/ba0b4d196d231340e0ae94ae00933c8be0984192...3c399db9dd6dd8106a27d280d53c55077d3f7cea) --- updated-dependencies: - dependency-name: google/osv-scanner-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/license-scan.yml | 2 +- .github/workflows/osv-scanner.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml index b90f3a0533e..d4ecceec165 100644 --- a/.github/workflows/license-scan.yml +++ b/.github/workflows/license-scan.yml @@ -18,7 +18,7 @@ jobs: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run scanner - uses: google/osv-scanner-action/osv-scanner-action@ba0b4d196d231340e0ae94ae00933c8be0984192 # v1.7.4 + uses: google/osv-scanner-action/osv-scanner-action@3c399db9dd6dd8106a27d280d53c55077d3f7cea # v1.8.1 with: scan-args: |- --skip-git diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index cfee87bd56c..63f546be8c2 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -16,7 +16,7 @@ on: jobs: scan-scheduled: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@ba0b4d196d231340e0ae94ae00933c8be0984192" # v1.7.4 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@3c399db9dd6dd8106a27d280d53c55077d3f7cea" # v1.8.1 permissions: actions: read contents: read @@ -24,7 +24,7 @@ jobs: security-events: write scan-pr: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@ba0b4d196d231340e0ae94ae00933c8be0984192" # v1.7.4 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@3c399db9dd6dd8106a27d280d53c55077d3f7cea" # v1.8.1 permissions: actions: read contents: read From 3ff61567df5cf5b4737e001efe824e253cf90380 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:03:20 +0800 Subject: [PATCH 08/14] build(deps): bump github.com/docker/cli from 26.1.3+incompatible to 27.0.2+incompatible (#3718) build(deps): bump github.com/docker/cli Bumps [github.com/docker/cli](https://github.com/docker/cli) from 26.1.3+incompatible to 27.0.2+incompatible. - [Commits](https://github.com/docker/cli/compare/v26.1.3...v27.0.2) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b65d907503d..92a7d4caff3 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/cncf/xds/go v0.0.0-20240423153145-555b57ec207b github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc - github.com/docker/cli v26.1.3+incompatible + github.com/docker/cli v27.0.2+incompatible github.com/dominikbraun/graph v0.23.0 github.com/envoyproxy/go-control-plane v0.12.1-0.20240612043845-c54ec4ce422d github.com/envoyproxy/ratelimit v1.4.1-0.20230427142404-e2a87f41d3a7 diff --git a/go.sum b/go.sum index 8bc7d41c370..17486ee7495 100644 --- a/go.sum +++ b/go.sum @@ -150,8 +150,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v26.1.3+incompatible h1:bUpXT/N0kDE3VUHI2r5VMsYQgi38kYuoC0oL9yt3lqc= -github.com/docker/cli v26.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.0.2+incompatible h1:IgWU3lWqAYNibtcxgl/PY4TB0eCmK1ZpNUZVJfenDQs= +github.com/docker/cli v27.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= From a2a8d9fc6a9c0d85cdc1cfa0f39dddfcdfb87b92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:03:56 +0800 Subject: [PATCH 09/14] build(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (#3720) build(deps): bump github.com/google/go-containerregistry Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.1 to 0.19.2. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 92a7d4caff3..2d52091e017 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/golang/protobuf v1.5.4 github.com/google/cel-go v0.20.1 github.com/google/go-cmp v0.6.0 - github.com/google/go-containerregistry v0.19.1 + github.com/google/go-containerregistry v0.19.2 github.com/grafana/tempo v1.5.0 github.com/hashicorp/go-multierror v1.1.1 github.com/miekg/dns v1.1.61 diff --git a/go.sum b/go.sum index 17486ee7495..ff347aaf182 100644 --- a/go.sum +++ b/go.sum @@ -335,8 +335,8 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= -github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= +github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= From ba469e7ada3ccdc0e81a63a0bf0d4bc9676db128 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:04:23 +0800 Subject: [PATCH 10/14] build(deps): bump github.com/docker/docker from 26.1.3+incompatible to 27.0.2+incompatible (#3719) build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.3+incompatible to 27.0.2+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.3...v27.0.2) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2d52091e017..eac471feac3 100644 --- a/go.mod +++ b/go.mod @@ -62,7 +62,7 @@ require ( sigs.k8s.io/yaml v1.4.0 ) -require github.com/docker/docker v26.1.3+incompatible +require github.com/docker/docker v27.0.2+incompatible require ( cel.dev/expr v0.15.0 // indirect diff --git a/go.sum b/go.sum index ff347aaf182..3b8f46b48c4 100644 --- a/go.sum +++ b/go.sum @@ -155,8 +155,8 @@ github.com/docker/cli v27.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvM github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo= -github.com/docker/docker v26.1.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.0.2+incompatible h1:mNhCtgXNV1fIRns102grG7rdzIsGGCq1OlOD0KunZos= +github.com/docker/docker v27.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= From 4cab40a82df76d8cfcd749c2a0dfeff3f874e2ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:04:44 +0800 Subject: [PATCH 11/14] build(deps): bump github.com/prometheus/common from 0.54.0 to 0.55.0 (#3717) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.54.0 to 0.55.0. - [Release notes](https://github.com/prometheus/common/releases) - [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md) - [Commits](https://github.com/prometheus/common/compare/v0.54.0...v0.55.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index eac471feac3..267477eed61 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/hashicorp/go-multierror v1.1.1 github.com/miekg/dns v1.1.61 github.com/prometheus/client_golang v1.19.1 - github.com/prometheus/common v0.54.0 + github.com/prometheus/common v0.55.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 3b8f46b48c4..723e1d97205 100644 --- a/go.sum +++ b/go.sum @@ -574,8 +574,8 @@ github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7q github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= -github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= From 9a2a7f607e1db52d7aa22daa4c22749cadbf3a91 Mon Sep 17 00:00:00 2001 From: Kensei Nakada Date: Tue, 2 Jul 2024 09:05:55 +0900 Subject: [PATCH 12/14] docs: Modify prerequisite go version (#3711) Modify prerequisite go version Signed-off-by: Kensei Nakada --- site/content/en/contributions/DEVELOP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/en/contributions/DEVELOP.md b/site/content/en/contributions/DEVELOP.md index 5006f04d995..c9c4cbb2475 100644 --- a/site/content/en/contributions/DEVELOP.md +++ b/site/content/en/contributions/DEVELOP.md @@ -10,7 +10,7 @@ Envoy Gateway is built using a [make][]-based build system. Our CI is based on [ ### go -* Version: 1.20 +* Version: 1.22 * Installation Guide: https://go.dev/doc/install ### make From d8f3d77f9bddda189240fbf7fc858634e90dc7bc Mon Sep 17 00:00:00 2001 From: zirain Date: Tue, 2 Jul 2024 09:43:46 +0800 Subject: [PATCH 13/14] docs: install with brew (#3714) Signed-off-by: zirain --- .../en/latest/install/install-egctl.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/site/content/en/latest/install/install-egctl.md b/site/content/en/latest/install/install-egctl.md index 136d54c15cc..cbd82385740 100644 --- a/site/content/en/latest/install/install-egctl.md +++ b/site/content/en/latest/install/install-egctl.md @@ -16,7 +16,8 @@ This task shows how to install the egctl CLI. egctl can be installed either from The Envoy Gateway project provides two ways to fetch and install egctl. These are the official methods to get egctl releases. Installation through those methods can be found below the official methods. -### From the Binary Releases +{{< tabpane text=true >}} +{{% tab header="From the Binary Releases" %}} Every [release](https://github.com/envoyproxy/gateway/releases) of egctl provides binary releases for a variety of OSes. These binary versions can be manually downloaded and installed. @@ -26,7 +27,8 @@ Every [release](https://github.com/envoyproxy/gateway/releases) of egctl provide From there, you should be able to run: `egctl help`. -### From Script +{{% /tab %}} +{{% tab header="From Script" %}} `egctl` now has an installer script that will automatically grab the latest release version of egctl and install it locally. @@ -50,6 +52,19 @@ Yes, you can just use the below command if you want to live on the edge. curl -fsSL https://gateway.envoyproxy.io/get-egctl.sh | VERSION=latest bash ``` +{{% /tab %}} + +{{% tab header="From Homebrew" %}} + +You can also install egctl using homebrew: + +```shell +brew install egctl +``` + +{{% /tab %}} +{{< /tabpane >}} + {{% alert title="Next Steps" color="warning" %}} You can refer to the [Use egctl task](../tasks/operations/egctl) for more details about egctl. From ec9945adc29158c114de2994f43af4fd48bc87a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 20:00:59 -0700 Subject: [PATCH 14/14] build(deps): bump github.com/docker/docker from 26.1.3+incompatible to 27.0.3+incompatible (#3726) build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.3+incompatible to 27.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.3...v27.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 267477eed61..2b8dd1cd2d3 100644 --- a/go.mod +++ b/go.mod @@ -62,7 +62,7 @@ require ( sigs.k8s.io/yaml v1.4.0 ) -require github.com/docker/docker v27.0.2+incompatible +require github.com/docker/docker v27.0.3+incompatible require ( cel.dev/expr v0.15.0 // indirect diff --git a/go.sum b/go.sum index 723e1d97205..93f0e887a4f 100644 --- a/go.sum +++ b/go.sum @@ -155,8 +155,8 @@ github.com/docker/cli v27.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvM github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v27.0.2+incompatible h1:mNhCtgXNV1fIRns102grG7rdzIsGGCq1OlOD0KunZos= -github.com/docker/docker v27.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.0.3+incompatible h1:aBGI9TeQ4MPlhquTQKq9XbK79rKFVwXNUAYz9aXyEBE= +github.com/docker/docker v27.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=