Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into dependabot/cargo/uu…
Browse files Browse the repository at this point in the history 
…id-1.15.1
  • Loading branch information
@pront
pront committed Mar 5, 2025
2 parents 9958d97 + cba85ca commit 226ee18
Show file tree
Hide file tree
Showing 31 changed files with 246 additions and 311 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build_preview_sites.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
- completed

permissions:
actions: read
issues: write
pull-requests: write
statuses: write
Expand Down
275 changes: 150 additions & 125 deletions .github/workflows/create_preview_sites.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,134 +26,159 @@ permissions:
issues: write
pull-requests: write
statuses: write
actions: read

jobs:
create_preview_site:
runs-on: ubuntu-24.04
timeout-minutes: 5
steps:

# Get the artifacts with the PR number and branch name
- name: Download artifact
uses: actions/github-script@v7.0.1
with:
script: |
const fs = require('fs');
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.runId,
});
const matchArtifact = artifacts.data.artifacts.filter(artifact => artifact.name == "pr")[0];
const download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
fs.writeFileSync('${{ github.workspace }}/pr.zip', Buffer.from(download.data));
# Extract the info from the artifact and set variables
- name: Extract PR info from artifact
uses: actions/github-script@v7.0.1
with:
script: |
const fs = require('fs');
const { execSync } = require('child_process');
const path = require('path');
const core = require('@actions/core');
execSync('unzip pr.zip -d pr');
const branchName = fs.readFileSync(path.join('pr', 'branch'), 'utf8').trim();
const prNumber = fs.readFileSync(path.join('pr', 'number'), 'utf8').trim();
const integrity = fs.readFileSync(path.join('pr', 'integrity'), 'utf8').trim();
// Validate branch name again (only allow alphanumeric, dash, and underscore)
const branchNameRegex = /^[a-zA-Z0-9_\-]+$/;
if (!branchNameRegex.test(branchName)) {
core.setFailed(`Invalid branch name detected: ${branchName}`);
return;
}
const sanitizedBranchName = branchName.replace(/[\/\.]/g, '-');
core.exportVariable('SANITIZED_BRANCH_NAME', sanitizedBranchName);
core.exportVariable('BRANCH_NAME', branchName);
core.exportVariable('PR_NUMBER', prNumber);
core.exportVariable('INTEGRITY', integrity);
# Validate the integrity of the artifact
- name: Validate Artifact Integrity
uses: actions/github-script@v7.0.1
with:
script: |
const crypto = require('crypto');
const core = require('@actions/core');
const prNumber = process.env.PR_NUMBER;
const branchName = process.env.BRANCH_NAME;
const integrity = process.env.INTEGRITY;
const numberHash = crypto.createHash('sha256').update(prNumber).digest('hex');
const branchHash = crypto.createHash('sha256').update(branchName).digest('hex');
const expectedIntegrity = `${numberHash}:${branchHash}`;
if (expectedIntegrity !== integrity) {
core.setFailed('Artifact integrity validation failed');
}
# Kick off the job in amplify
- name: Deploy Site
uses: actions/github-script@v7.0.1
with:
script: |
const crypto = require('crypto');
const fetch = require('node-fetch');
const core = require('@actions/core');
const appId = core.getInput('APP_ID');
const appName = core.getInput('APP_NAME');
const requestToken = core.getSecret('REQUEST_TOKEN');
const requestMessage = core.getSecret('REQUEST_MESSAGE');
const endpoint = core.getSecret('ENDPOINT');
const sanitizedBranchName = process.env.SANITIZED_BRANCH_NAME;
const hmacKey = crypto.createHmac('sha256', requestToken).update(requestMessage).digest('hex');
const signature = `sha256=${hmacKey}`;
const response = await fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Hub-Signature': signature,
},
body: JSON.stringify({
app_id: appId,
branch_name: sanitizedBranchName,
}),
});
if (!response.ok) {
core.setFailed(`Request failed with response code ${response.status}`);
}
# Add preview link to comment if all 3 sites successfully start
- name: Comment Preview Link
if: success()
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APP_ID: ${{ inputs.APP_ID }}
APP_NAME: ${{ inputs.APP_NAME }}
uses: actions/github-script@v7.0.1
with:
script: |
const fs = require('fs');
const prNumber = fs.readFileSync('./pr/number', 'utf8');
const issueNumber = parseInt(prNumber);
const { APP_ID, APP_NAME, SANITIZED_BRANCH_NAME } = process.env;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
body: `Your preview site for the **${APP_NAME}** will be ready in a few minutes, please allow time for it to build. \n \n Heres your preview link: \n [${APP_NAME} preview](https://${SANITIZED_BRANCH_NAME}.${APP_ID}.amplifyapp.com)`
});
# Get the artifacts with the PR number and branch name
- name: Download artifact
uses: actions/github-script@v7.0.1
with:
script: |
const fs = require('fs');
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
const matchArtifact = artifacts.data.artifacts.filter(artifact => artifact.name == "pr")[0];
const download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
fs.writeFileSync('${{ github.workspace }}/pr.zip', Buffer.from(download.data));
# Extract the info from the artifact and set variables
- name: Extract PR info from artifact
uses: actions/github-script@v7.0.1
with:
script: |
const fs = require('fs');
const { execSync } = require('child_process');
const path = require('path');
execSync('unzip pr.zip -d pr');
const branchName = fs.readFileSync(path.join('pr', 'branch'), 'utf8').trim();
const prNumber = fs.readFileSync(path.join('pr', 'number'), 'utf8').trim();
const integrity = fs.readFileSync(path.join('pr', 'integrity'), 'utf8').trim();
// Validate branch name again (only allow alphanumeric, dash, and underscore)
const branchNameRegex = /^[a-zA-Z0-9_\-]+$/;
if (!branchNameRegex.test(branchName)) {
core.setFailed(`Invalid branch name detected: ${branchName}`);
return;
}
const sanitizedBranchName = branchName.replace(/[\/\.]/g, '-');
core.exportVariable('SANITIZED_BRANCH_NAME', sanitizedBranchName);
core.exportVariable('BRANCH_NAME', branchName);
core.exportVariable('PR_NUMBER', prNumber);
core.exportVariable('INTEGRITY', integrity);
# Validate the integrity of the artifact
- name: Validate Artifact Integrity
uses: actions/github-script@v7.0.1
with:
script: |
const crypto = require('crypto');
const prNumber = process.env.PR_NUMBER;
const branchName = process.env.BRANCH_NAME;
const integrity = process.env.INTEGRITY;
const numberHash = crypto.createHash('sha256').update(prNumber).digest('hex');
const branchHash = crypto.createHash('sha256').update(branchName).digest('hex');
const expectedIntegrity = `${numberHash}:${branchHash}`;
if (expectedIntegrity !== integrity) {
core.setFailed('Artifact integrity validation failed');
}
# Kick off the job in amplify
- name: Deploy Site
uses: actions/github-script@v7.0.1
env:
APP_ID: ${{ inputs.APP_ID }}
APP_NAME: ${{ inputs.APP_NAME }}
REQUEST_TOKEN: ${{ secrets.REQUEST_TOKEN }}
REQUEST_MESSAGE: ${{ secrets.REQUEST_MESSAGE }}
ENDPOINT: ${{ secrets.ENDPOINT }}
with:
script: |
const crypto = require('crypto');
const https = require('https');
// Access secrets through environment variables
const appId = process.env.APP_ID;
const appName = process.env.APP_NAME;
const requestToken = process.env.REQUEST_TOKEN;
const requestMessage = process.env.REQUEST_MESSAGE;
const endpoint = process.env.ENDPOINT;
const sanitizedBranchName = process.env.SANITIZED_BRANCH_NAME;
const hmacKey = crypto.createHmac('sha256', requestToken).update(requestMessage).digest('hex');
const signature = `sha256=${hmacKey}`;
const makeRequest = () => {
return new Promise((resolve, reject) => {
const options = {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Hub-Signature': signature,
}
};
const req = https.request(endpoint, options, (res) => {
let data = '';
res.on('data', (chunk) => { data += chunk; });
res.on('end', () => {
resolve({ ok: res.statusCode >= 200 && res.statusCode < 300, status: res.statusCode });
});
});
req.on('error', (error) => {
reject(error);
});
req.write(JSON.stringify({
app_id: appId,
branch_name: sanitizedBranchName,
}));
req.end();
});
};
const response = await makeRequest();
if (!response.ok) {
core.setFailed(`Request failed with response code ${response.status}`);
}
# Add preview link to comment if all 3 sites successfully start
- name: Comment Preview Link
if: success()
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APP_ID: ${{ inputs.APP_ID }}
APP_NAME: ${{ inputs.APP_NAME }}
uses: actions/github-script@v7.0.1
with:
script: |
const fs = require('fs');
const prNumber = fs.readFileSync('./pr/number', 'utf8');
const issueNumber = parseInt(prNumber);
const { APP_ID, APP_NAME, SANITIZED_BRANCH_NAME } = process.env;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
body: `Your preview site for the **${APP_NAME}** will be ready in a few minutes, please allow time for it to build. \n \n Heres your preview link: \n [${APP_NAME} preview](https://${SANITIZED_BRANCH_NAME}.${APP_ID}.amplifyapp.com)`
});
8 changes: 4 additions & 4 deletions .github/workflows/environment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,9 @@ jobs:
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3.4.0
uses: docker/setup-qemu-action@v3.6.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.9.0
uses: docker/setup-buildx-action@v3.10.0
- name: Login to DockerHub
uses: docker/login-action@v3
if: github.ref == 'refs/heads/master'
Expand All @@ -50,7 +50,7 @@ jobs:
password: ${{ secrets.CI_DOCKER_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
with:
images: timberio/vector-dev
flavor: |
Expand All @@ -62,7 +62,7 @@ jobs:
org.opencontainers.image.title=Vector development environment
org.opencontainers.image.url=https://github.com/vectordotdev/vector
- name: Build and push
uses: docker/build-push-action@v6.13.0
uses: docker/build-push-action@v6.15.0
with:
context: .
file: ./scripts/environment/Dockerfile
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/k8s_e2e.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ jobs:
- run: sudo -E bash scripts/ci-free-disk-space.sh
- run: sudo -E bash scripts/environment/bootstrap-ubuntu-24.04.sh
- run: bash scripts/environment/prepare.sh
- run: ~/.cargo/bin/rustup target add x86_64-unknown-linux-gnu
- run: echo "::add-matcher::.github/matchers/rust.json"
- run: VECTOR_VERSION="$(cargo vdev version)" make package-deb-x86_64-unknown-linux-gnu

Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/msrv.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,8 @@ jobs:
steps:
- uses: actions/checkout@v4
- run: sudo -E bash scripts/environment/bootstrap-ubuntu-24.04.sh
- run: |
# We usually run `scripts/environment/prepare.sh` but in this case we only need the toolchain.
rustup show active-toolchain || rustup toolchain install
- run: cargo install cargo-msrv --version 0.15.1
- run: cargo msrv verify
10 changes: 7 additions & 3 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,11 @@ jobs:
with:
ref: ${{ inputs.git_ref }}
- name: Bootstrap runner environment (macOS-specific)
run: bash scripts/environment/bootstrap-macos.sh
run: |
bash scripts/environment/bootstrap-macos.sh
# We usually run `scripts/environment/prepare.sh` but in this case we only need the toolchain.
rustup show active-toolchain || rustup toolchain install
rustup show
- name: Build Vector
env:
TARGET: "${{ matrix.architecture }}-apple-darwin"
Expand Down Expand Up @@ -519,12 +523,12 @@ jobs:
username: ${{ secrets.CI_DOCKER_USERNAME }}
password: ${{ secrets.CI_DOCKER_PASSWORD }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.4.0
uses: docker/setup-qemu-action@v3.6.0
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3.9.0
uses: docker/setup-buildx-action@v3.10.0
with:
version: latest
install: true
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/regression.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,10 +201,10 @@ jobs:

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3.9.0
uses: docker/setup-buildx-action@v3.10.0

- name: Build 'vector' target image
uses: docker/build-push-action@v6.13.0
uses: docker/build-push-action@v6.15.0
with:
context: baseline-vector/
cache-from: type=gha
Expand Down Expand Up @@ -240,10 +240,10 @@ jobs:

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3.9.0
uses: docker/setup-buildx-action@v3.10.0

- name: Build 'vector' target image
uses: docker/build-push-action@v6.13.0
uses: docker/build-push-action@v6.15.0
with:
context: comparison-vector/
cache-from: type=gha
Expand Down
Loading

0 comments on commit 226ee18

Please sign in to comment.