Merge remote-tracking branch 'upstream/main' into max-headers-runtime

envoyproxy · Oct 4, 2024 · b0cf6b9 · b0cf6b9
2 parents 76011c4 + 505f125
commit b0cf6b9
Show file tree

Hide file tree

Showing 124 changed files with 2,582 additions and 599 deletions.
diff --git a/.bazelrc b/.bazelrc
@@ -91,7 +91,7 @@ build:clang-pch --spawn_strategy=local
 build:clang-pch --define=ENVOY_CLANG_PCH=1
 
 # Use gold linker for gcc compiler.
-build:gcc --linkopt=-fuse-ld=gold
+build:gcc --linkopt=-fuse-ld=gold --host_linkopt=-fuse-ld=gold
 build:gcc --test_env=HEAPCHECK=
 build:gcc --action_env=BAZEL_COMPILER=gcc
 build:gcc --action_env=CC=gcc --action_env=CXX=g++

diff --git a/.github/workflows/_cache.yml b/.github/workflows/_cache.yml
@@ -48,29 +48,29 @@ jobs:
   docker:
     runs-on: ${{ inputs.runs-on || 'ubuntu-24.04' }}
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
       id: appauth
       name: Appauth (mutex lock)
       with:
         app_id: ${{ secrets.app-id }}
         key: ${{ secrets.app-key }}
-    - uses: envoyproxy/toolshed/gh-actions/docker/cache/prime@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/docker/cache/prime@actions-v0.2.36
       id: docker
       name: Prime Docker cache (${{ inputs.image-tag }}${{ inputs.cache-suffix }})
       with:
         image-tag: ${{ inputs.image-tag }}
         key-suffix: ${{ inputs.cache-suffix }}
         lock-token: ${{ steps.appauth.outputs.token }}
         lock-repository: ${{ inputs.lock-repository }}
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       id: data
       name: Cache data
       with:
         input-format: yaml
         input: |
           cached: ${{ steps.docker.outputs.cached }}
           key: ${{ inputs.image-tag }}${{ inputs.cache-suffix }}
-    - uses: envoyproxy/toolshed/gh-actions/json/table@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/json/table@actions-v0.2.36
       name: Summary
       with:
         json: ${{ steps.data.outputs.value }}

diff --git a/.github/workflows/_check_coverage.yml b/.github/workflows/_check_coverage.yml
@@ -34,13 +34,20 @@ jobs:
       # bazel-extra: '--config=remote-envoy-engflow'
       cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
       concurrency-suffix: -${{ matrix.target }}
+      diskspace-hack: ${{ matrix.diskspace-hack || false }}
       error-match: |
         ERROR
         error:
         Error:
         lower than limit
       rbe: true
       request: ${{ inputs.request }}
+      steps-post: |
+        - run: ci/run_envoy_docker.sh 'ci/do_ci.sh ${{ matrix.target }}-upload'
+          shell: bash
+          env:
+            GCS_ARTIFACT_BUCKET: ${{ inputs.trusted && 'envoy-postsubmit' || 'envoy-pr' }}
+            GCS_REDIRECT_PATH: ${{ fromJSON(inputs.request).request.pr || fromJSON(inputs.request).request.target-branch }}
       target: ${{ matrix.target }}
       timeout-minutes: 180
       trusted: ${{ inputs.trusted }}
@@ -50,5 +57,6 @@ jobs:
         include:
         - target: coverage
           name: Coverage
+          diskspace-hack: true
         - target: fuzz_coverage
           name: Fuzz coverage
diff --git a/.github/workflows/_finish.yml b/.github/workflows/_finish.yml
@@ -36,7 +36,7 @@ jobs:
       actions: read
       contents: read
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       name: Incoming data
       id: needs
       with:
@@ -87,21 +87,21 @@ jobs:
                    summary: "Check has finished",
                    text: $text}}}}
 
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       name: Print summary
       with:
         input: ${{ toJSON(steps.needs.outputs.value).summary-title }}
         filter: |
           "## \(.)"
         options: -Rr
         output-path: GITHUB_STEP_SUMMARY
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
       name: Appauth
       id: appauth
       with:
         app_id: ${{ secrets.app-id }}
         key: ${{ secrets.app-key }}
-    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.36
       name: Update check
       with:
         action: update

diff --git a/.github/workflows/_load.yml b/.github/workflows/_load.yml
@@ -107,7 +107,7 @@ jobs:
     # Handle any failure in triggering job
     # Remove any `checks` we dont care about
     # Prepare a check request
-    - uses: envoyproxy/toolshed/gh-actions/github/env/load@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/github/env/load@actions-v0.2.36
       name: Load env
       id: data
       with:
@@ -118,21 +118,21 @@ jobs:
         GH_TOKEN: ${{ github.token }}
 
     #  Update the check
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
       name: Appauth
       id: appauth
       with:
         app_id: ${{ secrets.app-id }}
         key: ${{ secrets.app-key }}
-    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.36
       name: Update check
       if: ${{ fromJSON(steps.data.outputs.data).data.check.action == 'RUN' }}
       with:
         action: update
         checks: ${{ toJSON(fromJSON(steps.data.outputs.data).checks) }}
         token: ${{ steps.appauth.outputs.token }}
 
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       name: Print request summary
       with:
         input: |
@@ -152,7 +152,7 @@ jobs:
           | $summary.summary as $summary
           | "${{ inputs.template-request-summary }}"
 
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       id: request-output
       name: Load request
       with:

diff --git a/.github/workflows/_load_env.yml b/.github/workflows/_load_env.yml
@@ -63,18 +63,18 @@ jobs:
       request: ${{ steps.env.outputs.data }}
       trusted: true
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       id: started
       name: Create timestamp
       with:
         options: -r
         filter: |
           now
-    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.36
       id: checkout
       name: Checkout Envoy repository
     - name: Generate environment variables
-      uses: envoyproxy/toolshed/gh-actions/envoy/ci/env@actions-v0.2.35
+      uses: envoyproxy/toolshed/gh-actions/envoy/ci/env@actions-v0.2.36
       id: env
       with:
         branch-name: ${{ inputs.branch-name }}
@@ -86,7 +86,7 @@ jobs:
 
     - name: Request summary
       id: summary
-      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.35
+      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.36
       with:
         actor: ${{ toJSON(fromJSON(steps.env.outputs.data).request.actor) }}
         base-sha: ${{ fromJSON(steps.env.outputs.data).request.base-sha }}

diff --git a/.github/workflows/_precheck_publish.yml b/.github/workflows/_precheck_publish.yml
@@ -5,6 +5,9 @@ permissions:
 
 on:
   workflow_call:
+    secrets:
+      gcp-key:
+        required: true
     inputs:
       request:
         type: string
@@ -20,6 +23,8 @@ concurrency:
 
 jobs:
   publish:
+    secrets:
+      gcp-key: ${{ secrets.gcp-key }}
     permissions:
       contents: read
       packages: read
@@ -30,6 +35,7 @@ jobs:
       cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
       cache-build-image-key-suffix: ${{ matrix.arch == 'arm64' && '-arm64' || '' }}
       concurrency-suffix: -${{ matrix.target }}${{ matrix.arch && format('-{0}', matrix.arch) || '' }}
+      gcs-only: "true"
       rbe: ${{ matrix.rbe }}
       request: ${{ inputs.request }}
       runs-on: ${{ matrix.runs-on || 'ubuntu-24.04' }}
@@ -38,18 +44,22 @@ jobs:
         ERROR
         error:
         Error:
+      steps-post: ${{ matrix.steps-post }}
       target: ${{ matrix.target }}
+      target-suffix: ${{ matrix.target-suffix }}
       trusted: ${{ inputs.trusted }}
     strategy:
       fail-fast: false
       matrix:
         include:
         - target: release.test_only
           name: Release (x64)
+          target-suffix: x64
           arch: x64
           rbe: true
         - target: release.test_only
           name: Release (arm64)
+          target-suffix: arm64
           arch: arm64
           bazel-extra: >-
             --config=common-envoy-engflow
@@ -64,3 +74,9 @@ jobs:
             --config=remote-envoy-engflow
             --config=docs-ci
           rbe: true
+          steps-post: |
+            - run: ci/run_envoy_docker.sh 'ci/do_ci.sh docs-upload'
+              shell: bash
+              env:
+                GCS_ARTIFACT_BUCKET: ${{ inputs.trusted && 'envoy-postsubmit' || 'envoy-pr' }}
+                GCS_REDIRECT_PATH: ${{ fromJSON(inputs.request).request.pr || fromJSON(inputs.request).request.target-branch }}
diff --git a/.github/workflows/_publish_build.yml b/.github/workflows/_publish_build.yml
@@ -41,6 +41,7 @@ jobs:
     with:
       bazel-extra: ${{ matrix.bazel-extra }}
       target: ${{ matrix.target }}
+      target-suffix: ${{ matrix.arch }}
       cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
       cache-build-image-key-suffix: ${{ matrix.arch == 'arm64' && format('-{0}', matrix.arch) || '' }}
       concurrency-suffix: -${{ matrix.arch }}
@@ -91,6 +92,7 @@ jobs:
       downloads: |
         release.${{ matrix.arch }}: release/${{ matrix.arch }}/bin/
       target: ${{ matrix.target }}
+      target-suffix: ${{ matrix.arch }}
       cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
       cache-build-image-key-suffix: ${{ matrix.cache-build-image-key-suffix }}
       concurrency-suffix: -${{ matrix.arch }}

diff --git a/.github/workflows/_publish_publish.yml b/.github/workflows/_publish_publish.yml
@@ -71,12 +71,12 @@ jobs:
     needs:
     - publish
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
       id: appauth
       with:
         app_id: ${{ secrets.ENVOY_CI_SYNC_APP_ID }}
         key: ${{ secrets.ENVOY_CI_SYNC_APP_KEY }}
-    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.2.36
       with:
         ref: main
         repository: ${{ fromJSON(inputs.request).request.version.dev && 'envoyproxy/envoy-website' || 'envoyproxy/archive' }}

diff --git a/.github/workflows/_publish_verify.yml b/.github/workflows/_publish_verify.yml
@@ -99,10 +99,11 @@ jobs:
         export NO_BUILD_SETUP=1
         export ENVOY_DOCKER_IN_DOCKER=1
       target: ${{ matrix.target }}
+      target-suffix: ${{ matrix.arch }}
       trusted: ${{ inputs.trusted }}
       steps-pre: |
         - run: |
-            echo ARCH=${{ matrix.arch || 'x64' }} >> $GITHUB_ENV
+            echo ARCH=${{ matrix.arch }} >> $GITHUB_ENV
             echo DEB_ARCH=${{ matrix.arch == 'arm64' && 'arm64' || 'amd64' }} >> $GITHUB_ENV
           shell: bash
         - run: |
@@ -124,6 +125,7 @@ jobs:
 
         - name: verify_distro_x64
           target: verify_distro
+          arch: x64
           rbe: true
 
         - name: verify_distro_arm64

diff --git a/.github/workflows/_request.yml b/.github/workflows/_request.yml
@@ -40,14 +40,14 @@ jobs:
       env: ${{ steps.data.outputs.value }}
       config: ${{ steps.config.outputs.config }}
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       id: started
       name: Create timestamp
       with:
         options: -r
         filter: |
           now
-    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.35
+    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.36
       id: checkout
       name: Checkout Envoy repository
       with:
@@ -60,7 +60,7 @@ jobs:
     # *ALL* variables collected should be treated as untrusted and should be sanitized before
     # use
     - name: Generate environment variables from commit
-      uses: envoyproxy/toolshed/gh-actions/envoy/ci/request@actions-v0.2.35
+      uses: envoyproxy/toolshed/gh-actions/envoy/ci/request@actions-v0.2.36
       id: env
       with:
         branch-name: ${{ steps.checkout.outputs.branch-name }}
@@ -71,7 +71,7 @@ jobs:
         vars: ${{ toJSON(vars) }}
     - name: Request summary
       id: summary
-      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.35
+      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.36
       with:
         actor: ${{ toJSON(fromJSON(steps.env.outputs.data).request.actor) }}
         base-sha: ${{ fromJSON(steps.env.outputs.data).request.base-sha }}
@@ -87,7 +87,7 @@ jobs:
         target-branch: ${{ fromJSON(steps.env.outputs.data).request.target-branch }}
 
     - name: Environment data
-      uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.35
+      uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
       id: data
       with:
         input: |