Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of build: Create arm64 packages as well into release/1.4.x #3647

Merged
merged 1 commit into from
Feb 16, 2024
Merged

Backport of build: Create arm64 packages as well into release/1.4.x #3647

merged 1 commit into from
Feb 16, 2024

Conversation

hc-github-team-consul-core
Copy link

Backport

This PR is auto-generated from #3428 to be assessed for backporting due to the inclusion of the label backport/1.4.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@david-yu
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: unable to process merge commit: "b791475499da047f8ec9f5f8fde7aa8e12989dd9", automatic backport requires rebase workflow

The below text is copied from the body of the original PR.

Changes proposed in this PR

During the CRT on-boarding, packaging for other Linux architectures (arm64) was
not enabled. This change adds packaging support for those architectures. I've
specifically opted not to include 32-bit.

Other related updates:

  • To make future support a bit easier, I've enabled the build workflow from
    releng prefixed branches.
  • Using qemu emulation for testing package installs on other architectures,
    thus allowing us to validate the binaries work as intended
  • Minor alteration to the package install tests to use yum instead of rpm

Note: I tried to add 386/arm packages but pivoted away. There's something suspicious with the 386 binary specifically (see comments). Since usage of that architecture is low, I punted.

How I've tested this PR

Please note, these packages have not been extensively tested on their respective platforms. I did update the pipeline to run the smoke test (consul version) against the arm64 packages in an arm64 user-space. So I think it's in a good place.

How I expect reviewers to test this PR

Download builds and test in the same manner existing binaries are tested. Docker containers would be sufficient.

Checklist

Related

See #1132.
Related to hashicorp/releng-support#178.

Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/releng/package-additional-linux-architectures/mentally-nearby-swan branch from da0b358 to 55942cc Compare February 16, 2024 23:20
@david-yu david-yu marked this pull request as ready for review February 16, 2024 23:28
@david-yu david-yu self-requested a review February 16, 2024 23:29
@david-yu david-yu enabled auto-merge (squash) February 16, 2024 23:30
@david-yu david-yu merged commit 6bb81d4 into release/1.4.x Feb 16, 2024
23 of 47 checks passed
@david-yu david-yu deleted the backport/releng/package-additional-linux-architectures/mentally-nearby-swan branch February 16, 2024 23:43
zalimeni added a commit that referenced this pull request Feb 28, 2024
@zalimeni @hc-github-team-consul-core
@dekimsey @NicoletaPopoviciu
Sync release/1.4.x and release/1.4.0 for 1.4.0 GA release (#3694)
573bb90 
* Backport of [NET-5932] chore: remove comment from closed ticket into release/1.4.x (#3637)

backport of commit a95e951

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of build: Create arm64 packages as well into release/1.4.x (#3647)

backport of commit affc631

Co-authored-by: Daniel Kimsey <90741+dekimsey@users.noreply.github.com>

* Backport of [NET-2420] security: Upgrade helm containerd and several other dependencies into release/1.4.x (#3641)

* security: upgrade helm/v3 to 3.11.3

Addresses multiple CVEs:
- CVE-2023-25165
- CVE-2022-23524
- CVE-2022-23526
- CVE-2022-23525

* chore: upgrade k8s dependencies to match controller-runtime

* security: upgrade containerd to latest

Addresses GHSA-7ww5-4wqc-m92c (GO-2023-2412)

* security: upgrade docker/docker to latest

Addresses GHSA-jq35-85cj-fj4p

* security: upgrade docker/distribution to latest

Addresses CVE-2023-2253

* security: upgrade filepath-securejoin to latest patch

Addresses GHSA-6xv5-86q9-7xr8 (GO-2023-2048)

* chore: upgrade oras-go to fix docker incompatibility

* Add changelog

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of values.yaml - tlsServerName docs into release/1.4.x (#3667)

* backport of commit 1598b40

* backport of commit 41dabc4

---------

Co-authored-by: David Yu <dyu@hashicorp.com>

* Backport of [NET-2420] security: re-enable security scan release block into release/1.4.x (#3651)

* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

Also add security scans on PR and merge to protected branches to allow
proactive triage going forward.

See hashicorp/consul#19978 for similar change in that repo, adapted
here.

* security: add scan triage for CVE-2024-25620 (helm/v3)

Triage this scan result as `consul-k8s` should not be directly
impacted and it is medium severity. Follow-up ticket filed for
remediation.

Also improve formatting of scan config since this change will be
backported.

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of [NET-6741] make: Add target for updating dependencies across all modules into release/1.4.x (#3673)

backport of commit 44583d3

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of build.yml: Add ECR images back into release/1.4.x (#3679)

* backport of commit 8fba327

* backport of commit 9a73765

* backport of commit dd2222f

---------

Co-authored-by: David Yu <dyu@hashicorp.com>

* Backport of build.yml: typo on tags into release/1.4.x (#3684)

backport of commit cf8dcbe

Co-authored-by: David Yu <dyu@hashicorp.com>

* Backport of [NET-8174] security: add scan triage for CVE-2024-26147 (helm/v3) into release/1.4.x (#3692)

backport of commit 4b8bc71

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* Backport of bump kind to v0.22.0 and update k8s support into release/1.4.x (#3687)

* backport of commit 9f495e0

* backport of commit df8edec

* backport of commit ca89a82

---------

Co-authored-by: NicoletaPopoviciu <nicoleta@hashicorp.com>

---------

Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: Daniel Kimsey <90741+dekimsey@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: NicoletaPopoviciu <nicoleta@hashicorp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-yu david-yu david-yu approved these changes

@dekimsey dekimsey Awaiting requested review from dekimsey

Assignees

@david-yu david-yu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-consul-core @david-yu @dekimsey