OCPBUGS-42687: Rebase etcd 3.5.16 openshift 4.16 #292
+2,814
−820
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The service at https://beta.transparencylog.net/ has already been shutdown on November 9th 2021 and the workflow has failed ever since. Signed-off-by: James Blair <mail@jamesblair.net>
[3.5] Backport removal of asset transparency workflow
Backport of commit 4881e53 / pull request etcd-io#18095. Signed-off-by: Ivan Valdes <ivan@vald.es>
…ase-shallow-clone [3.5] scripts/release: shallow clone repository
Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
…-24790 [3.5]Bump Go version to 1.21.11: CVE 2024-24790 fix
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
[3.5] print error log when validation on conf change failed
…cd-io#18015) Signed-off-by: lhy1024 <admin@liudos.us>
Signed-off-by: Andy Xie <andy.xning@gmail.com>
This commit fixed the Go Vulnerability Checker CI job, which isn't scanning for all go.mod files within the project. Reference: - etcd-io#18168 Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Extracted log from govulncheck, suggesting that we should bump the version of golang.org/x/net === Symbol Results === Vulnerability openshift#1: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Module: golang.org/x/net Found in: golang.org/x/net@v0.17.0 Fixed in: golang.org/x/net@v0.23.0 Reference: - etcd-io#17708 Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
…ab57 to v0.0.0-20220412211240-33da011f77ad Extracted log from govulncheck, suggesting that we should bump the version of golang.org/x/sys Vulnerability openshift#1: GO-2022-0493 Incorrect privilege reporting in syscall and golang.org/x/sys/unix More info: https://pkg.go.dev/vuln/GO-2022-0493 Module: golang.org/x/sys Found in: golang.org/x/sys@v0.0.0-20210403161142-5e06dd20ab57 Fixed in: golang.org/x/sys@v0.0.0-20220412211240-33da011f77ad Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
…_release_3.5 Fix govulncheck CI check on release-3.5
…-of-#18164-origin-release-3.5 bugfix: register of walWriteSec
Makefile's target `verify-dep` current behavior is to use `go list` to check consistent dependency versions from direct dependencies. Ignoring indirect dependencies in a multi-module project could lead to version mismatches. If module A imports module B, module B's dependency will be an indirect dependency in module A. Which can potentially have a version mismatch. Therefore, use `go mod edit` with indirect dependencies, too. So it can work with all dependencies defined in go.mod. Fix displaying dependencies with mismatches, as the old code was searching with grep just for the prefix, which would show other dependencies that shared the same prefix. Reference: - etcd-io#18205 Signed-off-by: Ivan Valdes <ivan@vald.es> Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
…on v0.0.0-20180306012644-bacd9c7ef1dd Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
…stency [3.5] Fix dependency inconsistency detection and add make verify-dep
[3.5] Support multiple values for allowed client and peer TLS identities
Include conditional logic to install shellcheck with correct architecture. This is based on commit 4f23883 and pull request etcd-io#14872. Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
…heckBackport3.5 etcd 3.5: Install shellcheck if not exists.
Signed-off-by: Yao Cheng <chengyao09@hotmail.com>
By running `find -exec`, an error exit code doesn't properly return the error if there's a failure in a command executed. Use `xargs` to force an exit with error when a command fails to run. Signed-off-by: Ivan Valdes <ivan@vald.es>
[3.5] backport deflake TestV3AuthWithLeaseRevokeWithRootJWT
…-govulncheck-exit-code [3.5] github/govuln: don't swallow govulncheck errors
Right now the basic auth tokens that are deleted after `--auth-token-ttl` cause info-level logs to be emitted. Change this to debug. This helps with the issue at etcd-io#18244 where calling `/readyz` frequently pollutes the etcd server logs with this log message. Fixes etcd-io#18244. Signed-off-by: Ahmet Alp Balkan <ahmet@linkedin.com>
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
[3.5] Bump Go version to 1.21.12: GO-2024-2963 fix
etcd does not use vendored dependencies, which means we need to setup cachito for ART to be able to build the image. Unfortunately, CI cannot use cachito, so we need a separate Dockerfile. Co-authored-by: Daniele Paolella <dpaolell@redhat.com> Co-authored-by: Joep van Delft <jdelft@redhat.com>
The main installer binary is now statically linked and there is a separate binary which is dynamically-linked for fips support (baremetal-installer/openshift-install-fips). We want the etcd-artifacts image to contain statically-linked binaries to be included in the non-fips openshift-install binary. When building with fips support, we'll get etcd binaries from the regular etcd container image, which has dynamically-linked binaries. When setting GOOS=X and GOARCH=Y, most of the cross-builds will result in statically linked binaries, except when the host matches X/Y system/arch. So let's be explicit and set `CGO_ENABLED=0` and the exception env var `GO_COMPLIANCE_EXCLUDE`.
This is needed for the s390x/ppc64le arches since we just cross-compile to linux amd/arm64.
…tcd-3.5.16-openshift-4.16
openshift-ci-robot
added
jira/valid-reference
|
@Elbehery: This pull request references Jira Issue OCPBUGS-42687, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/jira refresh |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Elbehery The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@Elbehery: This pull request references Jira Issue OCPBUGS-42687, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
approved
|
/payload 4.16 nightly informing |
|
@Elbehery: trigger 73 job(s) of type informing for the nightly release of OCP 4.16
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/33ff3060-80b6-11ef-9902-be7b2d5d7fef-0 |
|
/payload 4.16 nightly blocking |
|
@Elbehery: trigger 9 job(s) of type blocking for the nightly release of OCP 4.16
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/3da2b010-80b6-11ef-8c95-3e7b51be13a8-0 |
|
/jira refresh |
|
@Elbehery: This pull request references Jira Issue OCPBUGS-42687, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/assign @geliu2016 |
|
/label cherry-pick-approved |
openshift-ci
bot
added
the
cherry-pick-approved
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR rebases etcd 3.5.16 into openshift-4.16.
running make locally
Note: Upstream has refactored clientV3 here. This the changed func was being used downstream in
etcd/client/v3/patch_cluster.go
Line 17 in d984c31
cc @openshift/openshift-team-etcd