forked from apache/apisix
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'upstream/master' into github/master
* upstream/master: (48 commits) fix(ai): remove BUILD_ROUTER event when ai module is unloaded (apache#8184) chore: add some comment for make_request_to_vault function (apache#8420) docs: update admin api English doc (apache#8227) ci: use fixed os version of ubuntu (apache#8438) feat: Support store secrets in secrets manager for auth plugin via kms components (apache#8421) feat: interact via gRPC in APISIX Admin API (apache#8411) fix: last_err can be nil when the reconnection is successful (apache#8377) feat: support global data encryption of secret information (apache#8403) refactor(env): rename funtion name (apache#8426) feat(admin): add kms admin api (apache#8394) docs: update consumer and upstream docs (apache#8223) ci: add cron job for GM (apache#8398) docs: add kms env doc (apache#8419) feat: Added log format support in syslog plugin. (apache#8279) feat: add vault common components (apache#8412) docs: update global-rule/plugin-config/plugin/ docs (apache#8262) docs: update consumer-group/router/service/script doc (apache#8332) feat: support store secret in env for auth plugin (apache#8390) docs: update Upgrade Guide CN version (apache#8392) docs: add GM plugin EN doc to make website display normally (apache#8393) ...
- Loading branch information
Showing
439 changed files
with
15,816 additions
and
5,375 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,135 @@ | ||
| name: CI FIPS | ||
|
|
||
| on: | ||
| push: | ||
| branches: [master] | ||
| paths-ignore: | ||
| - 'docs/**' | ||
| - '**/*.md' | ||
| pull_request: | ||
| branches: [master] | ||
| paths-ignore: | ||
| - 'docs/**' | ||
| - '**/*.md' | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| build: | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| platform: | ||
| - ubuntu-20.04 | ||
| os_name: | ||
| - linux_openresty | ||
| test_dir: | ||
| # all plugins only use three parts of openssl API: RSA via ffi, SHA via ffi and SSL API wrapped by nginx. | ||
| # The latter one is already covered by the core tests, so no need to repeat it in plugin tests. | ||
| # The RSA and SHA tests are fully covered by jwt-auth and hmac-auth plugin tests, while other plugins only repeat such tests. | ||
| - t/plugin/jwt-auth2.t t/plugin/jwt-auth.t t/plugin/hmac-auth.t | ||
| # all SSL related core tests are covered by below two lists. | ||
| - t/admin/ssl* t/admin/schema.t t/admin/upstream.t t/config-center-yaml/ssl.t t/core/etcd-mtls.t t/core/config_etcd.t t/deployment/conf_server.t t/misc/patch.t | ||
| - t/node/grpc-proxy-unary.t t/node/upstream-keepalive-pool.t t/node/upstream-websocket.t t/node/client-mtls.t t/node/upstream-mtls.t t/pubsub/kafka.t t/router/radixtree-sni2.t t/router/multi-ssl-certs.t t/router/radixtree-sni.t t/stream-node/mtls.t t/stream-node/tls.t t/stream-node/upstream-tls.t t/stream-node/sni.t | ||
|
|
||
| runs-on: ${{ matrix.platform }} | ||
| timeout-minutes: 90 | ||
| env: | ||
| SERVER_NAME: ${{ matrix.os_name }} | ||
| OPENRESTY_VERSION: default | ||
|
|
||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3.1.0 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Cache deps | ||
| uses: actions/cache@v3 | ||
| env: | ||
| cache-name: cache-deps | ||
| with: | ||
| path: deps | ||
| key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name }}-${{ hashFiles('rockspec/apisix-master-0.rockspec') }} | ||
|
|
||
| - name: Cache openssl-3.0 compilation | ||
| id: cache-openssl | ||
| uses: actions/cache@v3 | ||
| env: | ||
| cache-name: cache-openssl | ||
| with: | ||
| path: ~/openssl-3.0 | ||
| key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name }} | ||
|
|
||
| - name: Toggle openssl compile | ||
| id: test_ssl_env | ||
| shell: bash | ||
| if: steps.cache-openssl.outputs.cache-hit != 'true' | ||
| run: | | ||
| echo "openssl3=yes" >>$GITHUB_OUTPUT | ||
| echo "openssl3_prefix=$HOME" >>$GITHUB_OUTPUT | ||
| - name: Extract test type | ||
| shell: bash | ||
| id: test_env | ||
| run: | | ||
| test_dir="${{ matrix.test_dir }}" | ||
| if [[ $test_dir =~ 't/plugin' ]]; then | ||
| echo "type=plugin" >>$GITHUB_OUTPUT | ||
| fi | ||
| if [[ $test_dir =~ 't/admin' ]]; then | ||
| echo "type=first" >>$GITHUB_OUTPUT | ||
| fi | ||
| if [[ $test_dir =~ 't/node' ]]; then | ||
| echo "type=last" >>$GITHUB_OUTPUT | ||
| fi | ||
| - name: Linux launch common services | ||
| run: | | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.common.yml | ||
| - name: Start CI env (FIRST_TEST) | ||
| if: steps.test_env.outputs.type == 'first' | ||
| run: | | ||
| # launch deps env | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml | ||
| - name: Start CI env (PLUGIN_TEST) | ||
| if: steps.test_env.outputs.type == 'plugin' | ||
| run: | | ||
| # download keycloak cas provider | ||
| sudo wget https://github.com/jacekkow/keycloak-protocol-cas/releases/download/18.0.2/keycloak-protocol-cas-18.0.2.jar -O /opt/keycloak-protocol-cas-18.0.2.jar | ||
| ./ci/pod/openfunction/build-function-image.sh | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml | ||
| sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh | ||
| - name: Start CI env (LAST_TEST) | ||
| if: steps.test_env.outputs.type == 'last' | ||
| run: | | ||
| # generating SSL certificates for Kafka | ||
| sudo keytool -genkeypair -keyalg RSA -dname "CN=127.0.0.1" -alias 127.0.0.1 -keystore ./ci/pod/kafka/kafka-server/selfsigned.jks -validity 365 -keysize 2048 -storepass changeit | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml | ||
| sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh | ||
| - name: Linux Before install | ||
| run: sudo ./ci/${{ matrix.os_name }}_runner.sh before_install | ||
|
|
||
| - name: Linux Install | ||
| env: | ||
| COMPILE_OPENSSL3: ${{ steps.test_ssl_env.outputs.openssl3 }} | ||
| OPENSSL3_PREFIX: ${{ steps.test_ssl_env.outputs.openssl3_prefix }} | ||
| USE_OPENSSL3: yes | ||
| run: | | ||
| sudo --preserve-env=OPENRESTY_VERSION \ | ||
| --preserve-env=COMPILE_OPENSSL3 \ | ||
| --preserve-env=OPENSSL3_PREFIX \ | ||
| --preserve-env=USE_OPENSSL3 \ | ||
| ./ci/${{ matrix.os_name }}_runner.sh do_install | ||
| - name: Linux Script | ||
| env: | ||
| OPENSSL_FIPS: yes | ||
| TEST_FILE_SUB_DIR: ${{ matrix.test_dir }} | ||
| run: sudo -E ./ci/${{ matrix.os_name }}_runner.sh script |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,150 @@ | ||
| name: CI GM (cron) | ||
|
|
||
| on: | ||
| schedule: | ||
| # UTC 7:30 every Friday | ||
| - cron: "30 7 * * 5" | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| build: | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| platform: | ||
| - ubuntu-20.04 | ||
| os_name: | ||
| - linux_openresty_tongsuo | ||
| test_dir: | ||
| - t/plugin/[a-k]* | ||
| - t/plugin/[l-z]* | ||
| - t/admin t/cli t/config-center-yaml t/control t/core t/debug t/deployment t/discovery t/error_page t/misc | ||
| - t/node t/pubsub t/router t/script t/stream-node t/utils t/wasm t/xds-library t/xrpc | ||
|
|
||
| runs-on: ${{ matrix.platform }} | ||
| timeout-minutes: 90 | ||
| env: | ||
| SERVER_NAME: ${{ matrix.os_name }} | ||
| OPENRESTY_VERSION: default | ||
|
|
||
| # TODO: refactor the workflows to reduce duplicate parts. Maybe we can write them in shell | ||
| # scripts or a separate action? | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3.1.0 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Setup Go | ||
| uses: actions/setup-go@v3 | ||
| with: | ||
| go-version: "1.17" | ||
|
|
||
| - name: Cache deps | ||
| uses: actions/cache@v3 | ||
| env: | ||
| cache-name: cache-deps | ||
| with: | ||
| path: deps | ||
| key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name }}-${{ hashFiles('rockspec/apisix-master-0.rockspec') }} | ||
|
|
||
| - name: Cache Tongsuo compilation | ||
| id: cache-tongsuo | ||
| uses: actions/cache@v3 | ||
| env: | ||
| cache-name: cache-tongsuo | ||
| with: | ||
| path: ./tongsuo | ||
| key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name }}-tongsuo-ver | ||
|
|
||
| - name: Test SSL Env | ||
| id: test_ssl_env | ||
| shell: bash | ||
| if: steps.cache-tongsuo.outputs.cache-hit != 'true' | ||
| run: | | ||
| echo "compile_tongsuo=true" >>$GITHUB_OUTPUT | ||
| - name: Extract test type | ||
| shell: bash | ||
| id: test_env | ||
| run: | | ||
| test_dir="${{ matrix.test_dir }}" | ||
| if [[ $test_dir =~ 't/plugin' ]]; then | ||
| echo "type=plugin" >>$GITHUB_OUTPUT | ||
| fi | ||
| if [[ $test_dir =~ 't/admin ' ]]; then | ||
| echo "type=first" >>$GITHUB_OUTPUT | ||
| fi | ||
| if [[ $test_dir =~ ' t/xrpc' ]]; then | ||
| echo "type=last" >>$GITHUB_OUTPUT | ||
| fi | ||
| - name: Linux launch common services | ||
| run: | | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.common.yml | ||
| - name: Start CI env (FIRST_TEST) | ||
| if: steps.test_env.outputs.type == 'first' | ||
| run: | | ||
| # launch deps env | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml | ||
| - name: Start CI env (PLUGIN_TEST) | ||
| if: steps.test_env.outputs.type == 'plugin' | ||
| run: | | ||
| # download keycloak cas provider | ||
| sudo wget https://github.com/jacekkow/keycloak-protocol-cas/releases/download/18.0.2/keycloak-protocol-cas-18.0.2.jar -O /opt/keycloak-protocol-cas-18.0.2.jar | ||
| ./ci/pod/openfunction/build-function-image.sh | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml | ||
| sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh | ||
| - name: Start CI env (LAST_TEST) | ||
| if: steps.test_env.outputs.type == 'last' | ||
| run: | | ||
| # generating SSL certificates for Kafka | ||
| sudo keytool -genkeypair -keyalg RSA -dname "CN=127.0.0.1" -alias 127.0.0.1 -keystore ./ci/pod/kafka/kafka-server/selfsigned.jks -validity 365 -keysize 2048 -storepass changeit | ||
| make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml | ||
| sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh | ||
| - name: Start Dubbo Backend | ||
| if: steps.test_env.outputs.type == 'plugin' | ||
| run: | | ||
| sudo apt install -y maven | ||
| cd t/lib/dubbo-backend | ||
| mvn package | ||
| cd dubbo-backend-provider/target | ||
| java -Djava.net.preferIPv4Stack=true -jar dubbo-demo-provider.one-jar.jar > /tmp/java.log & | ||
| - name: Build xDS library | ||
| if: steps.test_env.outputs.type == 'last' | ||
| run: | | ||
| cd t/xds-library | ||
| go build -o libxds.so -buildmode=c-shared main.go export.go | ||
| - name: Build wasm code | ||
| if: steps.test_env.outputs.type == 'last' | ||
| run: | | ||
| export TINYGO_VER=0.20.0 | ||
| wget https://github.com/tinygo-org/tinygo/releases/download/v${TINYGO_VER}/tinygo_${TINYGO_VER}_amd64.deb 2>/dev/null | ||
| sudo dpkg -i tinygo_${TINYGO_VER}_amd64.deb | ||
| cd t/wasm && find . -type f -name "*.go" | xargs -Ip tinygo build -o p.wasm -scheduler=none -target=wasi p | ||
| - name: Linux Before install | ||
| env: | ||
| COMPILE_TONGSUO: ${{ steps.test_ssl_env.outputs.compile_tongsuo }} | ||
| run: | | ||
| sudo --preserve-env=COMPILE_TONGSUO \ | ||
| ./ci/${{ matrix.os_name }}_runner.sh before_install | ||
| - name: Linux Install | ||
| run: | | ||
| sudo --preserve-env=OPENRESTY_VERSION \ | ||
| ./ci/${{ matrix.os_name }}_runner.sh do_install | ||
| - name: Linux Script | ||
| env: | ||
| TEST_FILE_SUB_DIR: ${{ matrix.test_dir }} | ||
| run: sudo -E ./ci/${{ matrix.os_name }}_runner.sh script |
Oops, something went wrong.