Update ucacher with seccomp (Go)

.github/workflows/ci.yml

@@ -8,45 +8,55 @@ jobs:
     strategy:
       matrix:
         go-version: [1.21.x, 1.22.x, 1.23.x]
-        os: [ubuntu-latest, macos-latest, windows-latest]
-    runs-on: ${{ matrix.os }}
+        os: [ubuntu-latest]
+    runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher]
     steps:
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
           go-version: ${{ matrix.go-version }}
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - run: go build ./...
+      - run: mv ./bin/ucacher /usr/bin/ucacher
+      - run: chmod 755 /usr/bin/ucacher
+      - run: LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher go build ./...
   test:
-    runs-on: ubuntu-latest
+    runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher]
     steps:
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
+          go-version: 1.23
           check-latest: true
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - run: go test ./...
+      - run: mv ./bin/ucacher /usr/bin/ucacher
+      - run: chmod 755 /usr/bin/ucacher
+      - run: LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher go test ./...
   node_test:
-    runs-on: ubuntu-latest
+    runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher]
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4
         with:
           node-version: 10
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
+          go-version: 1.23
           check-latest: true
+      - run: mv ./bin/ucacher /usr/bin/ucacher
+      - run: chmod 755 /usr/bin/ucacher
       - run: >
           cd examples/internal/browser &&
-          npm install gulp-cli &&
-          npm install &&
-          ./node_modules/.bin/gulp
+          LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher npm install gulp-cli &&
+          LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher npm install &&
+          LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher ./node_modules/.bin/gulp
+
+  ### Note: This job runs in a container - ucacher is not supported yet in nested containers.
   generate:
     container:
       image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22
       options: "--user root"
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: ubuntu-latest
+    runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher]
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         # Required with newer versions of Git
@@ -57,97 +67,109 @@ jobs:
       - run: make generate
       - run: go mod tidy
       - run: git diff --exit-code
-  bazel:
-    container:
-      image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22
-      options: "--user root"
-      credentials:
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
-        with:
-          path: /home/vscode/.cache/_grpc_gateway_bazel
-          key: v1-bazel-cache-${{ hashFiles('repositories.bzl') }}
-          restore-keys: v1-bazel-cache-
-        # Required with newer versions of Git
-        # https://github.com/actions/checkout/issues/766
-      - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
-      - name: Configure bazel
-        run:
-          | # put .bazelrc in $HOME so that it's read before project's .bazelrc
-          cat > /home/vscode/.bazelrc << EOF
-          startup --output_base=/home/vscode/.cache/_grpc_gateway_bazel
-          build --@io_bazel_rules_go//go/config:race
-          # Workaround https://github.com/bazelbuild/bazel/issues/3645
-          # See https://docs.bazel.build/versions/0.23.0/command-line-reference.html
-          build --local_ram_resources=7168 # Github runners have 7G of memory
-          build --local_cpu_resources=2    # Github runners have 2 vCPU
-          EOF
-      - name: Check that Bazel BUILD files are up-to-date
-        run: bazel run //:gazelle && git diff --exit-code
-      - name: Check that repositories.bzl is up-to-date
-        run: |
-          bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=repositories.bzl%go_repositories &&
-          git diff --exit-code
-      - name: Check formatting of Bazel BUILD files
-        run: bazel run //:buildifier && git diff --exit-code
-      - name: Run tests with Bazel
-        run: bazel test //...
+
+  ### This job is not working on our self-hosted Github runner
+  # bazel:
+  #   container:
+  #     image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22
+  #     options: "--user root"
+  #     credentials:
+  #       username: ${{ github.actor }}
+  #       password: ${{ secrets.GITHUB_TOKEN }}
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+  #     - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+  #       with:
+  #         path: /home/vscode/.cache/_grpc_gateway_bazel
+  #         key: v1-bazel-cache-${{ hashFiles('repositories.bzl') }}
+  #         restore-keys: v1-bazel-cache-
+  #       # Required with newer versions of Git
+  #       # https://github.com/actions/checkout/issues/766
+  #     - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+  #     - name: Configure bazel
+  #       run:
+  #         | # put .bazelrc in $HOME so that it's read before project's .bazelrc
+  #         cat > /home/vscode/.bazelrc << EOF
+  #         startup --output_base=/home/vscode/.cache/_grpc_gateway_bazel
+  #         build --@io_bazel_rules_go//go/config:race
+  #         # Workaround https://github.com/bazelbuild/bazel/issues/3645
+  #         # See https://docs.bazel.build/versions/0.23.0/command-line-reference.html
+  #         build --local_ram_resources=7168 # Github runners have 7G of memory
+  #         build --local_cpu_resources=2    # Github runners have 2 vCPU
+  #         EOF
+  #     - name: Check that Bazel BUILD files are up-to-date
+  #       run: bazel run //:gazelle && git diff --exit-code
+  #     - name: Check that repositories.bzl is up-to-date
+  #       run: |
+  #         bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=repositories.bzl%go_repositories &&
+  #         git diff --exit-code
+  #     - name: Check formatting of Bazel BUILD files
+  #       run: bazel run //:buildifier && git diff --exit-code
+  #     - name: Run tests with Bazel
+  #       run: bazel test //...
+
   gorelease:
-    runs-on: ubuntu-latest
+    runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher]
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
         with:
           go-version: 1.22
           check-latest: true
-      - run: go run golang.org/x/exp/cmd/gorelease@latest -base=v2.22.0
-  proto_lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
-        with:
-          check-latest: true
-      - run: make install
-      - run: PATH=$PATH:~/go/bin buf build
-      - run: PATH=$PATH:~/go/bin buf lint
-      - run: PATH=$PATH:~/go/bin buf format -w && git diff --exit-code
-      - run: PATH=$PATH:~/go/bin buf breaking --path protoc-gen-openapiv2/ --against 'https://github.com/grpc-ecosystem/grpc-gateway.git#branch=main'
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
-        with:
-          go-version: 1.22
-          check-latest: true
-      - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1
-        with:
-          install-go: false
-  fuzz:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Build Fuzzers
-        id: build
-        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
-        with:
-          oss-fuzz-project-name: "grpc-gateway"
-          dry-run: false
-          language: go
-      - name: Run Fuzzers
-        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
-        with:
-          oss-fuzz-project-name: "grpc-gateway"
-          fuzz-seconds: 600
-          dry-run: false
-          language: go
-      - name: Upload Crash
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4
-        if: failure() && steps.build.outcome == 'success'
-        with:
-          name: artifacts
-          path: ./out/artifacts
+      - run: mv ./bin/ucacher /usr/bin/ucacher
+      - run: chmod 755 /usr/bin/ucacher
+      - run: UCACHER_INSTRUMENTER=seccomp ucacher go run golang.org/x/exp/cmd/gorelease@latest -base=v2.22.0
+
+  ### This job is not working, the git command seg faults
+  # proto_lint:
+  #   runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher]
+  #   steps:
+  #     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+  #     - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
+  #       with:
+  #         go-version: 1.23
+  #         check-latest: true
+  #     - run: ucacher make install
+  #     - run: PATH=$PATH:~/go/bin ucacher buf build
+  #     - run: PATH=$PATH:~/go/bin ucacher buf lint
+  #     - run: PATH=$PATH:~/go/bin buf format -w && git diff --exit-code
+  #     - run: PATH=$PATH:~/go/bin buf breaking --path protoc-gen-openapiv2/ --against 'https://github.com/grpc-ecosystem/grpc-gateway.git#branch=main'
+
+  ### This job is not working on our self-hosted Github runner
+  # lint:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+  #     - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
+  #       with:
+  #         go-version: 1.22
+  #         check-latest: true
+  #     - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1
+  #       with:
+  #         install-go: false
+
+  ### This job is not working on our self-hosted Github runner
+  # fuzz:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Build Fuzzers
+  #       id: build
+  #       uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+  #       with:
+  #         oss-fuzz-project-name: "grpc-gateway"
+  #         dry-run: false
+  #         language: go
+  #     - name: Run Fuzzers
+  #       uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+  #       with:
+  #         oss-fuzz-project-name: "grpc-gateway"
+  #         fuzz-seconds: 600
+  #         dry-run: false
+  #         language: go
+  #     - name: Upload Crash
+  #       uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4
+  #       if: failure() && steps.build.outcome == 'success'
+  #       with:
+  #         name: artifacts
+  #         path: ./out/artifacts

.ucacherignore

@@ -0,0 +1,2 @@
+.git/**/*
+ucacher

.ucacherignore.env

@@ -0,0 +1,31 @@
+GITHUB_PATH
+GITHUB_OUTPUT
+GITHUB_STATE
+GITHUB_ENV
+GITHUB_ACTION
+GITHUB_STEP_SUMMARY
+GITHUB_RUN_ATTEMPT
+GITHUB_RUN_NUMBER
+GITHUB_RUN_ID
+GITHUB_STEP_SUMMARY
+GITHUB_TRIGGERING_ACTOR
+GITHUB_ACTOR_ID
+GITHUB_ACTOR
+GITHUB_REF_TYPE
+GITHUB_SHA
+GITHUB_WORKFLOW_REF
+GITHUB_WORKFLOW_SHA
+GITHUB_EVENT_NAME
+GITHUB_HEAD_REF
+GITHUB_ACTION_REF
+INVOCATION_ID
+JOURNAL_STREAM
+SYSTEMD_EXEC_PID
+RUNNER_NAME
+RUNNER_TRACKING_ID
+LS_COLORS
+XDG_SESSION_ID
+SSH_CLIENT
+SSH_CONNECTION
+PATH
+HOSTNAME

README.md

@@ -14,6 +14,7 @@ gRPC to JSON proxy generator following the gRPC HTTP spec
 
 ## About
 
+
 The gRPC-Gateway is a plugin of the Google protocol buffers compiler
 [protoc](https://github.com/protocolbuffers/protobuf).
 It reads protobuf service definitions and generates a reverse-proxy server which