Merge remote-tracking branch 'upstream/main' into feat/otel-resource-…

…detectors-env

Signed-off-by: Joao Grassi <[email protected]>

.bazelrc

@@ -61,6 +61,7 @@ common --experimental_allow_tags_propagation
 
 # Enable position independent code (this is the default on macOS and Windows)
 # (Workaround for https://github.com/bazelbuild/rules_foreign_cc/issues/421)
+build:linux --copt=-fdebug-types-section
 build:linux --copt=-fPIC
 build:linux --copt=-Wno-deprecated-declarations
 build:linux --cxxopt=-std=c++17 --host_cxxopt=-std=c++17

.github/actions/do_ci/action.yml

@@ -16,15 +16,6 @@ inputs:
   bazel_extra:
     type: string
     default:
-  bazel_local_cache:
-    type: string
-    default:
-  bazel_rbe_cache:
-    type: string
-    default: grpcs://remotebuildexecution.googleapis.com
-  bazel_rbe_instance:
-    type: string
-    default: projects/envoy-ci/instances/default_instance
   bazel_rbe_jobs:
     type: number
     default: 75
@@ -35,6 +26,21 @@ inputs:
   command_ci:
     type: string
     default: ./ci/do_ci.sh
+  catch-errors:
+    type: boolean
+    default: false
+  error-match:
+    type: string
+    default: |
+      ERROR
+  warning-match:
+    type: string
+    default: |
+      WARNING
+  notice-match:
+    type: string
+    default: |
+      NOTICE
 
   env:
     type: string
@@ -45,46 +51,25 @@ inputs:
 runs:
   using: composite
   steps:
-  - id: do_ci
+  - uses: envoyproxy/toolshed/gh-actions/github/[email protected]
     name: 'Run CI target ${{ inputs.target }}'
-    run: |
-      if [[ "${#INPUT_ENV}" -ne 0 ]]; then
-          SOURCETMP="$(mktemp)"
-          # TODO(phlax): Fix escaping
-          echo "${{ inputs.env }}" > "$SOURCETMP"
-          . "$SOURCETMP"
-          rm -rf "$SOURCETMP"
-      fi
-      if [[ "${{ inputs.rbe }}" == 'true' ]]; then
-          export ENVOY_RBE=1
-          export GCP_SERVICE_ACCOUNT_KEY=${{ inputs.auth_bazel_rbe }}
-          export BAZEL_BUILD_EXTRA_OPTIONS="--config=remote-ci --jobs=${{ inputs.bazel_rbe_jobs }} ${{ inputs.bazel_extra }}"
-          export BAZEL_REMOTE_CACHE=${{ inputs.bazel_rbe_cache }}"
-          export BAZEL_REMOTE_INSTANCE=${{ inputs.bazel_rbe_instance }}"
-      else
-          export BAZEL_BUILD_EXTRA_OPTIONS="--config=ci ${{ inputs.bazel_extra }}"
-          export BAZEL_REMOTE_CACHE="${{ inputs.bazel_local_cache }}"
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
-              export BAZEL_REMOTE_INSTANCE_BRANCH="${{ github.event.base.ref }}"
-          else
-              export BAZEL_REMOTE_INSTANCE_BRANCH="${{ github.ref }}"
-          fi
-      fi
-
-      if [[ -n "${{ inputs.command_prefix }}" ]]; then
-          ${{ inputs.command_prefix }} '${{ inputs.command_ci }} ${{ inputs.target }}'
-      else
-          ${{ inputs.command_ci }} ${{ inputs.target }}
-      fi
-
-      if [[ ${{ github.event_name }} == "pull_request" ]]; then
-          export BAZEL_FAKE_SCM_REVISION=e3b4a6e9570da15ac1caffdded17a8bebdc7dfc9
-          export CI_TARGET_BRANCH="${{ github.event.base.ref }}"
-      else
-          export CI_TARGET_BRANCH="${{ github.ref }}"
-      fi
-    shell: bash
+    with:
+      catch-errors: ${{ inputs.catch-errors }}
+      container-command: ${{ inputs.command_prefix }}
+      command-prefix: ${{ inputs.command_ci }}
+      command: ${{ inputs.target }}
+      env: ${{ inputs.env }}
+      error-match: ${{ inputs.error-match }}
+      notice-match: ${{ inputs.notice-match }}
+      warning-match: ${{ inputs.warning-match }}
     env:
       GITHUB_TOKEN: ${{ inputs.GITHUB_TOKEN }}
       ENVOY_DOCKER_BUILD_DIR: ${{ runner.temp }}
-      INPUT_ENV: ${{ inputs.env }}
+      ENVOY_RBE: ${{ inputs.rbe != 'false' && 1 || '' }}
+      GCP_SERVICE_ACCOUNT_KEY: ${{ inputs.rbe && inputs.auth_bazel_rbe || '' }}
+      BAZEL_BUILD_EXTRA_OPTIONS: >-
+        --config=remote-ci
+        ${{ inputs.bazel_extra }}
+        ${{ inputs.rbe != 'false' && format('--jobs={0}', inputs.bazel_rbe_jobs) || '' }}
+      BAZEL_FAKE_SCM_REVISION: ${{ github.event_name == 'pull_request' && 'e3b4a6e9570da15ac1caffdded17a8bebdc7dfc9' || '' }}
+      CI_TARGET_BRANCH: ${{ github.event_name == 'pull_request' && github.event.base.ref || github.ref }}

.github/dependabot.yml

@@ -35,6 +35,7 @@ updates:
 
 - package-ecosystem: "pip"
   directory: "/tools/base"
+  open-pull-requests-limit: 20
   schedule:
     interval: "daily"
     time: "06:00"

.github/workflows/_cache_docker.yml

@@ -37,7 +37,7 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].27
+    - uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].35
       name: Prime Docker cache (${{ inputs.image_repo }}:${{ inputs.image_tag }}@sha256:${{ inputs.image_sha }})
       with:
         image_tag: "${{ inputs.image_repo }}:${{ inputs.image_tag }}@sha256:${{ inputs.image_sha }}"

.github/workflows/_ci.yml

@@ -45,6 +45,21 @@ on:
       command_ci:
         type: string
         default: ./ci/do_ci.sh
+      catch-errors:
+        type: boolean
+        default: false
+      error-match:
+        type: string
+        default: |
+          ERROR
+      warning-match:
+        type: string
+        default: |
+          WARNING
+      notice-match:
+        type: string
+        default: |
+          NOTICE
 
       diskspace_hack:
         type: boolean
@@ -95,7 +110,7 @@ jobs:
     steps:
     - if: ${{ inputs.cache_build_image }}
       name: Restore Docker cache (${{ inputs.cache_build_image }})
-      uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].35
       with:
         image_tag: ${{ inputs.cache_build_image }}
 
@@ -108,7 +123,7 @@ jobs:
     - if: ${{ steps.context.outputs.use_appauth == 'true' }}
       name: Fetch token for app auth
       id: appauth
-      uses: envoyproxy/toolshed/gh-actions/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/[email protected].35
       with:
         app_id: ${{ secrets.app_id }}
         key: ${{ secrets.app_key }}
@@ -138,15 +153,15 @@ jobs:
       run: git config --global --add safe.directory /__w/envoy/envoy
 
     - if: ${{ inputs.diskspace_hack }}
-      uses: envoyproxy/toolshed/gh-actions/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/[email protected].35
     - run: |
         echo "disk space at beginning of build:"
         df -h
       name: "Check disk space at beginning"
 
     - if: ${{ inputs.run_pre }}
       name: Run pre action ${{ inputs.run_pre && format('({0})', inputs.run_pre) || '' }}
-      uses: envoyproxy/toolshed/gh-actions/using/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/using/[email protected].35
       with:
         uses: ${{ inputs.run_pre }}
         with: ${{ inputs.run_pre_with }}
@@ -159,18 +174,19 @@ jobs:
         managed: ${{ inputs.managed }}
         auth_bazel_rbe: ${{ inputs.auth_bazel_rbe }}
         bazel_extra: ${{ inputs.bazel_extra }}
-        bazel_local_cache: ${{ inputs.bazel_local_cache }}
-        bazel_rbe_cache: ${{ inputs.bazel_rbe_cache }}
-        bazel_rbe_instance: ${{ inputs.bazel_rbe_instance }}
         bazel_rbe_jobs: ${{ inputs.bazel_rbe_jobs }}
         command_prefix: ${{ inputs.command_prefix }}
         command_ci: ${{ inputs.command_ci }}
+        catch-errors: ${{ inputs.catch-errors }}
+        error-match: ${{ inputs.error-match }}
+        notice-match: ${{ inputs.notice-match }}
+        warning-match: ${{ inputs.warning-match }}
         env: ${{ inputs.env }}
         GITHUB_TOKEN: ${{ steps.context.outputs.use_appauth == 'true' && steps.appauth.outputs.token || secrets.GITHUB_TOKEN }}
 
     - if: ${{ inputs.run_post }}
       name: Run post action ${{ inputs.run_pre && format('({0})', inputs.run_post) || '' }}
-      uses: envoyproxy/toolshed/gh-actions/using/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/using/[email protected].35
       with:
         uses: ${{ inputs.run_post }}
         with: ${{ inputs.run_post_with }}

.github/workflows/_stage_publish.yml

@@ -116,7 +116,7 @@ jobs:
     needs:
     - publish
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/[email protected].27
+    - uses: envoyproxy/toolshed/gh-actions/[email protected].35
       with:
         app_id: ${{ secrets.ENVOY_CI_SYNC_APP_ID }}
         key: "${{ secrets.ENVOY_CI_SYNC_APP_KEY }}"

.github/workflows/_workflow-start.yml

@@ -29,7 +29,7 @@ jobs:
 
     - if: ${{ steps.env.outputs.trusted != 'true' }}
       name: Start status check
-      uses: envoyproxy/toolshed/gh-actions/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/[email protected].35
       with:
         authToken: ${{ secrets.GITHUB_TOKEN }}
         context: ${{ inputs.workflow_name }}

.github/workflows/codeql-daily.yml

@@ -21,15 +21,6 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/codeql-push.yml

@@ -26,28 +26,20 @@ jobs:
 
     steps:
     - name: Pre-cleanup
-      uses: envoyproxy/toolshed/gh-actions/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/[email protected].35
       with:
         to_remove: |
           /usr/local/lib/android
 
     - name: Checkout repository
       uses: actions/checkout@v4
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
 
     - name: Get build targets
       run: |
        . .github/workflows/get_build_targets.sh
        echo 'BUILD_TARGETS<<EOF' >> $GITHUB_ENV
        echo $BUILD_TARGETS_LOCAL >> $GITHUB_ENV
        echo 'EOF' >> $GITHUB_ENV
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/commands.yml

@@ -24,7 +24,7 @@ jobs:
       actions: write
       checks: read
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/[email protected].27
+    - uses: envoyproxy/toolshed/gh-actions/[email protected].35
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         azp_org: cncf

.github/workflows/envoy-dependency.yml

@@ -43,13 +43,13 @@ jobs:
     steps:
     - id: checkout
       name: Checkout Envoy repository
-      uses: envoyproxy/toolshed/gh-actions/github/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
       with:
         app_id: ${{ secrets.ENVOY_CI_DEP_APP_ID }}
         app_key: ${{ secrets.ENVOY_CI_DEP_APP_KEY }}
     - id: version
       name: Shorten (possible) SHA
-      uses: envoyproxy/toolshed/gh-actions/str/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/str/[email protected].35
       with:
         string: ${{ inputs.version }}
         length: 7
@@ -64,13 +64,13 @@ jobs:
         TARGET: ${{ inputs.task == 'bazel' && 'update' || 'api-update' }}
         TASK: ${{ inputs.task == 'bazel' && 'bazel' || 'api/bazel' }}
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - uses: envoyproxy/toolshed/gh-actions/upload/[email protected].27
+    - uses: envoyproxy/toolshed/gh-actions/upload/[email protected].35
       name: Upload diff
       with:
         name: ${{ inputs.dependency }}-${{ steps.version.outputs.string }}
     - name: Create a PR
       if: ${{ inputs.pr }}
-      uses: envoyproxy/toolshed/gh-actions/github/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
       with:
         base: main
         body: |
@@ -97,7 +97,7 @@ jobs:
     steps:
     - name: Fetch token for app auth
       id: appauth
-      uses: envoyproxy/toolshed/gh-actions/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/[email protected].35
       with:
         app_id: ${{ secrets.ENVOY_CI_DEP_APP_ID }}
         key: ${{ secrets.ENVOY_CI_DEP_APP_KEY }}
@@ -137,7 +137,7 @@ jobs:
 
     - name: Check Docker SHAs
       id: build-images
-      uses: envoyproxy/toolshed/gh-actions/docker/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/docker/[email protected].35
       with:
         images: |
            sha: envoyproxy/envoy-build-ubuntu:${{ steps.build-tools.outputs.tag }}
@@ -166,7 +166,7 @@ jobs:
       name: Update SHAs
       working-directory: envoy
     - name: Create a PR
-      uses: envoyproxy/toolshed/gh-actions/github/[email protected].27
+      uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
       with:
         base: main
         body: Created by Envoy dependency bot

.github/workflows/envoy-prechecks.yml

@@ -16,6 +16,7 @@ on:
     - 'WORKSPACE'
     - '.github/workflows/envoy-prechecks.yml'
     - '.github/workflows/_*.yml'
+    - '.github/actions/do_ci/action.yml'
 
 concurrency:
   group: ${{ github.event.inputs.head_ref || github.run_id }}-${{ github.workflow }}
@@ -53,3 +54,7 @@ jobs:
       managed: ${{ matrix.managed }}
       cache_build_image: ${{ needs.env.outputs.build_image_ubuntu }}
       repo_ref: ${{ github.event.pull_request.head.sha  }}
+      catch-errors: true
+      error-match: |
+        ERROR
+        ClientConnectorError