mirrors/etcd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19,257 Commits 124 Branches 418 Tags
d0e5c44f673f63bcb51f567bf9c7ff85a801b143
Commit Graph

19257 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
c5d80b388b build(deps): bump github.com/anishathalye/porcupine in /tests 
Bumps [github.com/anishathalye/porcupine](https://github.com/anishathalye/porcupine) from 0.1.2 to 0.1.4.
- [Release notes](https://github.com/anishathalye/porcupine/releases)
- [Commits](https://github.com/anishathalye/porcupine/compare/v0.1.2...v0.1.4)

---
updated-dependencies:
- dependency-name: github.com/anishathalye/porcupine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-13 22:32:23 +00:00
Sahdev Zala
367c19e159 Merge pull request #14972 from ahrtr/dependabot_weekly_20221213 
dependabot: change schedule interval to weekly
 2022-12-13 17:31:31 -05:00
Benjamin Wang
c4f7ac28a2 deps: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.32.0 to 0.37.0 in /server 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:32:18 +08:00
Benjamin Wang
32840bae73 deps: bump go.opentelemetry.io/otel from 1.7.0 to 1.11.2 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:27:04 +08:00
Benjamin Wang
8f320bfa00 deps: bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 in /server 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:19:10 +08:00
Benjamin Wang
8b34906b1d deps: bump github.com/mikefarah/yq/v4 from 4.24.2 to 4.30.5 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:17:21 +08:00
Benjamin Wang
6845168182 deps: bump github.com/google/addlicense from 1.0.0 to 1.1.0 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:15:44 +08:00
Benjamin Wang
feeb703b06 deps: bump gotest.tools/v3 from 3.1.0 to 3.4.0 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:13:08 +08:00
Benjamin Wang
40e85f6bee deps: bump github.com/mgechev/revive from 1.2.1 to 1.2.4 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:09:35 +08:00
Benjamin Wang
c51540bdd2 deps: bump google.golang.org/protobuf from 1.28.0 to 1.28.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:07:52 +08:00
Benjamin Wang
b96be4f1d3 deps: bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 in /etcdctl 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:03:53 +08:00
Benjamin Wang
2c192f4205 deps: bump go.uber.org/multierr from 1.8.0 to 1.9.0 in /server 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:00:49 +08:00
Benjamin Wang
642a451165 deps: bump gotest.tools/gotestsum from 1.7.0 to 1.8.2 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:53:44 +08:00
Benjamin Wang
700ad0fdce deps: bump github.com/creack/pty from 1.1.11 to 1.1.18 in /pkg 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:46:14 +08:00
Benjamin Wang
c2a7a5870d deps: bump github.com/prometheus/client_golang from 1.12.2 to 1.14.0 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:42:11 +08:00
Benjamin Wang
bc41c0963b deps: bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:38:55 +08:00
Benjamin Wang
259a73d67a deps: bump github.com/spf13/cobra from 1.4.0 to 1.6.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:33:24 +08:00
Benjamin Wang
1a0af6fee6 deps: bump go.uber.org/zap from 1.21.0 to 1.24.0 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:33:24 +08:00
Benjamin Wang
d11cc9e651 Merge pull request #14922 from ramil600/target-endpoint 
resolver: cleanup of deprecated grpc resolver target.Endpoint field
 2022-12-14 03:24:20 +08:00
Hitoshi Mitake
6429c044a6 Merge pull request #14935 from ahrtr/minor_enhance_error_20221213 
client: enhance the function shouldRetryWatch and added unit test
 2022-12-13 23:56:21 +09:00
ArkaSaha30
f4d3fa91db Add permissions: read-all to the workflow 
Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
 2022-12-13 12:42:51 +05:30
Benjamin Wang
1d7d8a9016 dependabot: change schedule interval to weekly 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-13 14:38:32 +08:00
Benjamin Wang
e103e2c18c Merge pull request #14946 from etcd-io/dependabot/github_actions/actions/checkout-3.2.0 
build(deps): bump actions/checkout from 2.5.0 to 3.2.0
 2022-12-13 14:29:41 +08:00
Benjamin Wang
9cb4c817f3 Merge pull request #14940 from etcd-io/dependabot/github_actions/actions/upload-artifact-3.1.1 
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.1
 2022-12-13 14:28:12 +08:00
Benjamin Wang
24342aed7b Merge pull request #14937 from etcd-io/dependabot/github_actions/golangci/golangci-lint-action-3.3.1 
build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
 2022-12-13 14:26:08 +08:00
ArkaSaha30
941fe6b877 Add newline at end of file 
Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
 2022-12-13 11:34:57 +05:30
Ramil Mirhasanov
932cb95e37 resolver: cleanup of deprecated grpc resolver target.Endpoint field 
target.Endpoint and some other fields are deprecated, URL field is
suggested to use instead
path is required to be stripped of "/" prefix for naming/resolver to
work porperly

Signed-off-by: Ramil Mirhasanov <ramil600@yahoo.com>
 2022-12-13 08:39:26 +03:00
dependabot[bot]
ffd26d6a0a build(deps): bump actions/checkout from 2.5.0 to 3.2.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.5.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.5.0...755da8c3cf115ac066823e79a1e1788f8940201b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-13 03:36:57 +00:00
dependabot[bot]
7a55adcfd1 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.3.1...83fd05a356d7e2593de66fc9913b3002723633cb)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-13 03:36:52 +00:00
dependabot[bot]
0fabbebeaa build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](07db5389c9...0ad9a0988b)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-13 03:36:49 +00:00
Benjamin Wang
ebe653da2c Merge pull request #14936 from ahrtr/add_dependentbot_20221213 
security: add dependabot.yml
 2022-12-13 11:36:16 +08:00
Benjamin Wang
f538e18f3b security: add dependabot.yml 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-13 10:44:35 +08:00
Benjamin Wang
d0e753ca86 clientv3: define local variables errMsgGRPCInvalidAuthToken and errMsgGRPCAuthOldRevision to cache gRPC error messages 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-13 07:28:59 +08:00
Benjamin Wang
19dc0cb413 client: enhance the function shouldRetryWatch and added unit test 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-13 06:05:02 +08:00
Benjamin Wang
ee9db729da Merge pull request #14860 from ahrtr/fix_release_20221126 
Trigger release in current branch for github workflow case
 2022-12-12 17:46:19 +08:00
Benjamin Wang
638d0a016a Merge pull request #14930 from ahrtr/secure_workflow_20221212 
Secure the github workflows
 2022-12-12 16:59:57 +08:00
Benjamin Wang
7aaef7616e Merge pull request #14927 from ahrtr/fix_testMutexLock_20221212 
test: fix nil pointer panic in testMutexLock
 2022-12-12 16:50:59 +08:00
Benjamin Wang
bf5c094f3c secure the github workflow 
https://app.stepsecurity.io/secureworkflow/etcd-io/etcd/tests.yaml/main?enable=pin
1. Copy the existing yaml file and paste into the textbox,
2. Click "SECURE WORKFLOW"
3. Copy the manifest from the textbox and paste into etcd repo.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-12 16:23:13 +08:00
ArkaSaha30
e30ced0d2f etcd: add trivy-nightly-scan for etcd images 
This PR will add `trivy-nightly-scan` for etcd images with versions `3.4.22` and `3.5.6` to scan for vulnerabilities everyday at 2AM UTC.

Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
 2022-12-12 12:33:13 +05:30
Benjamin Wang
3c51c42417 test: fix nil pointer panic in testMutexLock 
Refer to: https://github.com/etcd-io/etcd/actions/runs/3671847902/jobs/6207463700

```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xedc388]

goroutine 5253 [running]:
go.etcd.io/etcd/client/v3/concurrency.(*Session).Client(...)
	/home/runner/work/etcd/etcd/client/v3/concurrency/session.go:76
go.etcd.io/etcd/client/v3/concurrency.(*Mutex).tryAcquire(0xc000133140, {0x18a8668, 0xc000050158})
	/home/runner/work/etcd/etcd/client/v3/concurrency/mutex.go:111 +0x88
go.etcd.io/etcd/client/v3/concurrency.(*Mutex).Lock(0xc000133140, {0x18a8668, 0xc000050158})
	/home/runner/work/etcd/etcd/client/v3/concurrency/mutex.go:74 +0x68
go.etcd.io/etcd/tests/v3/integration/clientv3/experimental/recipes_test.testMutexLock.func1()
	/home/runner/work/etcd/etcd/tests/integration/clientv3/experimental/recipes/v3_lock_test.go:65 +0x285
created by go.etcd.io/etcd/tests/v3/integration/clientv3/experimental/recipes_test.testMutexLock
	/home/runner/work/etcd/etcd/tests/integration/clientv3/experimental/recipes/v3_lock_test.go:59 +0xda
FAIL	go.etcd.io/etcd/tests/v3/integration/clientv3/experimental/recipes	7.070s
FAIL
```

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-12 10:18:45 +08:00
Benjamin Wang
5d78d6d4b1 release: support kick off release in current branch 
Currently when triggering release, it always pull remote repo and
checkout main branch. Any changes which are merged into the target
release branch (e.g. release-3.5) will be ignored. It isn't
convenient for test, including in github workflow and local environment.
So we need to support triggering release in current branch.

Note: --current-branch should only be called with DRY_RUN=true

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-12 09:35:03 +08:00
Benjamin Wang
64599b4072 Merge pull request #14925 from serathius/gofail-v0.1.0 
tests: Update gofail to v0.1.0
 2022-12-11 05:31:34 +08:00
Marek Siarkowicz
1bb4c9558d tests: Update gofail to v0.1.0 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-12-10 14:49:20 +01:00
Benjamin Wang
142fa76a11 Merge pull request #14919 from ahrtr/govuln_version_20221209 
Pin govulncheck to v0.0.0-20221208180742-f2dca5ff4cc3
 2022-12-09 20:48:51 +08:00
Benjamin Wang
808099dc24 Pin govulncheck to v0.0.0-20221208180742-f2dca5ff4cc3 
go install golang.org/x/vuln/cmd/govulncheck@latest && govulncheck ./...
  shell: /usr/bin/bash -e {0}
  env:
    GOROOT: /opt/hostedtoolcache/go/1.19.4/x64
go: golang.org/x/vuln/cmd/govulncheck@latest: no matching versions for query "latest"

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-09 18:23:53 +08:00
Marek Siarkowicz
dafc1ade48 Merge pull request #14917 from serathius/linearizability-nightly-timeout 
tests: Increase test timeout for nighly runs to match job timeout min…
 2022-12-09 10:10:11 +01:00
Marek Siarkowicz
a8bc8ba28b tests: Increase test timeout for nighly runs to match job timeout minus ten minutes 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-12-09 09:47:17 +01:00
Benjamin Wang
893a3e7356 Merge pull request #14916 from ahrtr/bump_go_1.19.4 
Bump go to 1.19.4 and golang.org/x/net to v0.4.0 to address CVEs
 2022-12-09 16:38:39 +08:00
Marek Siarkowicz
ebca62cc81 Merge pull request #14903 from serathius/linearizability-txn 
tests: Add Txn operation to linearizability tests
 2022-12-09 09:38:08 +01:00
Benjamin Wang
1ba246e1d8 bump golang.org/x/ to v0.4.0 
Found 1 known vulnerability.

Vulnerability #1: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
Error:       tools/etcd-dump-metrics/main.go:158:5: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.Server.ServeConn

  Found in: golang.org/x/net/http2@v0.2.0
  Fixed in: golang.org/x/net/http2@v0.4.0
  More info: https://pkg.go.dev/vuln/GO-2022-1144
Error: Process completed with exit code 3.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-09 08:54:48 +08:00