tls: add certificate expiry stats for each TlsContext

Signed-off-by: Rei Shimizu <shimizu.rei@linecorp.com>
Shikugawa · Oct 20, 2024 · 77f740c · 77f740c
2 parents e3bf193 + ee61634
commit 77f740c
Show file tree

Hide file tree

Showing 263 changed files with 5,250 additions and 3,032 deletions.
diff --git a/.github/workflows/_cache.yml b/.github/workflows/_cache.yml
@@ -48,29 +48,29 @@ jobs:
   docker:
     runs-on: ${{ inputs.runs-on || 'ubuntu-24.04' }}
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.37
       id: appauth
       name: Appauth (mutex lock)
       with:
         app_id: ${{ secrets.app-id }}
         key: ${{ secrets.app-key }}
-    - uses: envoyproxy/toolshed/gh-actions/docker/cache/prime@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/docker/cache/prime@actions-v0.2.37
       id: docker
       name: Prime Docker cache (${{ inputs.image-tag }}${{ inputs.cache-suffix }})
       with:
         image-tag: ${{ inputs.image-tag }}
         key-suffix: ${{ inputs.cache-suffix }}
         lock-token: ${{ steps.appauth.outputs.token }}
         lock-repository: ${{ inputs.lock-repository }}
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       id: data
       name: Cache data
       with:
         input-format: yaml
         input: |
           cached: ${{ steps.docker.outputs.cached }}
           key: ${{ inputs.image-tag }}${{ inputs.cache-suffix }}
-    - uses: envoyproxy/toolshed/gh-actions/json/table@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/json/table@actions-v0.2.37
       name: Summary
       with:
         json: ${{ steps.data.outputs.value }}

diff --git a/.github/workflows/_check_build.yml b/.github/workflows/_check_build.yml
@@ -5,9 +5,6 @@ permissions:
 
 on:
   workflow_call:
-    secrets:
-      gcp-key:
-        required: true
     inputs:
       request:
         type: string
@@ -23,15 +20,13 @@ concurrency:
 
 jobs:
   build:
-    secrets:
-      gcp-key: ${{ secrets.gcp-key }}
     permissions:
       contents: read
       packages: read
     uses: ./.github/workflows/_run.yml
     name: ${{ matrix.name ||matrix.target }}
     with:
-      # bazel-extra: '--config=remote-envoy-engflow'
+      bazel-extra: '--config=remote-envoy-engflow'
       cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
       concurrency-suffix: -${{ matrix.target }}
       error-match: |

diff --git a/.github/workflows/_check_san.yml b/.github/workflows/_check_san.yml
@@ -5,9 +5,6 @@ permissions:
 
 on:
   workflow_call:
-    secrets:
-      gcp-key:
-        required: true
     inputs:
       request:
         type: string
@@ -23,15 +20,13 @@ concurrency:
 
 jobs:
   san:
-    secrets:
-      gcp-key: ${{ secrets.gcp-key }}
     permissions:
       contents: read
       packages: read
     uses: ./.github/workflows/_run.yml
     name: ${{ matrix.target }}
     with:
-      # bazel-extra: '--config=remote-envoy-engflow'
+      bazel-extra: '--config=remote-envoy-engflow'
       cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
       concurrency-suffix: -${{ matrix.target }}
       request: ${{ inputs.request }}

diff --git a/.github/workflows/_finish.yml b/.github/workflows/_finish.yml
@@ -36,7 +36,7 @@ jobs:
       actions: read
       contents: read
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       name: Incoming data
       id: needs
       with:
@@ -87,21 +87,21 @@ jobs:
                    summary: "Check has finished",
                    text: $text}}}}
 
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       name: Print summary
       with:
         input: ${{ toJSON(steps.needs.outputs.value).summary-title }}
         filter: |
           "## \(.)"
         options: -Rr
         output-path: GITHUB_STEP_SUMMARY
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.37
       name: Appauth
       id: appauth
       with:
         app_id: ${{ secrets.app-id }}
         key: ${{ secrets.app-key }}
-    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.37
       name: Update check
       with:
         action: update

diff --git a/.github/workflows/_load.yml b/.github/workflows/_load.yml
@@ -107,7 +107,7 @@ jobs:
     # Handle any failure in triggering job
     # Remove any `checks` we dont care about
     # Prepare a check request
-    - uses: envoyproxy/toolshed/gh-actions/github/env/load@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/env/load@actions-v0.2.37
       name: Load env
       id: data
       with:
@@ -118,21 +118,21 @@ jobs:
         GH_TOKEN: ${{ github.token }}
 
     #  Update the check
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.37
       name: Appauth
       id: appauth
       with:
         app_id: ${{ secrets.app-id }}
         key: ${{ secrets.app-key }}
-    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.37
       name: Update check
       if: ${{ fromJSON(steps.data.outputs.data).data.check.action == 'RUN' }}
       with:
         action: update
         checks: ${{ toJSON(fromJSON(steps.data.outputs.data).checks) }}
         token: ${{ steps.appauth.outputs.token }}
 
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       name: Print request summary
       with:
         input: |
@@ -152,7 +152,7 @@ jobs:
           | $summary.summary as $summary
           | "${{ inputs.template-request-summary }}"
 
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       id: request-output
       name: Load request
       with:

diff --git a/.github/workflows/_load_env.yml b/.github/workflows/_load_env.yml
@@ -63,18 +63,18 @@ jobs:
       request: ${{ steps.env.outputs.data }}
       trusted: true
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       id: started
       name: Create timestamp
       with:
         options: -r
         filter: |
           now
-    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.37
       id: checkout
       name: Checkout Envoy repository
     - name: Generate environment variables
-      uses: envoyproxy/toolshed/gh-actions/envoy/ci/env@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/envoy/ci/env@actions-v0.2.37
       id: env
       with:
         branch-name: ${{ inputs.branch-name }}
@@ -86,7 +86,7 @@ jobs:
 
     - name: Request summary
       id: summary
-      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.37
       with:
         actor: ${{ toJSON(fromJSON(steps.env.outputs.data).request.actor) }}
         base-sha: ${{ fromJSON(steps.env.outputs.data).request.base-sha }}

diff --git a/.github/workflows/_precheck_deps.yml b/.github/workflows/_precheck_deps.yml
@@ -51,7 +51,7 @@ jobs:
     if: ${{ inputs.dependency-review }}
     steps:
     - name: Checkout Repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
       with:
         ref: ${{ fromJSON(inputs.request).request.sha }}
         persist-credentials: false

diff --git a/.github/workflows/_publish_publish.yml b/.github/workflows/_publish_publish.yml
@@ -71,12 +71,12 @@ jobs:
     needs:
     - publish
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.37
       id: appauth
       with:
         app_id: ${{ secrets.ENVOY_CI_SYNC_APP_ID }}
         key: ${{ secrets.ENVOY_CI_SYNC_APP_KEY }}
-    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/dispatch@actions-v0.2.37
       with:
         ref: main
         repository: ${{ fromJSON(inputs.request).request.version.dev && 'envoyproxy/envoy-website' || 'envoyproxy/archive' }}

diff --git a/.github/workflows/_request.yml b/.github/workflows/_request.yml
@@ -40,14 +40,14 @@ jobs:
       env: ${{ steps.data.outputs.value }}
       config: ${{ steps.config.outputs.config }}
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       id: started
       name: Create timestamp
       with:
         options: -r
         filter: |
           now
-    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.37
       id: checkout
       name: Checkout Envoy repository
       with:
@@ -60,7 +60,7 @@ jobs:
     # *ALL* variables collected should be treated as untrusted and should be sanitized before
     # use
     - name: Generate environment variables from commit
-      uses: envoyproxy/toolshed/gh-actions/envoy/ci/request@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/envoy/ci/request@actions-v0.2.37
       id: env
       with:
         branch-name: ${{ steps.checkout.outputs.branch-name }}
@@ -71,7 +71,7 @@ jobs:
         vars: ${{ toJSON(vars) }}
     - name: Request summary
       id: summary
-      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/github/env/summary@actions-v0.2.37
       with:
         actor: ${{ toJSON(fromJSON(steps.env.outputs.data).request.actor) }}
         base-sha: ${{ fromJSON(steps.env.outputs.data).request.base-sha }}
@@ -87,7 +87,7 @@ jobs:
         target-branch: ${{ fromJSON(steps.env.outputs.data).request.target-branch }}
 
     - name: Environment data
-      uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       id: data
       with:
         input: |

diff --git a/.github/workflows/_run.yml b/.github/workflows/_run.yml
@@ -179,15 +179,15 @@ jobs:
     name: ${{ inputs.target-suffix && format('[{0}] ', inputs.target-suffix) || '' }}${{ inputs.command }} ${{ inputs.target }}
     timeout-minutes: ${{ inputs.timeout-minutes }}
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       id: started
       name: Create timestamp
       with:
         options: -r
         filter: |
           now
     # This controls which input vars are exposed to the run action (and related steps)
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       name: Context
       id: context
       with:
@@ -208,12 +208,12 @@ jobs:
           | . * {$config, $check}
     - if: ${{ inputs.cache-build-image }}
       name: Restore Docker cache ${{ inputs.cache-build-image && format('({0})', inputs.cache-build-image) || '' }}
-      uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.2.37
       with:
         image_tag: ${{ inputs.cache-build-image }}
         key-suffix: ${{ inputs.cache-build-image-key-suffix }}
 
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.37
       id: appauth
       name: Appauth
       if: ${{ inputs.trusted }}
@@ -224,7 +224,7 @@ jobs:
         # - the workaround is to allow the token to be passed through.
         token: ${{ github.token }}
         token-ok: true
-    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.37
       id: checkout
       name: Checkout Envoy repository
       with:
@@ -241,7 +241,7 @@ jobs:
         token: ${{ inputs.trusted && steps.appauth.outputs.token || github.token }}
 
     # This is currently only use by mobile-docs and can be removed once they are updated to the newer website
-    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/checkout@actions-v0.2.37
       id: checkout-extra
       name: Checkout extra repository (for publishing)
       if: ${{ inputs.checkout-extra }}
@@ -250,7 +250,7 @@ jobs:
         ssh-key: ${{ inputs.trusted && inputs.ssh-key-extra || '' }}
 
     - name: Import GPG key
-      uses: envoyproxy/toolshed/gh-actions/gpg/import@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/gpg/import@actions-v0.2.37
       if: ${{ inputs.import-gpg }}
       with:
         key: ${{ secrets.gpg-key }}
@@ -286,7 +286,7 @@ jobs:
         BAZEL_BUILD_EXTRA_OPTIONS="--google_credentials=/build/${GCP_SERVICE_ACCOUNT_KEY_FILE} --config=remote-ci --config=rbe-google"
         echo "BAZEL_BUILD_EXTRA_OPTIONS=${BAZEL_BUILD_EXTRA_OPTIONS}" >> "$GITHUB_ENV"
 
-    - uses: envoyproxy/toolshed/gh-actions/github/run@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/run@actions-v0.2.37
       name: Run CI ${{ inputs.command }} ${{ inputs.target }}
       with:
         args: ${{ inputs.args != '--' && inputs.args || inputs.target }}

diff --git a/.github/workflows/_start.yml b/.github/workflows/_start.yml
@@ -54,7 +54,7 @@ jobs:
   start:
     runs-on: ubuntu-22.04
     steps:
-    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/jq@actions-v0.2.37
       id: check-config
       name: Prepare check data
       with:
@@ -77,13 +77,13 @@ jobs:
           | .skipped.output.summary = "${{ inputs.skipped-summary }}"
           | .skipped.output.text = ""
 
-    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/appauth@actions-v0.2.37
       name: Appauth
       id: appauth
       with:
         app_id: ${{ secrets.app-id }}
         key: ${{ secrets.app-key }}
-    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/checks@actions-v0.2.37
       name: Start checks
       id: checks
       with:
@@ -94,7 +94,7 @@ jobs:
 
           ${{ fromJSON(inputs.env).summary.summary }}
         token: ${{ steps.appauth.outputs.token }}
-    - uses: envoyproxy/toolshed/gh-actions/json/table@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/json/table@actions-v0.2.37
       name: Summary
       with:
         collapse-open: true
@@ -118,7 +118,7 @@ jobs:
         output-path: GITHUB_STEP_SUMMARY
         title: Checks started/skipped
 
-    - uses: envoyproxy/toolshed/gh-actions/github/env/save@actions-v0.2.36
+    - uses: envoyproxy/toolshed/gh-actions/github/env/save@actions-v0.2.37
       name: Save env
       id: data
       with:

diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml
@@ -27,14 +27,14 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
 
     - name: Free disk space
-      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.2.36
+      uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.2.37
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea  # codeql-bundle-v3.26.11
+      uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b  # codeql-bundle-v3.26.13
       # Override language selection by uncommenting this and choosing your languages
       with:
         languages: cpp
@@ -74,4 +74,4 @@ jobs:
         git clean -xdf
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea  # codeql-bundle-v3.26.11
+      uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b  # codeql-bundle-v3.26.13