Merge branch 'main' into p-384-plus

Signed-off-by: anitabyte <anita@anitabyte.xyz>
envoyproxy · Oct 14, 2024 · 957eda3 · 957eda3
2 parents 6aeb56f + 34838db
commit 957eda3
Show file tree

Hide file tree

Showing 64 changed files with 1,918 additions and 603 deletions.
diff --git a/.github/workflows/_precheck_deps.yml b/.github/workflows/_precheck_deps.yml
@@ -51,7 +51,7 @@ jobs:
     if: ${{ inputs.dependency-review }}
     steps:
     - name: Checkout Repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
       with:
         ref: ${{ fromJSON(inputs.request).request.sha }}
         persist-credentials: false

diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml
@@ -27,14 +27,14 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
 
     - name: Free disk space
       uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.2.36
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea  # codeql-bundle-v3.26.11
+      uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b  # codeql-bundle-v3.26.12
       # Override language selection by uncommenting this and choosing your languages
       with:
         languages: cpp
@@ -74,4 +74,4 @@ jobs:
         git clean -xdf
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea  # codeql-bundle-v3.26.11
+      uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b  # codeql-bundle-v3.26.12
diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml
@@ -32,7 +32,7 @@ jobs:
     if: github.repository == 'envoyproxy/envoy'
     steps:
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
       with:
         fetch-depth: 2
 
@@ -65,7 +65,7 @@ jobs:
 
     - name: Initialize CodeQL
       if: ${{ env.BUILD_TARGETS != '' }}
-      uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea  # codeql-bundle-v3.26.11
+      uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b  # codeql-bundle-v3.26.12
       with:
         languages: cpp
 
@@ -109,4 +109,4 @@ jobs:
 
     - name: Perform CodeQL Analysis
       if: ${{ env.BUILD_TARGETS != '' }}
-      uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea  # codeql-bundle-v3.26.11
+      uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b  # codeql-bundle-v3.26.12
diff --git a/.github/workflows/envoy-dependency.yml b/.github/workflows/envoy-dependency.yml
@@ -146,7 +146,7 @@ jobs:
           path: envoy
           fetch-depth: 0
         token: ${{ steps.appauth.outputs.token }}
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
       name: Checkout Envoy build tools repository
       with:
         repository: envoyproxy/envoy-build-tools
@@ -238,7 +238,7 @@ jobs:
       issues: write
     steps:
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
     - name: Run dependency checker
       run: |
         TODAY_DATE=$(date -u -I"date")

diff --git a/.github/workflows/mobile-release.yml b/.github/workflows/mobile-release.yml
@@ -86,7 +86,7 @@ jobs:
         include:
         - output: envoy
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
       with:
         fetch-depth: 0
     - name: Add safe directory

diff --git a/.github/workflows/mobile-traffic_director.yml b/.github/workflows/mobile-traffic_director.yml
@@ -30,7 +30,7 @@ jobs:
     timeout-minutes: 120
     steps:
     - name: Checkout repository
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
     - name: Add safe directory
       run: git config --global --add safe.directory /__w/envoy/envoy
     - name: 'Run GcpTrafficDirectorIntegrationTest'

diff --git a/.github/workflows/pr_notifier.yml b/.github/workflows/pr_notifier.yml
@@ -22,7 +22,7 @@ jobs:
               || !contains(github.actor, '[bot]'))
       }}
     steps:
-    - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
     - name: Notify about PRs
       run: |
         ARGS=()

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -21,7 +21,7 @@ jobs:
 
     steps:
     - name: "Checkout code"
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4.2.1
       with:
         persist-credentials: false
 
@@ -33,13 +33,13 @@ jobs:
         publish_results: true
 
     - name: "Upload artifact"
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874  # v4.4.0
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882  # v4.4.3
       with:
         name: SARIF file
         path: results.sarif
         retention-days: 5
 
     - name: "Upload to code-scanning"
-      uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea  # v3.26.11
+      uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b  # v3.26.12
       with:
         sarif_file: results.sarif
diff --git a/RELEASES.md b/RELEASES.md
@@ -121,7 +121,7 @@ deadline of 3 weeks.
 * Switch the repo back to "dev" mode by running `bazel run @envoy_repo//:dev`. This tool will create a commit with the
   necessary changes to continue development.
 * Create a pull request with that commit.
-* Run the deprecate_versions.py script (`bazel run //tools/deprecate_version:deprecate_version`)
+* Run the deprecate_guards.py script (`bazel run //tools/deprecate_guards:deprecate_guards`)
 * If you haven't done this before, request posting permission from admins for all the groups in the next bullet.
 * Craft a witty/uplifting email and send it to all the email aliases:
 envoy-announce@googlegroups.com

diff --git a/bazel/external/aws-c-auth.BUILD b/bazel/external/aws-c-auth.BUILD
@@ -0,0 +1,19 @@
+licenses(["notice"])  # Apache 2
+
+# Test data for test/extensions/common/aws/sigv4_signer_corpus_test
+filegroup(
+    name = "sigv4_tests",
+    srcs = glob(
+        ["tests/aws-signing-test-suite/v4/**"],
+    ),
+    visibility = ["//visibility:public"],
+)
+
+# Test data for test/extensions/common/aws/sigv4a_signer_corpus_test
+filegroup(
+    name = "sigv4a_tests",
+    srcs = glob(
+        ["tests/aws-signing-test-suite/v4a/**"],
+    ),
+    visibility = ["//visibility:public"],
+)
diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl
@@ -141,6 +141,7 @@ def envoy_dependencies(skip_targets = []):
     # The long repo names (`com_github_fmtlib_fmt` instead of `fmtlib`) are
     # semi-standard in the Bazel community, intended to avoid both duplicate
     # dependencies and name conflicts.
+    _com_github_awslabs_aws_c_auth()
     _com_github_axboe_liburing()
     _com_github_bazel_buildtools()
     _com_github_c_ares_c_ares()
@@ -274,6 +275,12 @@ def _com_github_openhistogram_libcircllhist():
         build_file = "@envoy//bazel/external:libcircllhist.BUILD",
     )
 
+def _com_github_awslabs_aws_c_auth():
+    external_http_archive(
+        name = "com_github_awslabs_aws_c_auth",
+        build_file = "@envoy//bazel/external:aws-c-auth.BUILD",
+    )
+
 def _com_github_axboe_liburing():
     external_http_archive(
         name = "com_github_axboe_liburing",

diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
@@ -205,6 +205,23 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         license = "MIT",
         license_url = "https://github.com/aignas/rules_shellcheck/blob/v{version}/LICENSE",
     ),
+    com_github_awslabs_aws_c_auth = dict(
+        project_name = "aws-c-auth",
+        project_desc = "C99 library implementation of AWS client-side authentication: standard credentials providers and signing",
+        project_url = "https://github.com/awslabs/aws-c-auth",
+        version = "0.7.31",
+        sha256 = "7f97aacef6bd1649734383c2bf022250671f353b7fa60d195e6865d7f4594b43",
+        strip_prefix = "aws-c-auth-{version}",
+        urls = ["https://github.com/awslabs/aws-c-auth/archive/refs/tags/v{version}.tar.gz"],
+        use_category = ["test_only"],
+        extensions = [
+            "envoy.filters.http.aws_request_signing",
+        ],
+        release_date = "2024-09-16",
+        cpe = "N/A",
+        license = "Apache-2.0",
+        license_url = "https://github.com/awslabs/aws-c-auth/blob/v{version}/LICENSE",
+    ),
     com_github_axboe_liburing = dict(
         project_name = "liburing",
         project_desc = "C helpers to set up and tear down io_uring instances",