diff --git a/.bazelrc b/.bazelrc index 75b520150c..69197f667b 100644 --- a/.bazelrc +++ b/.bazelrc @@ -247,6 +247,11 @@ build:test-coverage --test_tag_filters=-nocoverage,-fuzz_target build:fuzz-coverage --config=plain-fuzzer build:fuzz-coverage --run_under=@envoy//bazel/coverage:fuzz_coverage_wrapper.sh build:fuzz-coverage --test_tag_filters=-nocoverage +build:fuzz-coverage --define=dynamic_link_tests=true +# Existing fuzz tests don't need a full WASM runtime and in generally we don't really want to +# fuzz dependencies anyways. On the other hand, disabling WASM reduces the build time and +# resources required to build and run the tests. +build:fuzz-coverage --define=wasm=disabled build:cache-local --remote_cache=grpc://localhost:9092 diff --git a/VERSION.txt b/VERSION.txt index 5d245052c6..355a3c438e 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.32.6 +1.32.7-dev diff --git a/changelogs/1.32.6.yaml b/changelogs/1.32.6.yaml new file mode 100644 index 0000000000..1dcf25dd48 --- /dev/null +++ b/changelogs/1.32.6.yaml @@ -0,0 +1,8 @@ +date: May 7, 2025 + +bug_fixes: +- area: url_template + change: | + Included the asterisk ``*`` in the match pattern when using the * or ** operators in the URL template. + This behavioral change can be temporarily reverted by setting runtime guard + ``envoy.reloadable_features.uri_template_match_on_asterisk`` to ``false``. diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 1dcf25dd48..9ecf0d6e48 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -1,8 +1,17 @@ -date: May 7, 2025 +date: Pending + +behavior_changes: +# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* + +minor_behavior_changes: +# *Changes that may cause incompatibilities for some users, but should not for most* bug_fixes: -- area: url_template - change: | - Included the asterisk ``*`` in the match pattern when using the * or ** operators in the URL template. - This behavioral change can be temporarily reverted by setting runtime guard - ``envoy.reloadable_features.uri_template_match_on_asterisk`` to ``false``. +# *Changes expected to improve the state of the world and are unlikely to have negative effects* + +removed_config_or_runtime: +# *Normally occurs at the end of the* :ref:`deprecation period ` + +new_features: + +deprecated: diff --git a/ci/Dockerfile-envoy b/ci/Dockerfile-envoy index 62c246e9f8..5dee5b42a9 100644 --- a/ci/Dockerfile-envoy +++ b/ci/Dockerfile-envoy @@ -1,6 +1,6 @@ ARG BUILD_OS=ubuntu ARG BUILD_TAG=22.04 -ARG BUILD_SHA=67cadaff1dca187079fce41360d5a7eb6f7dcd3745e53c79ad5efd8563118240 +ARG BUILD_SHA=01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee ARG ENVOY_VRP_BASE_IMAGE=envoy-base diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 5c6d57d48d..6526debc6f 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -379,6 +379,27 @@ case $CI_TARGET in # fi ;; + cache-create) + if [[ -z "${ENVOY_CACHE_TARGETS}" ]]; then + echo "ENVOY_CACHE_TARGETS not set" >&2 + exit 1 + fi + if [[ -z "${ENVOY_CACHE_ROOT}" ]]; then + echo "ENVOY_CACHE_ROOT not set" >&2 + exit 1 + fi + BAZEL_BUILD_OPTIONS=() + setup_clang_toolchain + echo "Fetching cache: ${ENVOY_CACHE_TARGETS}" + bazel --output_user_root="${ENVOY_CACHE_ROOT}" \ + --output_base="${ENVOY_CACHE_ROOT}/base" \ + aquery "deps(${ENVOY_CACHE_TARGETS})" \ + --repository_cache="${ENVOY_REPOSITORY_CACHE}" \ + "${BAZEL_BUILD_OPTIONS[@]}" \ + "${BAZEL_BUILD_EXTRA_OPTIONS[@]}" \ + > /dev/null + ;; + format-api|check_and_fix_proto_format) setup_clang_toolchain echo "Check and fix proto format ..." diff --git a/source/common/tls/context_impl.cc b/source/common/tls/context_impl.cc index bbaf2b1473..67469c14db 100644 --- a/source/common/tls/context_impl.cc +++ b/source/common/tls/context_impl.cc @@ -571,10 +571,6 @@ void ContextImpl::logHandshake(SSL* ssl) const { stats_.no_certificate_.inc(); } -#if defined(BORINGSSL_FIPS) && BORINGSSL_API_VERSION >= 18 -#error "Delete preprocessor check below; no longer needed" -#endif - #if BORINGSSL_API_VERSION >= 18 // Increment the `was_key_usage_invalid_` stats to indicate the given cert would have triggered an // error but is allowed because the enforcement that rsa key usage and tls usage need to be diff --git a/test/config_test/BUILD b/test/config_test/BUILD index d45c0205b9..0930ca411e 100644 --- a/test/config_test/BUILD +++ b/test/config_test/BUILD @@ -41,6 +41,7 @@ envoy_cc_test( "GODEBUG": "cgocheck=0", }, rbe_pool = "6gig", + tags = ["nocoverage"], deps = [ ":example_configs_test_lib", ], diff --git a/test/exe/BUILD b/test/exe/BUILD index d782c831f8..19e4569608 100644 --- a/test/exe/BUILD +++ b/test/exe/BUILD @@ -125,6 +125,8 @@ envoy_cc_test( size = "large", srcs = ["extra_extensions_test.cc"], rbe_pool = "6gig", + # output is too large for workers + tags = ["nocoverage"], deps = [ "//test/test_common:environment_lib", ] + select({ @@ -154,6 +156,7 @@ envoy_cc_test( "//source/extensions:extensions_metadata.yaml", ], rbe_pool = "6gig", + tags = ["nocoverage"], deps = [ "//test/test_common:environment_lib", ] + select({ diff --git a/test/integration/BUILD b/test/integration/BUILD index 07e4be2479..bd381acc91 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -419,7 +419,10 @@ envoy_sh_test( "//test/config/integration:server_config_files", ], rbe_pool = "6gig", - tags = ["skip_on_windows"], + tags = [ + "nocoverage", + "skip_on_windows", + ], ) envoy_cc_test( diff --git a/test/per_file_coverage.sh b/test/per_file_coverage.sh index cd6af3b24e..716660cc7a 100755 --- a/test/per_file_coverage.sh +++ b/test/per_file_coverage.sh @@ -15,7 +15,7 @@ declare -a KNOWN_LOW_COVERAGE=( "source/common/memory:74.5" # tcmalloc code path is not enabled in coverage build, only gperf tcmalloc, see PR#32589 "source/common/network:94.4" # Flaky, `activateFileEvents`, `startSecureTransport` and `ioctl`, listener_socket do not always report LCOV "source/common/network/dns_resolver:91.4" # A few lines of MacOS code not tested in linux scripts. Tested in MacOS scripts -"source/common/quic:93.6" +"source/common/quic:93.1" "source/common/secret:95.4" "source/common/signal:87.2" # Death tests don't report LCOV "source/common/thread:0.0" # Death tests don't report LCOV @@ -23,24 +23,30 @@ declare -a KNOWN_LOW_COVERAGE=( "source/common/tls/cert_validator:94.4" "source/common/tls/private_key:88.9" "source/common/watchdog:58.6" # Death tests don't report LCOV -"source/exe:94.2" # increased by #32346, need coverage for terminate_handler and hot restart failures +"source/exe:87.3" # increased by #32346, need coverage for terminate_handler and hot restart failures +"source/extensions/common/aws:96.4" "source/extensions/common/proxy_protocol:93.8" # Adjusted for security patch "source/extensions/common/tap:94.6" "source/extensions/common/wasm:95.0" # flaky: be careful adjusting "source/extensions/common/wasm/ext:92.0" +"source/extensions/filters/http/alternate_protocols_cache:95.3" "source/extensions/filters/common/fault:94.5" "source/extensions/filters/common/rbac:90.8" "source/extensions/filters/http/cache:95.4" +"source/extensions/filters/http/csrf:96.5" "source/extensions/filters/http/grpc_json_transcoder:94.2" # TODO(#28232) "source/extensions/filters/http/ip_tagging:88.2" "source/extensions/filters/http/kill_request:91.7" # Death tests don't report LCOV "source/extensions/filters/listener/original_src:92.1" "source/extensions/filters/network/mongo_proxy:96.1" "source/extensions/filters/network/sni_cluster:88.9" +"source/extensions/matching/actions:87.0" +"source/extensions/matching/actions/format_string:87.0" "source/extensions/rate_limit_descriptors:95.0" "source/extensions/rate_limit_descriptors/expr:95.0" "source/extensions/stat_sinks/graphite_statsd:82.8" # Death tests don't report LCOV "source/extensions/stat_sinks/statsd:85.2" # Death tests don't report LCOV +"source/extensions/stat_sinks/wasm:88.0" "source/extensions/tracers/opencensus:94.0" "source/extensions/tracers/zipkin:95.8" "source/extensions/transport_sockets:97.4" diff --git a/test/run_envoy_bazel_coverage.sh b/test/run_envoy_bazel_coverage.sh index 819739e532..3d23229cfc 100755 --- a/test/run_envoy_bazel_coverage.sh +++ b/test/run_envoy_bazel_coverage.sh @@ -113,13 +113,13 @@ else cp bazel-out/_coverage/_coverage_report.dat "${COVERAGE_DATA}" fi -COVERAGE_VALUE="$(genhtml --prefix "${PWD}" --output "${COVERAGE_DIR}" "${COVERAGE_DATA}" | tee /dev/stderr | grep lines... | cut -d ' ' -f 4)" +COVERAGE_VALUE="$(genhtml --prefix "${PWD}" --output "${COVERAGE_DIR}/html" "${COVERAGE_DATA}" | tee /dev/stderr | grep lines... | cut -d ' ' -f 4)" COVERAGE_VALUE=${COVERAGE_VALUE%?} echo "Compressing coveraged data" if [[ "${FUZZ_COVERAGE}" == "true" ]]; then if [[ -n "${ENVOY_FUZZ_COVERAGE_ARTIFACT}" ]]; then - tar cf - -C "${COVERAGE_DIR}" --transform 's/^\./fuzz_coverage/' . \ + tar cf - -C "${COVERAGE_DIR}/html" --transform 's/^\./fuzz_coverage/' . \ | bazel run "${BAZEL_BUILD_OPTIONS[@]}" //tools/zstd -- \ - -T0 -o "${ENVOY_FUZZ_COVERAGE_ARTIFACT}" fi @@ -128,7 +128,7 @@ elif [[ -n "${ENVOY_COVERAGE_ARTIFACT}" ]]; then rm "${ENVOY_COVERAGE_ARTIFACT}" fi - tar cf - -C "${COVERAGE_DIR}" --transform 's/^\./coverage/' . \ + tar cf - -C "${COVERAGE_DIR}/html" --transform 's/^\./coverage/' . \ | bazel run "${BAZEL_BUILD_OPTIONS[@]}" //tools/zstd -- \ - -T0 -o "${ENVOY_COVERAGE_ARTIFACT}" fi @@ -168,4 +168,4 @@ if [[ -e ./test/per_file_coverage.sh ]]; then else echo "No per-file-coverage file found" fi -echo "HTML coverage report is in ${COVERAGE_DIR}/index.html" +echo "HTML coverage report is in ${COVERAGE_DIR}/html/index.html" diff --git a/test/server/BUILD b/test/server/BUILD index fac1ee7196..7eee64fc20 100644 --- a/test/server/BUILD +++ b/test/server/BUILD @@ -320,7 +320,6 @@ envoy_cc_fuzz_test( size = "large", srcs = ["server_fuzz_test.cc"], corpus = "server_corpus", - rbe_pool = "6gig", deps = [ "//source/common/thread_local:thread_local_lib", "//source/server:server_lib", diff --git a/test/server/config_validation/BUILD b/test/server/config_validation/BUILD index 7560e35268..3c9c1a5d04 100644 --- a/test/server/config_validation/BUILD +++ b/test/server/config_validation/BUILD @@ -93,7 +93,6 @@ envoy_cc_fuzz_test( size = "large", srcs = ["config_fuzz_test.cc"], corpus = "//test/server:server_fuzz_test_corpus", - rbe_pool = "6gig", deps = [ "//source/common/common:thread_lib", "//source/server/config_validation:server_lib",