Skip to content

Commit

Permalink
backport of commit ab0a16c
Browse files Browse the repository at this point in the history
  • Loading branch information
zalimeni committed Sep 13, 2024
1 parent 65397c8 commit 757fbae
Show file tree
Hide file tree
Showing 15 changed files with 50 additions and 170 deletions.
3 changes: 3 additions & 0 deletions .changelog/21715.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:security
ui: Pin a newer resolution of Codemirror
```
3 changes: 3 additions & 0 deletions .changelog/21726.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:security
UI: Remove codemirror linting due to package dependency
```
3 changes: 3 additions & 0 deletions .changelog/21735.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:security
ui: Pin a newer resolution of ansi-html
```
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

name: Nightly test-integrations 1.17.x
name: Nightly test-integrations 1.20.x

on:
schedule:
Expand All @@ -19,19 +19,12 @@ env:
# strip the hashicorp/ off the front of github.repository for consul
CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }}
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
BRANCH: "release/1.17.x"
BRANCH_NAME: "release-1.17.x" # Used for naming artifacts
BRANCH: "release/1.20.x"
BRANCH_NAME: "release-1.20.x" # Used for naming artifacts

jobs:
check-ent:
runs-on: ubuntu-latest
if: ${{ endsWith(github.repository, '-enterprise') }}
steps:
- run: echo "Building Enterprise"

setup:
runs-on: ubuntu-latest
needs: [check-ent]
name: Setup
outputs:
compute-small: ${{ steps.runners.outputs.compute-small }}
Expand All @@ -48,16 +41,14 @@ jobs:
run: .github/scripts/get_runner_classes.sh

get-go-version:
needs: [check-ent]
uses: ./.github/workflows/reusable-get-go-version.yml
with:
ref: release/1.17.x
ref: release/1.20.x

get-envoy-versions:
needs: [check-ent]
uses: ./.github/workflows/reusable-get-envoy-versions.yml
with:
ref: release/1.17.x
ref: release/1.20.x

dev-build:
needs:
Expand All @@ -68,7 +59,7 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-large }}
repository-name: ${{ github.repository }}
uploaded-binary-name: 'consul-bin'
branch-name: "release/1.17.x"
branch-name: "release/1.20.x"
go-version: ${{ needs.get-go-version.outputs.go-version }}
secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
Expand Down Expand Up @@ -223,20 +214,21 @@ jobs:
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml

upgrade-integration-test:
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
needs:
- setup
- get-go-version
- get-envoy-versions
- dev-build
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
strategy:
fail-fast: false
matrix:
consul-version: ["1.15", "1.16", "1.17"]
consul-version: ["1.15", "1.18", "1.19"]
env:
CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
# ENVOY_VERSION should be the latest version supported by _all_ Consul versions in the
Expand Down Expand Up @@ -372,7 +364,7 @@ jobs:
strategy:
fail-fast: false
matrix:
consul-version: [ "1.15", "1.16", "1.17"]
consul-version: ["1.15", "1.18", "1.19"]
env:
CONSUL_LATEST_VERSION: ${{ matrix.consul-version }}
steps:
Expand Down Expand Up @@ -460,7 +452,7 @@ jobs:
- upgrade-integration-test
- upgrade-integration-test-deployer
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
if: ${{ always() && endsWith(github.repository, '-enterprise') }}
if: ${{ always() }}
steps:
- name: evaluate upstream job results
run: |
Expand Down
33 changes: 11 additions & 22 deletions .github/workflows/security-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,38 +9,27 @@ on:
branches:
- main
- release/**
paths-ignore:
- 'docs/**'
- 'grafana/**'
- '.changelog/**'

# cancel existing runs of the same workflow on the same ref
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true

jobs:
conditional-skip:
runs-on: ubuntu-latest
name: Get files changed and conditionally skip CI
outputs:
skip-ci: ${{ steps.read-files.outputs.skip-ci }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Get changed files
id: read-files
run: ./.github/scripts/check_skip_ci.sh

setup:
needs: [conditional-skip]
name: Setup
if: needs.conditional-skip.outputs.skip-ci != 'true'
runs-on: ubuntu-latest
outputs:
compute-small: ${{ steps.setup-outputs.outputs.compute-small }}
compute-medium: ${{ steps.setup-outputs.outputs.compute-medium }}
compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- id: setup-outputs
name: Setup outputs
run: ./.github/scripts/get_runner_classes.sh
Expand All @@ -59,18 +48,18 @@ jobs:
&& (github.actor != 'dependabot[bot]') && (github.actor != 'hc-github-team-consul-core') }}

steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}

- name: Clone Security Scanner repo
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: hashicorp/security-scanner
token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }}
token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }}
path: security-scanner
ref: main

Expand All @@ -87,6 +76,6 @@ jobs:
cat results.sarif | jq
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1
uses: github/codeql-action/upload-sarif@8fd294e26a0e458834582b0fe4988d79966c7c0a # codeql-bundle-v2.18.4
with:
sarif_file: results.sarif
sarif_file: results.sarif
6 changes: 1 addition & 5 deletions .release/security-scan.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,7 @@ container {
suppress {
# N.b. `vulnerabilites` is the correct spelling for this tool.
vulnerabilites = [
"CVE-2023-46218", # [email protected]
"CVE-2023-46219", # [email protected]
"CVE-2023-5678", # [email protected]
"CVE-2024-7264", # [email protected]
"CVE-2024-8096", # [email protected]
"CVE-2024-8096", # [email protected],
]
paths = [
"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
Expand Down
3 changes: 3 additions & 0 deletions .release/versions.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@

schema = 1
active_versions {
version "1.20" {
ce_active = true
},
version "1.19" {
ce_active = true
}
Expand Down
4 changes: 3 additions & 1 deletion ui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,9 @@
"ember-basic-dropdown": "3.0.21",
"glob": "7.2.3",
"braces": "^3.0.0",
"markdown-it": "^12.3.2"
"markdown-it": "^12.3.2",
"codemirror": "5.58.2",
"ansi-html": "0.0.8"
},
"engines": {
"node": "18"
Expand Down
3 changes: 0 additions & 3 deletions ui/packages/consul-ui/app/components/code-editor/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ const DEFAULTS = {
lineNumbers: true,
theme: 'hashi',
showCursorWhenSelecting: true,
gutters: ['CodeMirror-lint-markers'],
lint: true,
};
export default Component.extend({
settings: service('settings'),
Expand Down Expand Up @@ -51,7 +49,6 @@ export default Component.extend({

const editor = this.editor;
editor.setOption('mode', mode.mime);
this.helper.lint(editor, mode.mode);
set(this, 'mode', mode);
}
},
Expand Down
5 changes: 0 additions & 5 deletions ui/packages/consul-ui/app/services/code-mirror/linter.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
*/

import Service, { inject as service } from '@ember/service';
import lint from 'consul-ui/utils/editor/lint';
const MODES = [
{
name: 'JSON',
Expand Down Expand Up @@ -41,10 +40,6 @@ export default class LinterService extends Service {
return MODES;
}

lint() {
return lint(...arguments);
}

getEditor(element) {
return this.dom.element('textarea + div', element).CodeMirror;
}
Expand Down
43 changes: 0 additions & 43 deletions ui/packages/consul-ui/app/utils/editor/lint.js

This file was deleted.

13 changes: 2 additions & 11 deletions ui/packages/consul-ui/ember-cli-build.js
Original file line number Diff line number Diff line change
Expand Up @@ -206,13 +206,7 @@ module.exports = function (defaults, $ = process.env) {
},
codemirror: {
keyMaps: ['sublime'],
addonFiles: [
'lint/lint.css',
'lint/lint.js',
'lint/json-lint.js',
'lint/yaml-lint.js',
'mode/loadmode.js',
],
addonFiles: ['lint/lint.css', 'lint/yaml-lint.js', 'mode/loadmode.js'],
},
sassOptions: {
implementation: require('sass'),
Expand Down Expand Up @@ -270,10 +264,7 @@ module.exports = function (defaults, $ = process.env) {
// CSS.escape polyfill
app.import('node_modules/css.escape/css.escape.js', { outputFile: 'assets/css.escape.js' });

// JSON linting support. Possibly dynamically loaded via CodeMirror linting. See components/code-editor.js
app.import('node_modules/jsonlint/lib/jsonlint.js', {
outputFile: 'assets/codemirror/mode/javascript/javascript.js',
});
// Possibly dynamically loaded via CodeMirror linting. See components/code-editor.js
app.import('node_modules/codemirror/mode/javascript/javascript.js', {
outputFile: 'assets/codemirror/mode/javascript/javascript.js',
});
Expand Down
1 change: 0 additions & 1 deletion ui/packages/consul-ui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,6 @@
"husky": "^4.2.5",
"ivy-codemirror": "^2.1.0",
"js-yaml": "^4.0.0",
"jsonlint": "^1.6.3",
"lint-staged": "^10.2.11",
"loader.js": "^4.7.0",
"mnemonist": "^0.38.0",
Expand Down
Loading

0 comments on commit 757fbae

Please sign in to comment.