github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #5288 from hashicorp/NET-3648_fix (#17163) 

NET-3648: perform envoy version verification
pull/17115/head^2
Anita Akaeze 2 years ago committed by GitHub
parent
5eaeb7b8e5
commit
f03d6a06be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 206 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 178
      .github/scripts/verify_envoy_version.sh
  2. 28
      .github/workflows/verify-envoy-version.yml

178
.github/scripts/verify_envoy_version.sh
Unescape View File

@ -0,0 +1,178 @@
#!/bin/bash
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
set -euo pipefail
current_branch=$GITHUB_REF
GITHUB_DEFAULT_BRANCH='main'
if [ -z "$GITHUB_TOKEN" ]; then
echo "GITHUB_TOKEN must be set"
exit 1
fi
if [ -z "$current_branch" ]; then
echo "GITHUB_REF must be set"
exit 1
fi
# Get Consul and Envoy version
SCRIPT_DIR="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
pushd $SCRIPT_DIR/../.. # repository root
consul_envoy_data_json=$(echo go run ./test/integration/consul-container/test/consul_envoy_version/consul_envoy_version.go)
# go back to where you started when finished
popd
if [ -z "$consul_envoy_data_json" ]; then
echo "Error! Consul and Envoy versions not returned: $consul_envoy_data_json"
exit 1
fi
# sanitize_consul_envoy_version removes characters from result that may contain new lines, spaces, and [...]
# example envoyVersions:[1.25.4 1.24.6 1.23.8 1.22.11] => 1.25.4 1.24.6 1.23.8 1.22.11
sanitize_consul_envoy_version() {
local _consul_version=$(eval "$consul_envoy_data_json" | jq -r '.ConsulVersion')
local _envoy_version=$(eval "$consul_envoy_data_json" | jq -r '.EnvoyVersions' | tr -d '"' | tr -d '\n' | tr -d ' '| tr -d '[]')
echo "${_consul_version}" "${_envoy_version}"
}
# get major version for Consul and Envoy
get_major_version(){
local _verison="$1"
local _abbrVersion="$(cut -d "." -f1-2 <<< $_verison)"
echo "${_abbrVersion}"
}
get_latest_envoy_version() {
OUTPUT_FILE=$(mktemp)
HTTP_CODE=$(curl -L --silent --output "$OUTPUT_FILE" -w "%{http_code}" \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/envoyproxy/envoy/releases/latest)
if [[ ${HTTP_CODE} -lt 200 || ${HTTP_CODE} -gt 299 ]]; then
cat >&2 "$OUTPUT_FILE"
rm "$OUTPUT_FILE"
exit 1
fi
_latest_envoy_version=$(jq -r '.tag_name' "$OUTPUT_FILE")
echo "$_latest_envoy_version"
rm "$OUTPUT_FILE"
}
# major_envoy_versions takes multiple arguments
major_envoy_versions(){
version=("$@")
for i in "${version[@]}";
do
envoy_versions_array+="$(cut -d "." -f1-2 <<< $i)"
done
echo "${envoy_versions_array}"
}
# Get latest Envoy version from envoyproxy repo
released_envoy_version=$(get_latest_envoy_version)
major_released_envoy_version="${released_envoy_version[@]:1:4}"
validate_envoy_version_main(){
echo "verify "main" GitHub branch has latest envoy version"
# Get envoy version for current branch
ENVOY_VERSIONS=$(sanitize_consul_envoy_version | awk '{print $2}' | tr ',' ' ')
envoy_version_main_branch=$(get_major_version ${ENVOY_VERSIONS})
if [[ "$envoy_version_main_branch" != "$major_released_envoy_version" ]]; then
echo
echo "Latest released Envoy version is: "$released_envoy_version""
echo "ERROR! Branch $current_branch; Envoy versions: "$ENVOY_VERSIONS" needs to be updated."
exit 1
else
echo "#### SUCCESS! ##### Compatible Envoy versions found: ${ENVOY_VERSIONS}"
exit 0
fi
}
if [[ "$current_branch" == *"$GITHUB_DEFAULT_BRANCH"* ]]; then
validate_envoy_version_main
fi
# filter consul and envoy version
CONSUL_VERSION=$(sanitize_consul_envoy_version | awk '{print $1}')
ENVOY_VERSIONS=$(sanitize_consul_envoy_version | awk '{print $2}' | tr ',' ' ')
# Get Consul and Envoy version from default branch
echo checking out "${GITHUB_DEFAULT_BRANCH}" branch
git checkout "${GITHUB_DEFAULT_BRANCH}"
# filter consul and envoy version from default branch
CONSUL_VERSION_DEFAULT_BRANCH=$(sanitize_consul_envoy_version | awk '{print $1}')
ENVOY_VERSIONS_DEFAULT_BRANCH=$(sanitize_consul_envoy_version | awk '{print $2}' | tr ',' ' ')
# Ensure required values are not empty
if [ -z "$CONSUL_VERSION" ] || [ -z "$CONSUL_VERSION_DEFAULT_BRANCH" ] || [ -z "$ENVOY_VERSIONS" ] || [ -z "$ENVOY_VERSIONS_DEFAULT_BRANCH" ]; then
echo "Error! Consul version: $CONSUL_VERSION | Consul version default branch: $CONSUL_VERSION_DEFAULT_BRANCH | Envoy version: $ENVOY_VERSIONS | Envoy version default branch: $ENVOY_VERSIONS_DEFAULT_BRANCH cannot be empty"
exit 1
fi
echo checking out branch: "${current_branch}"
git checkout "${current_branch}"
echo
echo "Branch ${current_branch} =>Consul version: ${CONSUL_VERSION}; Envoy Version: ${ENVOY_VERSIONS}"
echo "Branch ${GITHUB_DEFAULT_BRANCH} =>Consul version: ${CONSUL_VERSION_DEFAULT_BRANCH}; Envoy Version: ${ENVOY_VERSIONS_DEFAULT_BRANCH}"
## Get major Consul and Envoy versions on release and default branch
MAJOR_CONSUL_VERSION=$(get_major_version ${CONSUL_VERSION})
MAJOR_CONSUL_VERSION_DEFAULT_BRANCH=$(get_major_version ${CONSUL_VERSION_DEFAULT_BRANCH})
MAJOR_ENVOY_VERSION_DEFAULT_BRANCH=$(get_major_version ${ENVOY_VERSIONS_DEFAULT_BRANCH})
_envoy_versions=($ENVOY_VERSIONS)
_envoy_versions_default=($ENVOY_VERSIONS_DEFAULT_BRANCH)
## Validate supported envoy versions available - should be 4
echo
echo "Validating supported envoy versions available on branches: $current_branch and $GITHUB_DEFAULT_BRANCH"
if [ "${#_envoy_versions_default[@]}" != 4 ] || [ "${#_envoy_versions[@]}" != 4 ]; then
echo "Branch $GITHUB_DEFAULT_BRANCH =>Consul version: ${CONSUL_VERSION_DEFAULT_BRANCH}; Envoy versions: $ENVOY_VERSIONS_DEFAULT_BRANCH"
echo "Branch $current_branch =>Consul version: ${CONSUL_VERSION}; Envoy versions: $_envoy_versions"
echo "ERROR! Envoy should have 4 compatible versions."
exit 1
fi
echo "Checking if branch $GITHUB_DEFAULT_BRANCH has latest Envoy version"
## 1. Check "main" GitHub branch has latest envoy version
if [[ "$MAJOR_ENVOY_VERSION_DEFAULT_BRANCH" != "$major_released_envoy_version" ]]; then
echo
echo "Latest released Envoy version is: "$released_envoy_version""
echo "ERROR! Branch $GITHUB_DEFAULT_BRANCH; Envoy versions: "$ENVOY_VERSIONS_DEFAULT_BRANCH" needs to be updated."
exit 1
else
echo "#### SUCCESS! #####. Compatible Envoy versions found: ${ENVOY_VERSIONS_DEFAULT_BRANCH}"
echo
## 2. Check main branch and release branch support the same Envoy major versions
## Get the major Consul version on the main and release branch. If both branches have
## the same major Consul version, verify both branches have the same major Envoy versions.
## Return error if major envoy versions are not the same.
echo "Checking branch $current_branch and $GITHUB_DEFAULT_BRANCH have the same compatible major Envoy versions."
consul_version_diff=$(echo "$MAJOR_CONSUL_VERSION_DEFAULT_BRANCH $MAJOR_CONSUL_VERSION" | awk '{print $1 - $2}')
check=$(echo "$consul_version_diff == 0" | bc -l)
if (( $check )); then
echo "Branch $current_branch and $GITHUB_DEFAULT_BRANCH have the same major Consul version "$MAJOR_CONSUL_VERSION""
echo "Validating branches have the same Envoy major versions..."
_major_envoy_versions=$(major_envoy_versions $ENVOY_VERSIONS)
_major_envoy_versions_default=$(major_envoy_versions $ENVOY_VERSIONS_DEFAULT_BRANCH)
if [[ "$_major_envoy_versions_default" != "$_major_envoy_versions" ]]; then
echo "Branch $GITHUB_DEFAULT_BRANCH =>Envoy versions: $_major_envoy_versions"
echo "Branch $current_branch =>Envoy versions: $_major_envoy_versions_default"
echo "ERROR! Branches should support the same major versions for envoy."
exit 1
else
echo "#### SUCCESS! #####. Compatible Envoy major versions found: $ENVOY_VERSIONS_DEFAULT_BRANCH"
fi
else
echo "No validation needed. Branches have different Consul versions"
fi
fi

28
.github/workflows/verify-envoy-version.yml
Unescape View File

@ -0,0 +1,28 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
# This action ensures that Envoy is up to date on main and release branches.
# This workflow is only triggered on the main and release branches and will
# only perform a version check when a new release branch is created
# Contact Consul team for any questions
name: Verify Envoy Version
on:
push:
branches:
- main
- release/**
jobs:
verify-envoy-version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0 # by default the checkout action doesn't checkout all branches
- name: Run Envoy Version Verification for main and release branches
run: ./.github/scripts/verify_envoy_version.sh
env:
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
Write Preview
Loading…
Cancel
Save