From 575e443cd85fd5a42bcc637ab58aec34e3c19714 Mon Sep 17 00:00:00 2001 From: Tommy Ludwig <8924140+shakuzen@users.noreply.github.com> Date: Thu, 28 Nov 2024 18:01:35 +0900 Subject: [PATCH] Update infra and dependencies (#232) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update protobuf to 3.25.5 Signed-off-by: Tomáš Mózes * Update zipkin to 3.4.2 Signed-off-by: Tomáš Mózes * Apply infra updates from docker-java repo Bumps the version of the Zipkin Docker Java image and OS used by GH Action runners and applies the same conventions to Dockerfile. Fixes the trivy intermittent issue; See https://github.com/aquasecurity/trivy/discussions/7668 * Upgrade Google and Armeria versions to align protobuf/grpc * Fix subscription name format A feature added in the client now validates the subscription name format when dispatching messages as a side effect, even if that feature isn't enabled. Uses a correctly formatted subscription name in the test. --------- Signed-off-by: Tomáš Mózes Co-authored-by: Tomáš Mózes --- .github/workflows/create_release.yml | 2 +- .github/workflows/deploy.yml | 2 +- .github/workflows/docker_push.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/security.yml | 5 ++++- .github/workflows/test.yml | 2 +- .../collector/pubsub/PubSubCollectorTest.java | 3 ++- docker/Dockerfile | 10 +++++----- pom.xml | 18 +++++++++--------- 9 files changed, 25 insertions(+), 21 deletions(-) diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml index 39878e4..db2c82c 100644 --- a/.github/workflows/create_release.yml +++ b/.github/workflows/create_release.yml @@ -10,7 +10,7 @@ on: # yamllint disable-line rule:truthy jobs: create_release: - runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish + runs-on: ubuntu-24.04 # newest available distribution, aka numbat steps: - name: Checkout Repository uses: actions/checkout@v4 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ed6b77b..37532bb 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,7 +15,7 @@ on: # yamllint disable-line rule:truthy jobs: deploy: - runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish + runs-on: ubuntu-24.04 # newest available distribution, aka numbat steps: - name: Checkout Repository uses: actions/checkout@v4 diff --git a/.github/workflows/docker_push.yml b/.github/workflows/docker_push.yml index 0943939..41e7ee3 100644 --- a/.github/workflows/docker_push.yml +++ b/.github/workflows/docker_push.yml @@ -10,7 +10,7 @@ on: # yamllint disable-line rule:truthy jobs: docker_push: - runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish + runs-on: ubuntu-24.04 # newest available distribution, aka numbat steps: - name: Checkout Repository uses: actions/checkout@v4 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fe58404..1dbdbc4 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -24,7 +24,7 @@ on: # yamllint disable-line rule:truthy jobs: lint: name: lint - runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish + runs-on: ubuntu-24.04 # newest available distribution, aka numbat # skip commits made by the release plugin if: "!contains(github.event.head_commit.message, 'maven-release-plugin')" steps: diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index a7847fc..511e35a 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -23,7 +23,7 @@ on: # yamllint disable-line rule:truthy jobs: security: name: security - runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish + runs-on: ubuntu-24.04 # newest available distribution, aka numbat # skip commits made by the release plugin if: "!contains(github.event.head_commit.message, 'maven-release-plugin')" steps: @@ -38,6 +38,9 @@ jobs: - name: Run Trivy vulnerability and secret scanner uses: aquasecurity/trivy-action@master id: trivy + env: # See https://github.com/aquasecurity/trivy/discussions/7668 + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db with: scan-type: 'fs' scan-ref: '.' # scan the entire repository diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b5155a5..4f5562a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ on: # yamllint disable-line rule:truthy jobs: test: name: test (JDK ${{ matrix.java_version }}) - runs-on: ubuntu-22.04 # newest available distribution, aka jellyfish + runs-on: ubuntu-24.04 # newest available distribution, aka numbat if: "!contains(github.event.head_commit.message, 'maven-release-plugin')" strategy: fail-fast: false # don't fail fast as some failures are LTS specific diff --git a/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java b/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java index c03fa1c..1659b9b 100644 --- a/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java +++ b/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java @@ -14,6 +14,7 @@ import com.google.api.gax.rpc.FixedTransportChannelProvider; import com.google.api.gax.rpc.TransportChannel; import com.google.api.gax.rpc.TransportChannelProvider; +import com.google.pubsub.v1.SubscriptionName; import io.grpc.ManagedChannel; import io.grpc.Server; import io.grpc.inprocess.InProcessChannelBuilder; @@ -76,7 +77,7 @@ class PubSubCollectorTest { FlowControlSettings.newBuilder().setMaxOutstandingElementCount(1000L).build()); collector = new PubSubCollector.Builder() - .subscription("projects/test-project/topics/test-subscription") + .subscription(SubscriptionName.format("test-project", "test-subscription")) .storage(store) .encoding(Encoding.JSON) .executorProvider(executorProvider) diff --git a/docker/Dockerfile b/docker/Dockerfile index b93ba21..1c551d5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -4,25 +4,25 @@ # # zipkin version should match zipkin.version in /pom.xml -ARG zipkin_version=3.4.1 +ARG zipkin_version=3.4.2 # java_version is used during the installation process to build or download the module jar. # # Use latest version here: https://github.com/orgs/openzipkin/packages/container/package/java # This is defined in many places because Docker has no "env" script functionality unless you use # docker-compose: When updating, update everywhere. -ARG java_version=21.0.4_p7 +ARG java_version=21.0.5_p11 # We copy files from the context into a scratch container first to avoid a problem where docker and # docker-compose don't share layer hashes https://github.com/docker/compose/issues/883 normally. # COPY --from= works around the issue. -FROM scratch as scratch +FROM scratch AS scratch COPY . /code/ # This version is only used during the install process. Try to be consistent as it reduces layers, # which reduces downloads. -FROM ghcr.io/openzipkin/java:${java_version} as install +FROM ghcr.io/openzipkin/java:${java_version} AS install WORKDIR /code # Conditions aren't supported in Dockerfile instructions, so we copy source even if it isn't used. @@ -41,7 +41,7 @@ ENV MAVEN_PROJECT_BASEDIR=/code RUN /code/build-bin/maven/maven_build_or_unjar io.zipkin.gcp zipkin-module-gcp ${VERSION} module # zipkin version should match zipkin.version in /code/pom.xml -FROM ghcr.io/openzipkin/zipkin:$zipkin_version as zipkin-gcp +FROM ghcr.io/openzipkin/zipkin:$zipkin_version AS zipkin-gcp LABEL org.opencontainers.image.description="Zipkin with Google Cloud on OpenJDK and Alpine Linux" LABEL org.opencontainers.image.source=https://github.com/openzipkin/zipkin-gcp diff --git a/pom.xml b/pom.xml index 1086961..209cfe7 100644 --- a/pom.xml +++ b/pom.xml @@ -65,12 +65,12 @@ io.zipkin.zipkin2 - 3.4.1 + 3.4.2 3.4.0 3.3.3 com.linecorp.armeria - 1.29.4 + 1.31.1 2.23.1 @@ -80,20 +80,20 @@ 6.0.3 - 1.66.0 + 1.68.1 - 3.25.3 + 3.25.5 32.1.3 - 1.23.0 - 2.43.0 + 1.30.0 + 2.49.0 - 2.48.0 + 2.54.0 - 1.132.1 - 1.114.1 + 1.134.2 + 1.116.2 3.25.3 4.2.2