auto-merge envoyproxy/envoy[main] into envoyproxy/envoy-openssl[main]

* upstream/main:
  ads-replacement: adding gRPC-mux support for ADS config replacement (#36155)
  quic: report stream reset direction in reset callback failure string (#36368)
  add log line to indicate the admin server address (#36371)
  github/ci: Fix verify artefacts (#36406)
  github/ci: Fix macOS artefact name (#36402)
  ci: Workaround coverage diskspace issue (#36396)
  build(deps): bump envoyproxy/toolshed from actions-v0.2.35 to 0.2.36 (#36400)
  naming: renamed the Streamer to BufferStreamer for unification (#36397)
  Quiche roll 20240930141637 (#36385)
  Ext proc http functionality support (#35740)
  mobile: Mark the BidirectionalStreamTest as flaky (#36391)
  mobile: Fix the thread priority expectation in InternalEngineTest (#36390)
  srds: minor perf: move scoped_route_config to ScopedRouteInfo (#36270)

.github/workflows/_cache.yml

@@ -48,29 +48,29 @@ jobs:
  docker:
  runs-on: ${{ inputs.runs-on || 'ubuntu-24.04' }}
  steps:
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: appauth
  name: Appauth (mutex lock)
  with:
  app_id: ${{ secrets.app-id }}
  key: ${{ secrets.app-key }}
- - uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].36
  id: docker
  name: Prime Docker cache (${{ inputs.image-tag }}${{ inputs.cache-suffix }})
  with:
  image-tag: ${{ inputs.image-tag }}
  key-suffix: ${{ inputs.cache-suffix }}
  lock-token: ${{ steps.appauth.outputs.token }}
  lock-repository: ${{ inputs.lock-repository }}
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: data
  name: Cache data
  with:
  input-format: yaml
  input: |
  cached: ${{ steps.docker.outputs.cached }}
  key: ${{ inputs.image-tag }}${{ inputs.cache-suffix }}
- - uses: envoyproxy/toolshed/gh-actions/json/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/json/[email protected].36
  name: Summary
  with:
  json: ${{ steps.data.outputs.value }}

.github/workflows/_check_coverage.yml

@@ -34,6 +34,7 @@ jobs:
  # bazel-extra: '--config=remote-envoy-engflow'
  cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
  concurrency-suffix: -${{ matrix.target }}
+ diskspace-hack: ${{ matrix.diskspace-hack || false }}
  error-match: |
  ERROR
  error:
@@ -50,5 +51,6 @@ jobs:
  include:
  - target: coverage
  name: Coverage
+ diskspace-hack: true
  - target: fuzz_coverage
  name: Fuzz coverage

.github/workflows/_finish.yml

@@ -36,7 +36,7 @@ jobs:
  actions: read
  contents: read
  steps:
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  name: Incoming data
  id: needs
  with:
@@ -87,21 +87,21 @@ jobs:
  summary: "Check has finished",
  text: $text}}}}
 
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  name: Print summary
  with:
  input: ${{ toJSON(steps.needs.outputs.value).summary-title }}
  filter: |
  "## \(.)"
  options: -Rr
  output-path: GITHUB_STEP_SUMMARY
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  name: Appauth
  id: appauth
  with:
  app_id: ${{ secrets.app-id }}
  key: ${{ secrets.app-key }}
- - uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/[email protected].36
  name: Update check
  with:
  action: update

.github/workflows/_load.yml

@@ -107,7 +107,7 @@ jobs:
  # Handle any failure in triggering job
  # Remove any `checks` we dont care about
  # Prepare a check request
- - uses: envoyproxy/toolshed/gh-actions/github/env/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/env/[email protected].36
  name: Load env
  id: data
  with:
@@ -118,21 +118,21 @@ jobs:
  GH_TOKEN: ${{ github.token }}
 
  # Update the check
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  name: Appauth
  id: appauth
  with:
  app_id: ${{ secrets.app-id }}
  key: ${{ secrets.app-key }}
- - uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/[email protected].36
  name: Update check
  if: ${{ fromJSON(steps.data.outputs.data).data.check.action == 'RUN' }}
  with:
  action: update
  checks: ${{ toJSON(fromJSON(steps.data.outputs.data).checks) }}
  token: ${{ steps.appauth.outputs.token }}
 
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  name: Print request summary
  with:
  input: |
@@ -152,7 +152,7 @@ jobs:
  | $summary.summary as $summary
  | "${{ inputs.template-request-summary }}"
 
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: request-output
  name: Load request
  with:

.github/workflows/_load_env.yml

@@ -63,18 +63,18 @@ jobs:
  request: ${{ steps.env.outputs.data }}
  trusted: true
  steps:
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: started
  name: Create timestamp
  with:
  options: -r
  filter: |
  now
- - uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/[email protected].36
  id: checkout
  name: Checkout Envoy repository
  - name: Generate environment variables
- uses: envoyproxy/toolshed/gh-actions/envoy/ci/[email protected].35
+ uses: envoyproxy/toolshed/gh-actions/envoy/ci/[email protected].36
  id: env
  with:
  branch-name: ${{ inputs.branch-name }}
@@ -86,7 +86,7 @@ jobs:
 
  - name: Request summary
  id: summary
- uses: envoyproxy/toolshed/gh-actions/github/env/[email protected].35
+ uses: envoyproxy/toolshed/gh-actions/github/env/[email protected].36
  with:
  actor: ${{ toJSON(fromJSON(steps.env.outputs.data).request.actor) }}
  base-sha: ${{ fromJSON(steps.env.outputs.data).request.base-sha }}

.github/workflows/_precheck_publish.yml

@@ -39,17 +39,20 @@ jobs:
  error:
  Error:
  target: ${{ matrix.target }}
+ target-suffix: ${{ matrix.target-suffix }}
  trusted: ${{ inputs.trusted }}
  strategy:
  fail-fast: false
  matrix:
  include:
  - target: release.test_only
  name: Release (x64)
+ target-suffix: x64
  arch: x64
  rbe: true
  - target: release.test_only
  name: Release (arm64)
+ target-suffix: arm64
  arch: arm64
  bazel-extra: >-
  --config=common-envoy-engflow

.github/workflows/_publish_build.yml

@@ -41,6 +41,7 @@ jobs:
  with:
  bazel-extra: ${{ matrix.bazel-extra }}
  target: ${{ matrix.target }}
+ target-suffix: ${{ matrix.arch }}
  cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
  cache-build-image-key-suffix: ${{ matrix.arch == 'arm64' && format('-{0}', matrix.arch) || '' }}
  concurrency-suffix: -${{ matrix.arch }}
@@ -91,6 +92,7 @@ jobs:
  downloads: |
  release.${{ matrix.arch }}: release/${{ matrix.arch }}/bin/
  target: ${{ matrix.target }}
+ target-suffix: ${{ matrix.arch }}
  cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
  cache-build-image-key-suffix: ${{ matrix.cache-build-image-key-suffix }}
  concurrency-suffix: -${{ matrix.arch }}

.github/workflows/_publish_publish.yml

@@ -71,12 +71,12 @@ jobs:
  needs:
  - publish
  steps:
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: appauth
  with:
  app_id: ${{ secrets.ENVOY_CI_SYNC_APP_ID }}
  key: ${{ secrets.ENVOY_CI_SYNC_APP_KEY }}
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  with:
  ref: main
  repository: ${{ fromJSON(inputs.request).request.version.dev && 'envoyproxy/envoy-website' || 'envoyproxy/archive' }}

.github/workflows/_publish_verify.yml

@@ -99,10 +99,11 @@ jobs:
  export NO_BUILD_SETUP=1
  export ENVOY_DOCKER_IN_DOCKER=1
  target: ${{ matrix.target }}
+ target-suffix: ${{ matrix.arch }}
  trusted: ${{ inputs.trusted }}
  steps-pre: |
  - run: |
- echo ARCH=${{ matrix.arch || 'x64' }} >> $GITHUB_ENV
+ echo ARCH=${{ matrix.arch }} >> $GITHUB_ENV
  echo DEB_ARCH=${{ matrix.arch == 'arm64' && 'arm64' || 'amd64' }} >> $GITHUB_ENV
  shell: bash
  - run: |
@@ -124,6 +125,7 @@ jobs:
 
  - name: verify_distro_x64
  target: verify_distro
+ arch: x64
  rbe: true
 
  - name: verify_distro_arm64

.github/workflows/_request.yml

@@ -40,14 +40,14 @@ jobs:
  env: ${{ steps.data.outputs.value }}
  config: ${{ steps.config.outputs.config }}
  steps:
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: started
  name: Create timestamp
  with:
  options: -r
  filter: |
  now
- - uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/[email protected].36
  id: checkout
  name: Checkout Envoy repository
  with:
@@ -60,7 +60,7 @@ jobs:
  # *ALL* variables collected should be treated as untrusted and should be sanitized before
  # use
  - name: Generate environment variables from commit
- uses: envoyproxy/toolshed/gh-actions/envoy/ci/[email protected].35
+ uses: envoyproxy/toolshed/gh-actions/envoy/ci/[email protected].36
  id: env
  with:
  branch-name: ${{ steps.checkout.outputs.branch-name }}
@@ -71,7 +71,7 @@ jobs:
  vars: ${{ toJSON(vars) }}
  - name: Request summary
  id: summary
- uses: envoyproxy/toolshed/gh-actions/github/env/[email protected].35
+ uses: envoyproxy/toolshed/gh-actions/github/env/[email protected].36
  with:
  actor: ${{ toJSON(fromJSON(steps.env.outputs.data).request.actor) }}
  base-sha: ${{ fromJSON(steps.env.outputs.data).request.base-sha }}
@@ -87,7 +87,7 @@ jobs:
  target-branch: ${{ fromJSON(steps.env.outputs.data).request.target-branch }}
 
  - name: Environment data
- uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: data
  with:
  input: |

.github/workflows/_run.yml

@@ -90,15 +90,16 @@ on:
  type: string
  default: |
  - run: |
- echo "disk space at beginning of build:"
- df -h
+ # disk space at beginning of build
+ df -h > "${TMP_REPORT}/df-pre"
  shell: bash
  report-post:
  type: string
  default: |
  - run: |
- echo "disk space at end of build:"
- df -h
+ # disk space at end of build
+ df -h > "${TMP_REPORT}/df-post"
+ (du -ch "%{{ inputs.temp-dir || runner.temp }}" | grep -E "[0-9]{2,}M|[0-9]G" || :) > "${TMP_REPORT}/du-post"
  shell: bash
  request:
  type: string
@@ -123,15 +124,15 @@ on:
  type: string
  steps-post:
  type: string
- default: |
- - run: |
- du -ch "%{{ inputs.temp-dir || runner.temp }}" | grep -E "[0-9]{2,}M|[0-9]G" || :
- shell: bash
  steps-post-name:
  type: string
  target:
  type: string
  required: true
+ target-name:
+ type: string
+ target-suffix:
+ type: string
  temp-dir:
  type: string
  timeout-minutes:
@@ -173,18 +174,18 @@ jobs:
  packages: read
  if: ${{ ! inputs.skip }}
  runs-on: ${{ inputs.runs-on || fromJSON(inputs.request).config.ci.agent-ubuntu }}
- name: ${{ inputs.command }} ${{ inputs.target }}
+ name: ${{ inputs.target-suffix && format('[{0}] ', inputs.target-suffix) || '' }}${{ inputs.command }} ${{ inputs.target }}
  timeout-minutes: ${{ inputs.timeout-minutes }}
  steps:
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: started
  name: Create timestamp
  with:
  options: -r
  filter: |
  now
  # This controls which input vars are exposed to the run action (and related steps)
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  name: Context
  id: context
  with:
@@ -205,12 +206,12 @@ jobs:
  | . * {$config, $check}
  - if: ${{ inputs.cache-build-image }}
  name: Restore Docker cache ${{ inputs.cache-build-image && format('({0})', inputs.cache-build-image) || '' }}
- uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].35
+ uses: envoyproxy/toolshed/gh-actions/docker/cache/[email protected].36
  with:
  image_tag: ${{ inputs.cache-build-image }}
  key-suffix: ${{ inputs.cache-build-image-key-suffix }}
 
- - uses: envoyproxy/toolshed/gh-actions/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/[email protected].36
  id: appauth
  name: Appauth
  if: ${{ inputs.trusted }}
@@ -221,7 +222,7 @@ jobs:
  # - the workaround is to allow the token to be passed through.
  token: ${{ github.token }}
  token-ok: true
- - uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/[email protected].36
  id: checkout
  name: Checkout Envoy repository
  with:
@@ -238,7 +239,7 @@ jobs:
  token: ${{ inputs.trusted && steps.appauth.outputs.token || github.token }}
 
  # This is currently only use by mobile-docs and can be removed once they are updated to the newer website
- - uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/[email protected].36
  id: checkout-extra
  name: Checkout extra repository (for publishing)
  if: ${{ inputs.checkout-extra }}
@@ -247,7 +248,7 @@ jobs:
  ssh-key: ${{ inputs.trusted && inputs.ssh-key-extra || '' }}
 
  - name: Import GPG key
- uses: envoyproxy/toolshed/gh-actions/gpg/[email protected].35
+ uses: envoyproxy/toolshed/gh-actions/gpg/[email protected].36
  if: ${{ inputs.import-gpg }}
  with:
  key: ${{ secrets.gpg-key }}
@@ -280,7 +281,7 @@ jobs:
  echo "BAZEL_BUILD_EXTRA_OPTIONS=${BAZEL_BUILD_EXTRA_OPTIONS}" >> "$GITHUB_ENV"
  echo "GCP_SERVICE_ACCOUNT_KEY_PATH=${GCP_SERVICE_ACCOUNT_KEY_PATH}" >> "$GITHUB_ENV"
 
- - uses: envoyproxy/toolshed/gh-actions/github/[email protected].35
+ - uses: envoyproxy/toolshed/gh-actions/github/[email protected].36
  name: Run CI ${{ inputs.command }} ${{ inputs.target }}
  with:
  args: ${{ inputs.args != '--' && inputs.args || inputs.target }}
@@ -297,6 +298,11 @@ jobs:
  fail-match: ${{ inputs.fail-match }}
  notice-match: ${{ inputs.notice-match }}
  output-path: ${{ inputs.output-path }}
+ report-name: >-
+ ci-report-${{
+ inputs.target-suffix
+ && format('{0}-', inputs.target-suffix)
+ || '' }}${{ inputs.target-name || inputs.target }}.json
  report-pre: ${{ inputs.report-pre }}
  report-post: ${{ inputs.report-post }}
  source: ${{ inputs.source }}