-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backport tests: test mitigation for the segfault of if-match 412 #13283
Conversation
mockbin.com redirects to insomnia official site and triggers a security policy, which makes tests fail.
Build 2.8 on Bazel KAG-2835
Several of these tests contained the following assertion after generating a certificate with the `kong hybrid gen_cert` command: ```lua assert(crt:get_not_before() >= ngx.time()) ``` This produces failures every now and again when the clock has advanced _just_ enough for ngx.time() to return `crt:get_not_before() + 1`. To fix this, we record the time _before_ generating the cert and validate against the stored timestamp. (cherry picked from commit b7a8361)
Please check the contained README.md. (cherry picked from commit f135c70) Co-authored-by: Zachary Hu <[email protected]>
… the changelog directory
* chore(test): remove prefix directory when stop_kong called (#12691) If the prefix is not cleaned up when stop_kong is called, it could impact subsequent tests, especially when later tests start Kong by a shell command, the Kong instance might be started up with the default `servroot` prefix. KAG-3808 (cherry picked from commit 3dd5bdb) * remove prefix directory for 2.8
…mit (#12693) (#12711) Replace `${{ secrets.GHA_COMMENT_TOKEN }}` with `${{ secrets.GITHUB_TOKEN }}`. The `${{ secrets.GHA_COMMENT_TOKEN }}` needs to be manually rotated, replacing it by `${{ secrets.GITHUB_TOKEN }}`, which is generated by each run of the workflow, so we don't need to rotate token anymore.
FTI-5842 (cherry picked from commit ed0b96d) Co-authored-by: Zachary Hu <[email protected]>
cherry-pick from Kong/kong-ee#9042 KAG-4775 (cherry picked from commit 8e86dba) Co-authored-by: Niklaus Schen <[email protected]>
* Create a clean version for 2.8 CE. * Add back changelog. --------- Co-authored-by: Zhongwei Yao <[email protected]>
With this patch, CI will notify a Kong Inc internal slack channel on every PR that performs a schema change.
It seems that if the do not merge label job is skipped then the second job doesn't run either: https://github.com/Kong/kong/actions/runs/4307151445/jobs/7511859202 This change splits the job into two and narrows down the events on which these jobs are triggered since the only meaninful input are the labels on the PR.
This is a bad practice which could cause merge conflicts and is against our backport policy.
It seems that Github Actions is not running these jobs even once even though the PRs are labelled at least once. This patch runs these jobs on other related PR activity.
…lid http `IF-Match` header (#5757)
4253fb8
to
e00abd4
Compare
@@ -140,7 +140,7 @@ http { | |||
listen $(entry.listener); | |||
> end | |||
|
|||
error_page 400 404 408 411 412 413 414 417 494 /kong_error_handler; | |||
error_page 400 404 408 411 413 414 417 494 /kong_error_handler; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the unmitigated version: if we do not remove 412 from test template, it will cause segfault(signal 11): https://github.com/Kong/kong/actions/runs/9625903064/job/26551305748
If it should not be merged, I tend to change it to draft. |
I'm closing it, it was originally used to test if this fix work for 2.8.5's mitigation method. |
You don't need to merge this pr, because the original segfault fix(removing 412 from template) has been verified mannually (see KAG-2394).
Summary
Checklist
changelog/unreleased/kong
orskip-changelog
label added on PR if changelog is unnecessary. README.mdIssue reference
Fix #[issue number]