From a7458b39e7725b766490853208d7bf8922040d8a Mon Sep 17 00:00:00 2001 From: saisatish karra Date: Fri, 7 Jul 2023 15:37:04 -0500 Subject: [PATCH 1/9] feat(ci/KAG-1800): add lint and sast workflows using shared actions --- .github/workflows/lint.yml | 43 ++++++++++++++++++++++++++++++++++++++ .github/workflows/sast.yml | 31 +++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/sast.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..b97d0ed --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,43 @@ +name: Lint + +on: + pull_request: {} + workflow_dispatch: {} + push: + branches: + - main + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + lua-check: + name: Lua Check + runs-on: ubuntu-latest + permissions: + contents: read + issues: read + checks: write + pull-requests: write + if: (github.actor != 'dependabot[bot]') + + steps: + - name: Checkout source code + uses: actions/checkout@v3 + + # Optional step to run on only changed files + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@54849deb963ca9f24185fb5de2965e002d066e6b # v37 + with: + files: | + **.lua + + - name: Lua Check + if: steps.changed-files.outputs.any_changed == 'true' + uses: Kong/public-shared-actions/code-check-actions/lua-lint@v1 + with: + additional_args: '--no-default-config --config .luacheckrc' + files: ${{ steps.changed-files.outputs.all_changed_files }} diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml new file mode 100644 index 0000000..6d67015 --- /dev/null +++ b/.github/workflows/sast.yml @@ -0,0 +1,31 @@ +name: SAST + +on: + pull_request: + paths: + - lib/**.lua + push: + branches: + - master + - main + paths: + - lib/**.lua + workflow_dispatch: {} + + +jobs: + semgrep: + name: Semgrep SAST + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + # only required for workflows in private repositories + actions: read + contents: read + + if: (github.actor != 'dependabot[bot]') + + steps: + - uses: actions/checkout@v3 + - uses: Kong/public-shared-actions/security-actions/semgrep@v1 From 2a0cec896501723f04cf60fb93c3810b63c65390 Mon Sep 17 00:00:00 2001 From: saisatish karra Date: Wed, 19 Jul 2023 13:12:49 -0500 Subject: [PATCH 2/9] chore(ci): pin shared code quality actions --- .github/workflows/lint.yml | 2 +- .github/workflows/sast.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b97d0ed..fad9f64 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -37,7 +37,7 @@ jobs: - name: Lua Check if: steps.changed-files.outputs.any_changed == 'true' - uses: Kong/public-shared-actions/code-check-actions/lua-lint@v1 + uses: Kong/public-shared-actions/code-check-actions/lua-lint@33449c46c6766a3d3c8f167cc383381225862b36 with: additional_args: '--no-default-config --config .luacheckrc' files: ${{ steps.changed-files.outputs.all_changed_files }} diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index 6d67015..17738a6 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -28,4 +28,4 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: Kong/public-shared-actions/security-actions/semgrep@v1 + - uses: Kong/public-shared-actions/security-actions/semgrep@33449c46c6766a3d3c8f167cc383381225862b36 From 7defc7e415e0371eaaf98dd082d81d432834addb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Nowak?= Date: Mon, 9 Oct 2023 17:28:07 +0200 Subject: [PATCH 3/9] chore(*): backport - localize some functions A commit on master 80ee2e170dc89ab824226ca6d806c4ab6f7f4cdb introduced localizing some functions. This commit backports that one. Backports: https://github.com/Kong/lua-resty-healthcheck/pull/92 --- lib/resty/healthcheck.lua | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/resty/healthcheck.lua b/lib/resty/healthcheck.lua index c541136..2525e79 100644 --- a/lib/resty/healthcheck.lua +++ b/lib/resty/healthcheck.lua @@ -32,6 +32,7 @@ local tostring = tostring local ipairs = ipairs local table_insert = table.insert local table_remove = table.remove +local table_concat = table.concat local string_format = string.format local ssl = require("ngx.ssl") local resty_timer = require "resty.timer" @@ -918,7 +919,7 @@ function checker:set_all_target_statuses_for_hostname(hostname, port, is_healthy end end - return all_ok, #errs > 0 and table.concat(errs, "; ") or nil + return all_ok, #errs > 0 and table_concat(errs, "; ") or nil end @@ -1043,7 +1044,7 @@ function checker:run_single_check(ip, port, hostname, hostheader) if headers_length > 0 then if is_array(req_headers) then self:log(WARN, "array headers is deprecated") - headers = table.concat(req_headers, "\r\n") + headers = table_concat(req_headers, "\r\n") else headers = new_tab(0, headers_length) local idx = 0 @@ -1058,7 +1059,7 @@ function checker:run_single_check(ip, port, hostname, hostheader) headers[idx] = key .. ": " .. tostring(values) end end - headers = table.concat(headers, "\r\n") + headers = table_concat(headers, "\r\n") end if #headers > 0 then headers = headers .. "\r\n" @@ -1384,7 +1385,7 @@ local MAXNUM = 2^31 - 1 local function fail(ctx, k, msg) ctx[#ctx + 1] = k - error(table.concat(ctx, ".") .. ": " .. msg, #ctx + 1) + error(table_concat(ctx, ".") .. ": " .. msg, #ctx + 1) end From 0ca1642a86705b3745ceb4c29c6ee0f3050650fa Mon Sep 17 00:00:00 2001 From: Shuoqing Ding Date: Mon, 2 Oct 2023 18:50:48 +0800 Subject: [PATCH 4/9] fix(healthcheck): fixed incorrect default http_statuses when new() was called multiple times (#83) --- lib/resty/healthcheck.lua | 83 ++++++++++++++++------------------- t/with_worker-events/00-new.t | 62 +++++++++++++++++++++++++- 2 files changed, 100 insertions(+), 45 deletions(-) diff --git a/lib/resty/healthcheck.lua b/lib/resty/healthcheck.lua index 2525e79..9519c3a 100644 --- a/lib/resty/healthcheck.lua +++ b/lib/resty/healthcheck.lua @@ -1426,51 +1426,44 @@ local function fill_in_settings(opts, defaults, ctx) end -local defaults = { - name = NO_DEFAULT, - shm_name = NO_DEFAULT, - type = NO_DEFAULT, - events_module = "resty.worker.events", - checks = { - active = { - type = "http", - timeout = 1, - concurrency = 10, - http_path = "/", - https_sni = NO_DEFAULT, - https_verify_certificate = true, - headers = {""}, - healthy = { - interval = 0, -- 0 = disabled by default - http_statuses = { 200, 302 }, - successes = 2, +local function get_defaults() + return { + name = NO_DEFAULT, + shm_name = NO_DEFAULT, + type = NO_DEFAULT, + events_module = "resty.worker.events", + checks = { + active = { + type = "http", + timeout = 1, + concurrency = 10, + http_path = "/", + https_sni = NO_DEFAULT, + https_verify_certificate = true, + headers = {""}, + healthy = { + interval = 0, -- 0 = disabled by default + http_statuses = { 200, 302 }, + successes = 2, + }, + passive = { + type = "http", + healthy = { + http_statuses = { 200, 201, 202, 203, 204, 205, 206, 207, 208, 226, + 300, 301, 302, 303, 304, 305, 306, 307, 308 }, + successes = 5, + }, + unhealthy = { + http_statuses = { 429, 500, 503 }, + tcp_failures = 2, + timeouts = 7, + http_failures = 5, + }, + }, }, - unhealthy = { - interval = 0, -- 0 = disabled by default - http_statuses = { 429, 404, - 500, 501, 502, 503, 504, 505 }, - tcp_failures = 2, - timeouts = 3, - http_failures = 5, - }, - }, - passive = { - type = "http", - healthy = { - http_statuses = { 200, 201, 202, 203, 204, 205, 206, 207, 208, 226, - 300, 301, 302, 303, 304, 305, 306, 307, 308 }, - successes = 5, - }, - unhealthy = { - http_statuses = { 429, 500, 503 }, - tcp_failures = 2, - timeouts = 7, - http_failures = 5, - }, - }, - }, -} - + } + } +end local function to_set(tbl, key) local set = {} @@ -1540,6 +1533,8 @@ function _M.new(opts) local active_type = (((opts or EMPTY).checks or EMPTY).active or EMPTY).type local passive_type = (((opts or EMPTY).checks or EMPTY).passive or EMPTY).type + -- create a new defaults table within new() as defaults table will be modified by to_set function later + local defaults = get_defaults() local self = fill_in_settings(opts, defaults) load_events_module(self) diff --git a/t/with_worker-events/00-new.t b/t/with_worker-events/00-new.t index d8d11c6..466ce86 100644 --- a/t/with_worker-events/00-new.t +++ b/t/with_worker-events/00-new.t @@ -3,7 +3,7 @@ use Cwd qw(cwd); workers(1); -plan tests => repeat_each() * (blocks() * 3) - 2; +plan tests => repeat_each() * (blocks() * 3) - 3; my $pwd = cwd(); @@ -228,3 +228,63 @@ false false false false + +=== TEST 8: new() was called multiple times with input which do not have healthy/unhealthy config +--- http_config eval: $::HttpConfig +--- config + location = /t { + content_by_lua_block { + local we = require "resty.worker.events" + assert(we.configure{ shm = "my_worker_events", interval = 0.1 }) + local healthcheck = require("resty.healthcheck") + + -- CASE 1: default http_statuses should be set correctly when new() was called multiple times + local hc1 = healthcheck.new({ + name = "testing", + shm_name = "test_shm", + checks = { + active = { + type = "http", + }, + } + }) + -- make sure checks.active.healthy.http_statuses is filled with defaults + ngx.say(hc1.checks.active.healthy.http_statuses[200]) + + local hc2 = healthcheck.new({ + name = "testing", + shm_name = "test_shm", + checks = { + active = { + type = "http", + }, + } + }) + -- make sure checks.active.healthy.http_statuses is filled with defaults + ngx.say(hc2.checks.active.healthy.http_statuses[200]) + + -- CASE 2: the given http_statuses should not be overridden by default + local hc3 = healthcheck.new({ + name = "testing", + shm_name = "test_shm", + checks = { + active = { + type = "http", + healthy = { + http_statuses = {201} + } + }, + } + }) + -- make sure defaults won't override the given input + ngx.say(hc3.checks.active.healthy.http_statuses[200]) + ngx.say(hc3.checks.active.healthy.http_statuses[201]) + } + } +--- request +GET /t +--- response_body +true +true +nil +true \ No newline at end of file From c3679ff12639b27b3e6042bc8ee24bfb971b5197 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Nowak?= Date: Mon, 9 Oct 2023 18:00:32 +0200 Subject: [PATCH 5/9] chore(lint): bump kong/public-shared-actions --- .github/workflows/lint.yml | 2 +- .github/workflows/sast.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fad9f64..a55bb22 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -37,7 +37,7 @@ jobs: - name: Lua Check if: steps.changed-files.outputs.any_changed == 'true' - uses: Kong/public-shared-actions/code-check-actions/lua-lint@33449c46c6766a3d3c8f167cc383381225862b36 + uses: Kong/public-shared-actions/code-check-actions/lua-lint@c03e30a36e8a2dde5cbd463229a96aaad7ccad24 with: additional_args: '--no-default-config --config .luacheckrc' files: ${{ steps.changed-files.outputs.all_changed_files }} diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index 17738a6..e41c4b9 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -28,4 +28,4 @@ jobs: steps: - uses: actions/checkout@v3 - - uses: Kong/public-shared-actions/security-actions/semgrep@33449c46c6766a3d3c8f167cc383381225862b36 + - uses: Kong/public-shared-actions/security-actions/semgrep@c03e30a36e8a2dde5cbd463229a96aaad7ccad24 From 06c99cece66ae9c5b321c8b49adbe19f017bce16 Mon Sep 17 00:00:00 2001 From: Vinicius Mignot Date: Mon, 14 Nov 2022 16:12:29 -0300 Subject: [PATCH 6/9] docs(README): added 1.5.2 and 1.5.3 releases --- readme.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/readme.md b/readme.md index 78065a1..af7f6a2 100644 --- a/readme.md +++ b/readme.md @@ -126,6 +126,24 @@ Versioning is strictly based on [Semantic Versioning](https://semver.org/) serialization API. If it is unavailable, lua-resty-healthcheck fallbacks to cjson. [#109](https://github.com/Kong/lua-resty-healthcheck/pull/109) +### 1.5.3 (14-Nov-2022) + +* Fix: avoid raising worker events for new targets that were marked for delayed + removal, i.e. targets that already exist in memory only need the removal flag + cleared when added back. [#121](https://github.com/Kong/lua-resty-healthcheck/pull/121) + +### 1.5.2 (07-Jul-2022) + +* Better handling of `resty.lock` failure modes, adding more checks to ensure the + lock is held before running critical code, and improving the decision whether a + function should be retried after a timeout trying to acquire a lock. + [#113](https://github.com/Kong/lua-resty-healthcheck/pull/113) +* Increased logging for locked function failures. + [#114](https://github.com/Kong/lua-resty-healthcheck/pull/114) +* The cleanup frequency of deleted targets was lowered, cutting the number of + created locks in a short period. + [#116](https://github.com/Kong/lua-resty-healthcheck/pull/116) + ### 1.5.1 (23-Mar-2022) * Fix: avoid breaking active health checks when adding or removing targets. From 03c93796b7e85d8df4d1aaa333acbdd32341d2b5 Mon Sep 17 00:00:00 2001 From: Thijs Schreijer Date: Fri, 18 Sep 2020 09:06:05 +0200 Subject: [PATCH 7/9] chore(*) rename readme, add release instructions --- readme.md => README.md | 11 +++++++++++ config.ld | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) rename readme.md => README.md (96%) diff --git a/readme.md b/README.md similarity index 96% rename from readme.md rename to README.md index af7f6a2..8d94e4a 100644 --- a/readme.md +++ b/README.md @@ -91,6 +91,17 @@ for the complete API. Versioning is strictly based on [Semantic Versioning](https://semver.org/) +### Releasing new versions: + +* update changelog below (PR's should be merged including a changelog entry) +* based on changelog determine new SemVer version +* create a new rockspec +* render the docs using `ldoc` (don't do this within PR's) +* commit as "release x.x.x" (do not include rockspec revision) +* tag the commit with "x.x.x" (do not include rockspec revision) +* push commit and tag +* upload rock to luarocks: `luarocks upload rockspecs/[name] --api-key=abc` + ### 1.6.3 (06-Sep-2023) * Feature: Added support for https_sni [#49](https://github.com/Kong/lua-resty-healthcheck/pull/49) (backport) diff --git a/config.ld b/config.ld index 7043280..192b8cc 100644 --- a/config.ld +++ b/config.ld @@ -4,7 +4,7 @@ description='Provides active and passive healthchecks (http and tcp) for OpenRes format='discount' file='./lib/' dir='docs' -readme='readme.md' +readme='README.md' sort=true sort_modules=true all=false From 8c9a29fa99772f61876d7282d79e5cc6f58aa7d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Nowak?= Date: Wed, 11 Oct 2023 16:47:54 +0200 Subject: [PATCH 8/9] chore(healthcheck): fix get_defaults function --- lib/resty/healthcheck.lua | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/lib/resty/healthcheck.lua b/lib/resty/healthcheck.lua index 9519c3a..6fc84cc 100644 --- a/lib/resty/healthcheck.lua +++ b/lib/resty/healthcheck.lua @@ -1446,22 +1446,30 @@ local function get_defaults() http_statuses = { 200, 302 }, successes = 2, }, - passive = { - type = "http", - healthy = { - http_statuses = { 200, 201, 202, 203, 204, 205, 206, 207, 208, 226, - 300, 301, 302, 303, 304, 305, 306, 307, 308 }, - successes = 5, - }, - unhealthy = { - http_statuses = { 429, 500, 503 }, - tcp_failures = 2, - timeouts = 7, - http_failures = 5, - }, + unhealthy = { + interval = 0, -- 0 = disabled by default + http_statuses = { 429, 404, + 500, 501, 502, 503, 504, 505 }, + tcp_failures = 2, + timeouts = 3, + http_failures = 5, + }, + }, + passive = { + type = "http", + healthy = { + http_statuses = { 200, 201, 202, 203, 204, 205, 206, 207, 208, 226, + 300, 301, 302, 303, 304, 305, 306, 307, 308 }, + successes = 5, + }, + unhealthy = { + http_statuses = { 429, 500, 503 }, + tcp_failures = 2, + timeouts = 7, + http_failures = 5, }, }, - } + }, } end From 439b5a1f828289c9e820d6cb6cd0fb4ea71b7aaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Nowak?= Date: Thu, 12 Oct 2023 13:30:15 +0200 Subject: [PATCH 9/9] fix(test): fix worker-events test --- t/with_worker-events/00-new.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/with_worker-events/00-new.t b/t/with_worker-events/00-new.t index 466ce86..d01274f 100644 --- a/t/with_worker-events/00-new.t +++ b/t/with_worker-events/00-new.t @@ -287,4 +287,4 @@ GET /t true true nil -true \ No newline at end of file +true