Skip to content

Commit c990326

Browse files
committed
Merge remote-tracking branch 'origin/master' into lucia-sb/remove-codecov
2 parents a08a848 + 5d0bd5f commit c990326

703 files changed

Lines changed: 11453 additions & 3236 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.builders/images/linux-aarch64/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,11 +36,11 @@ RUN yum install -y perl-IPC-Cmd perl-CPANPLUS perl-core && \
3636
ldconfig
3737

3838
# Compile and install Python 3
39-
ENV PYTHON3_VERSION=3.13.12
39+
ENV PYTHON3_VERSION=3.13.13
4040
RUN yum install -y libffi-devel && \
4141
DOWNLOAD_URL="https://python.org/ftp/python/{{version}}/Python-{{version}}.tgz" \
4242
VERSION="${PYTHON3_VERSION}" \
43-
SHA256="12e7cb170ad2d1a69aee96a1cc7fc8de5b1e97a2bdac51683a3db016ec9a2996" \
43+
SHA256="f9cde7b0e2ec8165d7326e2a0f59ea2686ce9d0c617dbbb3d66a7e54d31b74b9" \
4444
RELATIVE_PATH="Python-{{version}}" \
4545
bash install-from-source.sh \
4646
--prefix=/opt/python/${PYTHON3_VERSION} \

.builders/images/linux-aarch64/build_script.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ if [[ "${DD_BUILD_PYTHON_VERSION}" == "3" ]]; then
2323
VERSION="${kafka_version}" \
2424
SHA256="14972092e4115f6e99f798a7cb420cbf6daa0c73502b3c52ae42fb5b418eea8f" \
2525
RELATIVE_PATH="librdkafka-{{version}}" \
26+
PATCHES="librdkafka-fix-coord-request-uaf.patch" \
2627
bash install-from-source.sh --enable-sasl --enable-curl --enable-zstd
2728
always_build+=("confluent-kafka")
2829

.builders/images/linux-x86_64/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,11 @@ RUN yum install -y perl-IPC-Cmd perl-CPANPLUS perl-core && \
3535
ldconfig
3636

3737
# Compile and install Python 3
38-
ENV PYTHON3_VERSION=3.13.12
38+
ENV PYTHON3_VERSION=3.13.13
3939
RUN yum install -y libffi-devel && \
4040
DOWNLOAD_URL="https://python.org/ftp/python/{{version}}/Python-{{version}}.tgz" \
4141
VERSION="${PYTHON3_VERSION}" \
42-
SHA256="12e7cb170ad2d1a69aee96a1cc7fc8de5b1e97a2bdac51683a3db016ec9a2996" \
42+
SHA256="f9cde7b0e2ec8165d7326e2a0f59ea2686ce9d0c617dbbb3d66a7e54d31b74b9" \
4343
RELATIVE_PATH="Python-{{version}}" \
4444
bash install-from-source.sh --prefix=/opt/python/${PYTHON3_VERSION} --with-ensurepip=yes --enable-ipv6 --with-dbmliborder=
4545
ENV PATH="/opt/python/${PYTHON3_VERSION}/bin:${PATH}"

.builders/images/linux-x86_64/build_script.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ if [[ "${DD_BUILD_PYTHON_VERSION}" == "3" ]]; then
2020
VERSION="${kafka_version}" \
2121
SHA256="14972092e4115f6e99f798a7cb420cbf6daa0c73502b3c52ae42fb5b418eea8f" \
2222
RELATIVE_PATH="librdkafka-{{version}}" \
23+
PATCHES="librdkafka-fix-coord-request-uaf.patch" \
2324
bash install-from-source.sh --enable-sasl --enable-curl --enable-zstd
2425
always_build+=("confluent-kafka")
2526

.builders/images/windows-x86_64/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -85,11 +85,11 @@ RUN Get-RemoteFile `
8585
Approve-File -Path $($Env:USERPROFILE + '\.cargo\bin\rustc.exe') -Hash $Env:RUSTC_HASH
8686

8787
# Install Python 3
88-
ENV PYTHON_VERSION="3.13.12"
88+
ENV PYTHON_VERSION="3.13.13"
8989
RUN Get-RemoteFile `
9090
-Uri https://www.python.org/ftp/python/$Env:PYTHON_VERSION/python-$Env:PYTHON_VERSION-amd64.exe `
9191
-Path python-$Env:PYTHON_VERSION-amd64.exe `
92-
-Hash '96159fcb523ae404b707186a75b4104ee23851e476a5e838e14584cf1e03f981'; `
92+
-Hash '3c9c81d80f91c002ced86d645422d81432c68c7d9b6b0e974768ca2e449a4d00'; `
9393
Start-Process -Wait python-$Env:PYTHON_VERSION-amd64.exe -ArgumentList '/quiet', 'InstallAllUsers=1'; `
9494
Remove-Item python-$Env:PYTHON_VERSION-amd64.exe; `
9595
& 'C:\Program Files\Python313\python.exe' -m pip install --no-warn-script-location --upgrade pip; `
Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
diff --git a/src/rdkafka_admin.c b/src/rdkafka_admin.c
2+
index 7986371a..552c10c0 100644
3+
--- a/src/rdkafka_admin.c
4+
+++ b/src/rdkafka_admin.c
5+
@@ -480,7 +480,6 @@ rd_kafka_admin_coord_request(rd_kafka_broker_t *rkb,
6+
rd_kafka_replyq_t replyq,
7+
rd_kafka_resp_cb_t *resp_cb,
8+
void *opaque) {
9+
- rd_kafka_t *rk = rkb->rkb_rk;
10+
rd_kafka_enq_once_t *eonce = opaque;
11+
rd_kafka_op_t *rko;
12+
char errstr[512];
13+
@@ -499,13 +498,17 @@ rd_kafka_admin_coord_request(rd_kafka_broker_t *rkb,
14+
&rko->rko_u.admin_request.options, errstr, sizeof(errstr), replyq,
15+
rd_kafka_admin_handle_response, eonce);
16+
17+
- if (err) {
18+
- rd_kafka_admin_result_fail(
19+
- rko, err, "%s worker failed to send request: %s",
20+
- rd_kafka_op2str(rko->rko_type), errstr);
21+
- rd_kafka_admin_common_worker_destroy(rk, rko,
22+
- rd_true /*destroy*/);
23+
- }
24+
+ /* On error, do not call worker_destroy() here.
25+
+ * The caller (rd_kafka_coord_req_fsm) will call coord_req_fail()
26+
+ * which enqueues a dummy error response carrying the eonce as
27+
+ * opaque. coord_response_parse() will then retrieve the rko via
28+
+ * del_source_return("coordinator response"), see the error, and
29+
+ * call worker_destroy() itself.
30+
+ *
31+
+ * Calling worker_destroy() here would free the eonce while the
32+
+ * caller still holds a reference to it, leading to a
33+
+ * use-after-free / assertion failure in
34+
+ * rd_kafka_enq_once_del_source_return(). */
35+
return err;
36+
}
37+
38+
diff --git a/src/rdkafka_coord.c b/src/rdkafka_coord.c
39+
index a880f23a..e57b3ef7 100644
40+
--- a/src/rdkafka_coord.c
41+
+++ b/src/rdkafka_coord.c
42+
@@ -316,6 +316,14 @@ static void rd_kafka_coord_req_fail(rd_kafka_t *rk,
43+
rd_kafka_op_t *reply;
44+
rd_kafka_buf_t *rkbuf;
45+
46+
+ if (!creq->creq_reply_opaque) {
47+
+ /* The admin operation has already timed out and been
48+
+ * destroyed. The eonce (creq_reply_opaque) may be
49+
+ * freed. Do not enqueue a response referencing it. */
50+
+ rd_kafka_coord_req_destroy(rk, creq, rd_true /*done*/);
51+
+ return;
52+
+ }
53+
+
54+
reply = rd_kafka_op_new(RD_KAFKA_OP_RECV_BUF);
55+
reply->rko_rk = rk; /* Set rk since the rkbuf will not have a rkb
56+
* to reach it. */
57+
@@ -495,7 +503,15 @@ static void rd_kafka_coord_req_fsm(rd_kafka_t *rk, rd_kafka_coord_req_t *creq) {
58+
replyq, creq->creq_resp_cb,
59+
creq->creq_reply_opaque);
60+
61+
- if (err) {
62+
+ if (err == RD_KAFKA_RESP_ERR__DESTROY) {
63+
+ /* Admin op already timed out. Clear
64+
+ * opaque to prevent coord_req_fail from
65+
+ * using freed eonce. */
66+
+ creq->creq_reply_opaque = NULL;
67+
+ rd_kafka_replyq_destroy(&replyq);
68+
+ rd_kafka_coord_req_destroy(rk, creq,
69+
+ rd_true /*done*/);
70+
+ } else if (err) {
71+
/* Permanent error, e.g., request not
72+
* supported by broker. */
73+
rd_kafka_replyq_destroy(&replyq);

.builders/promote.py

Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
"""Promote dependency wheels from dev to stable storage.
2+
3+
Reads lockfiles from .deps/resolved/, identifies every wheel that lives
4+
under the ``dev/`` prefix in GCS, and copies it to the ``stable/`` prefix.
5+
Invoked via ``ddev promote <PR_URL>`` which dispatches the promote workflow.
6+
"""
7+
from __future__ import annotations
8+
9+
import re
10+
import sys
11+
from pathlib import Path, PurePosixPath
12+
13+
from google.cloud import storage
14+
15+
BUCKET_NAME = "deps-agent-int-datadoghq-com"
16+
REPO_DIR = Path(__file__).resolve().parent.parent
17+
LOCK_FILE_DIR = REPO_DIR / ".deps" / "resolved"
18+
19+
DEV_PREFIX = "dev/"
20+
STABLE_PREFIX = "stable/"
21+
22+
LOCKFILE_ENTRY = re.compile(
23+
r"^(?P<name>\S+)\s+@\s+(?P<url>\S+)$"
24+
)
25+
26+
27+
def parse_lockfile_urls(lockfile: Path) -> list[str]:
28+
"""Extract wheel URLs from a lockfile."""
29+
urls: list[str] = []
30+
for line in lockfile.read_text().splitlines():
31+
line = line.strip()
32+
if not line:
33+
continue
34+
m = LOCKFILE_ENTRY.match(line)
35+
if m:
36+
urls.append(m.group("url").split("#")[0])
37+
return urls
38+
39+
40+
STORAGE_BASE = "https://agent-int-packages.datadoghq.com/"
41+
STORAGE_TEMPLATE_PREFIX = f"{STORAGE_BASE}${{INTEGRATIONS_WHEELS_STORAGE}}/"
42+
43+
44+
def url_to_blob_path(url: str) -> str | None:
45+
"""Convert a wheel URL to its GCS blob path, or None if not a templated storage URL.
46+
47+
Handles the templated ``https://agent-int-packages.datadoghq.com/${INTEGRATIONS_WHEELS_STORAGE}/...``
48+
format used in lockfiles.
49+
"""
50+
if url.startswith(STORAGE_TEMPLATE_PREFIX):
51+
return url[len(STORAGE_TEMPLATE_PREFIX):]
52+
return None
53+
54+
55+
def collect_relative_paths() -> list[str]:
56+
"""Read all lockfiles and return relative wheel paths from ${INTEGRATIONS_WHEELS_STORAGE} entries."""
57+
if not LOCK_FILE_DIR.is_dir():
58+
print(f"No lockfile directory found at {LOCK_FILE_DIR}", file=sys.stderr)
59+
sys.exit(1)
60+
61+
lockfiles = list(LOCK_FILE_DIR.glob("*.txt"))
62+
if not lockfiles:
63+
print(f"No lockfiles found in {LOCK_FILE_DIR}", file=sys.stderr)
64+
sys.exit(1)
65+
66+
rel_paths: list[str] = []
67+
for lockfile in sorted(lockfiles):
68+
print(f"Reading {lockfile.name}")
69+
for url in parse_lockfile_urls(lockfile):
70+
rel_path = url_to_blob_path(url)
71+
if rel_path:
72+
rel_paths.append(rel_path)
73+
74+
return rel_paths
75+
76+
77+
def promote(rel_paths: list[str]) -> None:
78+
"""Copy blobs from dev/ to stable/ in GCS."""
79+
if not rel_paths:
80+
print("No templated wheels found in lockfiles — nothing to promote.")
81+
return
82+
83+
unique_paths = sorted(set(rel_paths))
84+
print(f"\nPromoting {len(unique_paths)} wheels from dev to stable...\n")
85+
86+
client = storage.Client()
87+
bucket = client.bucket(BUCKET_NAME)
88+
89+
failed: list[str] = []
90+
for rel_path in unique_paths:
91+
dev_path = DEV_PREFIX + rel_path
92+
stable_path = STABLE_PREFIX + rel_path
93+
name = PurePosixPath(rel_path).name
94+
source_blob = bucket.blob(dev_path)
95+
96+
if not source_blob.exists():
97+
print(f" MISSING {name}")
98+
failed.append(dev_path)
99+
continue
100+
101+
bucket.copy_blob(source_blob, bucket, stable_path)
102+
print(f" OK {name}")
103+
104+
print()
105+
if failed:
106+
print(
107+
f"ERROR: {len(failed)} wheel(s) not found in dev storage.\n"
108+
"The resolve-build-deps workflow may not have finished yet.\n"
109+
"Wait for it to complete, then run ddev promote again.",
110+
file=sys.stderr,
111+
)
112+
for p in failed:
113+
print(f" - {p}", file=sys.stderr)
114+
sys.exit(1)
115+
116+
print(f"Done. {len(unique_paths)} wheel(s) promoted to stable.")
117+
118+
119+
if __name__ == "__main__":
120+
rel_paths = collect_relative_paths()
121+
promote(rel_paths)

.builders/scripts/files_to_remove.toml

Lines changed: 2 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -17,30 +17,11 @@ excluded_paths = [
1717

1818
# --- Tests ---
1919

20+
"tests/",
21+
"/test/",
2022
"idlelib/idle_test/",
21-
"bs4/tests/",
2223
"Cryptodome/SelfTest/",
23-
"gssapi/tests/",
24-
"keystoneauth1/tests/",
25-
"lazy_loader/tests/",
26-
"openstack/tests/",
27-
"os_service_types/tests/",
28-
"pbr/tests/",
29-
"pkg_resources/tests/",
30-
"pip/_vendor/colorama/tests/",
31-
"psutil/tests/",
32-
"requests_unixsocket/tests/",
3324
"securesystemslib/_vendor/ed25519/test_data/",
34-
"setuptools/_distutils/compilers/C/tests/",
35-
"setuptools/_vendor/packaging/tests/",
36-
"setuptools/_distutils/tests/",
37-
"setuptools/tests/",
38-
"simplejson/tests/",
39-
"stevedore/tests/",
40-
"supervisor/tests/",
41-
"/test/",
42-
"vertica_python/tests/",
43-
"websocket/tests/",
4425
"win32com/test/",
4526

4627
# --- Botocore ---

0 commit comments

Comments
 (0)