55 Commits (ae5bc88ebea2f96f67e54ba6886c63ee0af14b54)

Author	SHA1	Message	Date
dependabot[bot]	266c14d6ca	.github: Bump actions/cache from 4.0.2 to 4.1.0 (#13711) ... Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](0c45773b62...2cdf405574) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 weeks ago
Mario Minardi	05d82fb0d8	.github: pin re-actors/alls-green to latest 1.x (#13558) ... Pin re-actors/alls-green usage to latest 1.x. This was previously pointing to `@release/v2` which pulls in the latest changes from this branch as they are released, with the potential to break our workflows if a breaking change or malicious version on this stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinned version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	04bbef0e8b	.github: update and pin actions/upload-artifact to latest 4.x (#13556) ... Update and pin actions/upload-artifact usage to latest 4.x. These were previously pointing to @3 which pulls in the latest v3 as they are released, with the potential to break our workflows if a breaking change or malicious version on the @3 stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinned version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	a8bd0cb9c2	.github: update and pin actions/cache to latest 4.x (#13555) ... Update and pin actions/cache usage to latest 4.x. These were previously pointing to `@3` which pulls in the latest v3 as they are released, with the potential to break our workflows if a breaking change or malicious version on the `@3` stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinned version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. The breaking change between v3 and v4 is that v4 requires Node 20 which should be a non-issue where this is run. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	a3f7e72321	.github: use and pin slackapi/slack-github-action to latest 1.x (#13554) ... Use slackapi/slack-github-action across the board and pin to latest 1.x. Previously we were referencing the 1.27.0 tag directly which is vulnerable to someone replacing that version tag with malicious code. Replace usage of ruby/action-slack with slackapi/slack-github-action as the latter is the officially supported action from slack. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	2c1bbfb902	.github: pin actions/setup-go usage to latest 5.x (#13553) ... Pin actions/checkout usage to latest 5.x. These were previously pointing to `@4` which pulls in the latest v4 as they are released, with the potential to break our workflows if a breaking change or malicious version on the `@4` stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinend version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. The breaking change between v4 and v5 is that v5 requires Node 20 which should be a non-issue where it is used. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Mario Minardi	07991dec83	.github: pin actions/checkout to latest v3 or v4 as appropriate (#13551) ... Pin actions/checkout usage to latest 3.x or 4.x as appropriate. These were previously pointing to `@4` or `@3` which pull in the latest versions at these tags as they are released, with the potential to break our workflows if a breaking change or malicious version for either of these streams are released. Changing this to a pinned version also means that dependabot will keep this in the pinend version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>	1 month ago
Maisem Ali	f2713b663e	.github: enable fuzz testing again (go1.23) ... Updates #12912 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 month ago
Brad Fitzpatrick	696711cc17	all: switch to and require Go 1.23 ... Updates #12912 Change-Id: Ib4ae26eb5fb68ad2216cab4913811b94f7eed5b6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Jordan Whited	65888d95c9	derp/xdp,cmd/xdpderper: initial skeleton (#12390) ... This commit introduces a userspace program for managing an experimental eBPF XDP STUN server program. derp/xdp contains the eBPF pseudo-C along with a Go pkg for loading it and exporting its metrics. cmd/xdpderper is a package main user of derp/xdp. Updates tailscale/corp#20689 Signed-off-by: Jordan Whited <jordan@tailscale.com>	4 months ago
Brad Fitzpatrick	b9adbe2002	net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon ... In prep for most of the package funcs in net/interfaces to become methods in a long-lived netmon.Monitor that can cache things. (Many of the funcs are very heavy to call regularly, whereas the long-lived netmon.Monitor can subscribe to things from the OS and remember answers to questions it's asked regularly later) Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: Ie4e8dedb70136af2d611b990b865a822cd1797e5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
Brad Fitzpatrick	a1abd12f35	cmd/tailscaled, net/tstun: build for aix/ppc64 ... At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
James Tucker	7e17aeb36b	.github/workflows: fix regular breakage of go toolchains ... This server recently had a common ansible applied, which added a periodic /tmp cleaner, as is needed on other CI machines to deal with test tempfile leakage. The setting of $HOME to /tmp means that the go toolchain in there was regularly getting pruned by the tmp cleaner, but often incompletely, because it was also in use. Move HOME to a runner owned directory. Updates #11248 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	c9b6d19fc9	.github/workflows: fix typo in XDG_CACHE_HOME ... This appears to be one of the contributors to this CI target regularly entering a bad state with a partially written toolchain. Updates #self Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Andrew Dunham	6f6383f69e	.github: fuzzing is now unbroken ... Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I10dca601c79411b412180a46b3f82136e40544b0	9 months ago
Brad Fitzpatrick	c424e192c0	.github/workflows: temporarily disable broken oss-fuzz action ... Updates #11064 Updates #11058 Change-Id: I63acc13dece3379a0b2df573afecfd245b7cd6c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
James Tucker	0b16620b80	.github/workflows: add privileged tests workflow ... We had missed regressions from privileged tests not running, now they can run. Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	457102d070	go.mod: bump most deps for start of cycle ... Plan9 CI is disabled. 3p dependencies do not build for the target. Contributor enthusiasm appears to have ceased again, and no usage has been made. Skipped gvisor, nfpm, and k8s. Updates #5794 Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Irbe Krumina	49fd0a62c9	cmd/k8s-operator: generate static kube manifests from the Helm chart. (#10436) ... * cmd/k8s-operator: generate static manifests from Helm charts This is done to ensure that there is a single source of truth for the operator kube manifests. Also adds linux node selector to the static manifests as this was added as a default to the Helm chart. Static manifests can now be generated by running `go generate tailscale.com/cmd/k8s-operator`. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	11 months ago
Percy Wegmann	17501ea31a	ci: report test coverage to coveralls.io ... This records test coverage for the amd64 no race tests and uploads the results to coveralls.io. Updates #cleanup Signed-off-by: Ox Cart <ox.to.a.cart@gmail.com>	11 months ago
Will Norris	42abf13843	.github: run tests on all PRs, regardless of branch name ... The branch name selector "*" doesn't match branches with a "/" in their name. The vast majority of our PRs are against the main (or previously, master) branch anyway, so this will have minimal impact. But in the rare cases that we want to open a PR against a branch with a "/" in the name, tests should still run. ``` gh pr list --limit 9999 --state all --json baseRefName | \ jq -cs '.[] | group_by(.baseRefName) | map({ base: .[0].baseRefName, count: map(.baseRefName) | length}) | sort_by(-.count) | .[]' {"base":"main","count":4593} {"base":"master","count":226} {"base":"release-branch/1.48","count":4} {"base":"josh-and-adrian-io_uring","count":3} {"base":"release-branch/1.30","count":3} {"base":"release-branch/1.32","count":3} {"base":"release-branch/1.20","count":2} {"base":"release-branch/1.26","count":2} {"base":"release-branch/1.34","count":2} {"base":"release-branch/1.38","count":2} {"base":"Aadi/speedtest-tailscaled","count":1} {"base":"josh/io_uring","count":1} {"base":"maisem/hi","count":1} {"base":"rel-144","count":1} {"base":"release-branch/1.18","count":1} {"base":"release-branch/1.2","count":1} {"base":"release-branch/1.22","count":1} {"base":"release-branch/1.24","count":1} {"base":"release-branch/1.4","count":1} {"base":"release-branch/1.46","count":1} {"base":"release-branch/1.8","count":1} {"base":"web-client-main","count":1} ``` Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Brad Fitzpatrick	1fc3573446	ipn/{conffile,ipnlocal}: start booting tailscaled from a config file w/ auth key ... Updates #1412 Change-Id: Icd880035a31df59797b8379f4af19da5c4c453e2 Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	4dec0c6eb9	tstest, tstest/integration, github/workflows: shard integration tests ... Over four jobs for now. Updates #cleanup Change-Id: Ic2b1a739a454916893945a3f9efc480d6fcbd70b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	e6ab7d3c14	cmd/testwrapper: parse args better ... Previously we were just smushing together args and not trying to parse the values at all. This resulted in the args to testwrapper being limited and confusing. This makes it so that testwrapper parses flags in the exact format as `go test` command and passes them down in the provided order. It uses tesing.Init to register flags that `go test` understands, however those are not the only flags understood by `go test` (such as `-exec`) so we register these separately. Updates tailscale/corp#14975 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	56ebcd1ed4	.github/workflows: break up race builder a bit more ... Move the compilation of everything to its own job too, separate from test execution. Updates #7894 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	18e2936d25	github/workflows: move race tests to their own job ... They're slow. Make them their own job that can run in parallel. Also, only run them in race mode. No need to run them on 386 or non-race amd64. Updates #7894 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	c363b9055d	tstest/integration: add tests for tun mode (requiring root) ... Updates #7894 Change-Id: Iff0b07b21ae28c712dd665b12918fa28d6f601d0 Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	3280c81c95	.github,cmd/gitops-pusher: update to checkout@v4 ... checkout@v3 is broken: actions/checkout#1448 Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	346445acdd	.github/workflows: only run bench all on packages with benchmarks ... Drops time by several minutes. Also, on top of that: skip building variant CLIs on the race builder (29s), and getting qemu (15s). Updates #9182 Change-Id: I979e02ab8c0daeebf5200459c9e4458a1f62f728 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	1f12b3aedc	.github: do not use testwrapper for benchmarks ... Updates #9182 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	98a5116434	all: adjust some build tags for plan9 ... I'm not saying it works, but it compiles. Updates #5794 Change-Id: I2f3c99732e67fe57a05edb25b758d083417f083e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	21e32b23f7	.github: use testwrapper on windows ... Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	8e840489ed	cmd/testwrapper: only retry flaky failed tests ... Redo the testwrapper to track and only retry flaky tests instead of retrying the entire pkg. It also fails early if a non-flaky test fails. This also makes it so that the go test caches are used. Fixes #7975 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	c11af12a49	.github: actually run tests in CI ... Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
James Tucker	8032b966a1	.github/workflows: add recency bias to action cache keys ... The action cache restore process either matches the restore key pattern exactly, or uses a matching prefix with the most recent date. If the restore key is an exact match, then no updates are uploaded, but if we've just computed tests executions for more recent code then we will likely want to use those results in future runs. Appending run_id to the cache key will give us an always new key, and then we will be restore a recently uploaded cache that is more likely has a higher overlap with the code being tested. Updates #7975 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	43819309e1	.github/workflows: split tests and benchmarks for caching ... Benchmark flags prevent test caching, so benchmarks are now executed independently of tests. Fixes #7975 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
dependabot[bot]	5acc7c4b1e	.github: Bump ruby/action-slack from 3.0.0 to 3.2.1 ... Bumps [ruby/action-slack](https://github.com/ruby/action-slack) from 3.0.0 to 3.2.1. - [Release notes](https://github.com/ruby/action-slack/releases) - [Commits](https://github.com/ruby/action-slack/compare/v3.0.0...v3.2.1) --- updated-dependencies: - dependency-name: ruby/action-slack dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2 years ago
dependabot[bot]	28cb1221ba	.github: Bump actions/setup-go from 3 to 4 ... Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2 years ago
James Tucker	b7f51a1468	.github/workflows: add artifact caching and remove double build on race ... Go artifact caching will help provided that the cache remains small enough - we can reuse the strategy from the Windows build where we only cache and pull the zips, but let go(1) do the many-file unpacking as it does so faster. The race matrix was building once without race, then running all the tests with race, so change the matrix to incldue a `buildflags` parameter and use that both in the build and test steps. Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	8dec1a8724	.github/workflows: reenable Windows CI, disable broken tests ... We accidentally switched to ./tool/go in 4022796484 which resulted in no longer running Windows builds, as this is attempting to run a bash script. I was unable to quickly fix the various tests that have regressed, so instead I've added skips referencing #7876, which we need to back and fix. Updates #7262 Updates #7876 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Mihai Parparita	782ccb5655	.github/workflows: run one set of tests with the tailscale_go build tag ... We use it to gate code that depends on custom Go toolchain, but it's currently only passed in the corp runners. Add a set on OSS so that we can catch regressions earlier. To specifically test sockstats this required adding a build tag to explicitly enable them -- they're normally on for iOS, macOS and Android only, and we don't run tests on those platforms normally. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
David Anderson	b0eba129e6	.github/workflows: add a pass/fail verdict job to the test workflow ... Github requires explicitly listing every single job within a workflow that is required for status checks, instead of letting you list entire workflows. This is ludicrous, and apparently this nonsense is the workaround. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	0ab6a7e7f5	.github/workflows: try to make the merge queue actually run CI ... Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	5a2fa3aa95	.github/workflows: add armv5 and armv7 cross tests ... armv5 because that's what we ship to most downstreams right now, armv7 becuase that's what we want to ship more of. Fixes https://github.com/tailscale/tailscale/issues/7269 Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	093139fafd	.github/workflows: fix non-collapsing CI status in PRs ... CI status doesn't collapse into "everything OK" if a job gets skipped. Instead, always run the job, but skip its only step in PRs. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	306c8a713c	.github/workflows: run CI and CodeQL in the merge queue ... Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	149de5e6d6	build_dist.sh: use cmd/mkversion to get version data ... Replaces the former shell goop, which was a shell reimplementation of a subset of version/mkversion. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Maisem Ali	4a99481a11	.github/workflows: set TS_FUZZ_CURRENTLY_BROKEN to false ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
David Anderson	2eb25686d7	.github/workflows: simplify build-only go test invocation ... Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	253333b8a3	.github/workflows: support disabling fuzz testing safely ... OSS-Fuzz doesn't update their version of Go as quickly as we do, so we sometimes end up with OSS-Fuzz being unable to build our code for a few weeks. We don't want CI to be red for that entire time, but we also don't want to forget to reenable fuzzing when OSS-Fuzz does start working again. This change makes two configurations worthy of a CI pass: - Fuzzing works, and we expected it to work. This is a normal happy state. - Fuzzing didn't compile, and we expected it to not compile. This is the "OSS-Fuzz temporarily broken" state. If fuzzing is unexpectedly broken, or unexpectedly not broken, that's a CI failure because we need to either address a fuzz finding, or update TS_FUZZ_CURRENTLY_BROKEN to reflect the state of OSS-Fuzz. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago