Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag releases with semver tag #327

Closed
rturner3 opened this issue Aug 9, 2023 · 5 comments
Closed

Tag releases with semver tag #327

rturner3 opened this issue Aug 9, 2023 · 5 comments

Comments

@rturner3
Copy link

rturner3 commented Aug 9, 2023

Some projects prefer to pin GitHub Actions dependencies by commit SHA rather than major version tag to prevent possible release pipeline vulnerabilities if a malicious tag is pushed to an external project.

If you pin the dependency on this action by commit SHA rather than major version tag, e.g. v2, dependabot doesn't ever detect minor release version updates, seemingly because:

  • The existing major version tag changes to point to a different commit, which doesn't get detected by dependabot
  • There is no version tag containing the full semver tag, e.g. v2.20.0, there is only a release branch, and dependabot seems to only detect new releases when new tags are added to a repository

Other GitHub Actions tag their releases with full semver tags, and this is not a problem with those projects, e.g. actions/checkout.

Going forward, it would be really nice if each release had a semver tag so that projects depending on this step could get automatic update PRs sent by dependabot.

rturner3 pushed a commit to rturner3/spire that referenced this issue Aug 9, 2023
This project generates releases by just creating a new release branch
without a corresponding semver tag, and changing the major version tag
to point to the release branch, which isn't enough for dependabot to
automatically detect the new versions,
see msys2/setup-msys2#327

Manually update this step for now to the current commit pointed to by
the `v2` tag (`v2.20.0`): https://github.com/msys2/setup-msys2/tree/v2

Signed-off-by: Ryan Turner <[email protected]>
rturner3 pushed a commit to rturner3/spire that referenced this issue Aug 9, 2023
This project generates releases by just creating a new release branch
without a corresponding semver tag, and changing the major version tag
to point to the release branch, which isn't enough for dependabot to
automatically detect the new versions,
see msys2/setup-msys2#327

Manually update this step for now to the current commit pointed to by
the `v2` tag (`v2.20.0`): https://github.com/msys2/setup-msys2/tree/v2

Signed-off-by: Ryan Turner <[email protected]>
rturner3 added a commit to spiffe/spire that referenced this issue Aug 9, 2023
This project generates releases by just creating a new release branch
without a corresponding semver tag, and changing the major version tag
to point to the release branch, which isn't enough for dependabot to
automatically detect the new versions,
see msys2/setup-msys2#327

Manually update this step for now to the current commit pointed to by
the `v2` tag (`v2.20.0`): https://github.com/msys2/setup-msys2/tree/v2

Signed-off-by: Ryan Turner <[email protected]>
@lazka
Copy link
Member

lazka commented Aug 10, 2023

thanks, sounds good. I'll have a look.

@lazka
Copy link
Member

lazka commented Aug 11, 2023

Done now.

For future reference:

  • I've merged all separate release branches into one branch here: https://github.com/msys2/setup-msys2/commits/dist (cherry-picked while ignoring all old files each time)
  • I've added tags for all releases on that branch
  • I've renamed the old release branches from "vX.Y.Z" to "legacy-vX.Y.Z" to keep the old commits reachable and avoid naming conflicts with the new tags
  • I've released v2.20.1 just now with some minor updates to test the release process

@lazka lazka closed this as completed Aug 11, 2023
@rturner3
Copy link
Author

Hmm, I didn't see that dependabot raised a PR for the new release. Perhaps you have to create a GitHub release for the new releases to get noticed by dependabot?

@lazka
Copy link
Member

lazka commented Aug 11, 2023

done

@lazka
Copy link
Member

lazka commented Aug 13, 2023

From what I see it still didn't work (??)

faisal-memon pushed a commit to faisal-memon/spire that referenced this issue Sep 12, 2023
This project generates releases by just creating a new release branch
without a corresponding semver tag, and changing the major version tag
to point to the release branch, which isn't enough for dependabot to
automatically detect the new versions,
see msys2/setup-msys2#327

Manually update this step for now to the current commit pointed to by
the `v2` tag (`v2.20.0`): https://github.com/msys2/setup-msys2/tree/v2

Signed-off-by: Ryan Turner <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>
azdagron added a commit to azdagron/spire that referenced this issue Sep 13, 2023
* Populate and prune entry event table

Signed-off-by: Faisal Memon <[email protected]>

* Bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 (spiffe#4412)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.15.0...v0.15.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump golang.org/x/sys from 0.10.0 to 0.11.0 (spiffe#4409)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.10.0 to 0.11.0.
- [Commits](golang/sys@v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* [docker buildx] Create tls context if needed (spiffe#4405)

Signed-off-by: Zack Train <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump golang.org/x/net from 0.13.0 to 0.14.0 (spiffe#4413)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.13.0 to 0.14.0.
- [Commits](golang/net@v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Add telemetry instrumentation for delegated identity API and add latency telemetry util (spiffe#4399)

* Add telemetry instrumentation for delegated identity API and add latency telemetry util

Signed-off-by: chiragk25 <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.109.1 to 1.110.1 (spiffe#4416)

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.109.1 to 1.110.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/ec2/v1.109.1...service/ec2/v1.110.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump actions/setup-go from 4.0.1 to 4.1.0 (spiffe#4418)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@fac708d...93397be)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump google.golang.org/api from 0.134.0 to 0.136.0 (spiffe#4420)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.134.0 to 0.136.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.134.0...v0.136.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.2 (spiffe#4419)

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Update msys2/setup-msys2 GitHub Action (spiffe#4421)

This project generates releases by just creating a new release branch
without a corresponding semver tag, and changing the major version tag
to point to the release branch, which isn't enough for dependabot to
automatically detect the new versions,
see msys2/setup-msys2#327

Manually update this step for now to the current commit pointed to by
the `v2` tag (`v2.20.0`): https://github.com/msys2/setup-msys2/tree/v2

Signed-off-by: Ryan Turner <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump actions/dependency-review-action from 3.0.6 to 3.0.7 (spiffe#4425)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@1360a34...7d90b4f)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (spiffe#4428)

Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.20.1 to 1.21.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/s3/v1.21.0/CHANGELOG.md)
- [Commits](aws/aws-sdk-go-v2@v1.20.1...service/s3/v1.21.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.110.1 to 1.111.0 (spiffe#4431)

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.110.1 to 1.111.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/ec2/v1.110.1...service/ec2/v1.111.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Set up feature flag

Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.0 to 1.7.1 (spiffe#4432)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.7.0...sdk/azcore/v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Bump google.golang.org/api from 0.136.0 to 0.137.0 (spiffe#4433)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.136.0 to 0.137.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.136.0...v0.137.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Remove prune events interval from docs

Signed-off-by: Faisal Memon <[email protected]>

* Fix outdated comments

Signed-off-by: Faisal Memon <[email protected]>

* Update pkg/server/datastore/sqlstore/sqlstore.go

Signed-off-by: Faisal Memon <[email protected]>

Co-authored-by: Marcos Yacob <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Add var names for consistency

Signed-off-by: Faisal Memon <[email protected]>

* Bump version and CHANGELOG after v1.7.2 release (spiffe#4441)

Signed-off-by: Marcos Yacob <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Update golangci-lint and Markdown linter (spiffe#4440)

Also fix new Markdown linter errors

Signed-off-by: Ryan Turner <[email protected]>
Co-authored-by: Marcos Yacob <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.111.0 to 1.112.0 (spiffe#4434)

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.111.0 to 1.112.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/ec2/v1.111.0...service/ec2/v1.112.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Bump actions/dependency-review-action from 3.0.7 to 3.0.8 (spiffe#4435)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@7d90b4f...f6fff72)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Bump cloud.google.com/go/storage from 1.31.0 to 1.32.0 (spiffe#4436)

Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.31.0 to 1.32.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@pubsub/v1.31.0...pubsub/v1.32.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/GoogleCloudPlatform/cloudsql-proxy (spiffe#4437)

Bumps [github.com/GoogleCloudPlatform/cloudsql-proxy](https://github.com/GoogleCloudPlatform/cloudsql-proxy) from 1.33.9 to 1.33.10.
- [Release notes](https://github.com/GoogleCloudPlatform/cloudsql-proxy/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/cloud-sql-proxy/blob/v1.33.10/CHANGELOG.md)
- [Commits](GoogleCloudPlatform/cloud-sql-proxy@v1.33.9...v1.33.10)

---
updated-dependencies:
- dependency-name: github.com/GoogleCloudPlatform/cloudsql-proxy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Bump k8s.io/client-go from 0.27.4 to 0.28.0 (spiffe#4439)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.27.4 to 0.28.0.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.27.4...v0.28.0)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (spiffe#4442)

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.3.0...sdk/azcore/v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Remove node selector cruft cleanup code (spiffe#4443)

SPIRE v1.6.3 introduced code to clean up node selector cruft in the database.
This code can be removed in v1.8.0.

Fixes: spiffe#3945

Signed-off-by: Andrew Harding <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Remove SDS v2 API (spiffe#4444)

The SDS v2 API has been removed for Envoy for several years. We cannot
reasonably support it any longer, and we expect most users should no
longer be using it anymore.

Signed-off-by: Ryan Turner <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump google.golang.org/api from 0.137.0 to 0.138.0 (spiffe#4446)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.137.0 to 0.138.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.137.0...v0.138.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.112.0 to 1.113.0 (spiffe#4448)

Bumps [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) from 1.112.0 to 1.113.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/ec2/v1.112.0...service/ec2/v1.113.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/ec2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Add the ability to configure the refresh hint of the local bundle (spiffe#4400)

* spire-server: add support for configuring a static bundle refresh_hint

This allows us to move to a place where we are closer to the
recommendation of the SPIFFE spec which says that client of the trust
bundle endpoint should default to a low refresh interval to be able to
retrieve updated trust bundles in a timely manner.

Signed-off-by: Sorin Dumitru <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Upgrade to go1.21.0 (spiffe#4450)

Also the go compiler version is now always reported with a patch version
so we can remove the whole go_version_full/go_version distinction in the
Makefile.

Fixed up the compiler tarball URL to match what is now present on the
Go downloads page.

Signed-off-by: Andrew Harding <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Bump k8s.io/kube-aggregator from 0.27.4 to 0.28.0 (spiffe#4447)

Bumps [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) from 0.27.4 to 0.28.0.
- [Commits](kubernetes/kube-aggregator@v0.27.4...v0.28.0)

---
updated-dependencies:
- dependency-name: k8s.io/kube-aggregator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Faisal Memon <[email protected]>

* Remove startup entry scan (spiffe#4449)

Quite some time ago we added a scan to first warn and then eventually
delete entries with invalid SPIFFE IDs. This scan is no longer needed,
since entries will have already been removed by previous upgrades and
can be removed.

Signed-off-by: Andrew Harding <[email protected]>
Co-authored-by: Marcos Yacob <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Clean up fflag in sqlstore.go

Signed-off-by: Faisal Memon <[email protected]>

* Remove mysql specifics

Signed-off-by: Faisal Memon <[email protected]>

* Update pruning interval

Signed-off-by: Faisal Memon <[email protected]>

* Add prune unit tests, sql lite support

Signed-off-by: Faisal Memon <[email protected]>

* Make prune test more resillient

Signed-off-by: Faisal Memon <[email protected]>

* Fix postgres issues with pruning

Signed-off-by: Faisal Memon <[email protected]>

* Add more unit tests for listing events

Signed-off-by: Faisal Memon <[email protected]>

* Add test for prune events task

Signed-off-by: Faisal Memon <[email protected]>

* Remove pagination

Signed-off-by: Faisal Memon <[email protected]>

* Remove platform specific prune functions

Signed-off-by: Faisal Memon <[email protected]>

* Update pkg/common/telemetry/server/datastore/event.go

Signed-off-by: Faisal Memon <[email protected]>

Co-authored-by: Marcos Yacob <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Add unit tests for configurable

Signed-off-by: Faisal Memon <[email protected]>

* Update pkg/server/endpoints/entryfetcher_test.go

Signed-off-by: Faisal Memon <[email protected]>

Co-authored-by: Marcos Yacob <[email protected]>
Signed-off-by: Faisal Memon <[email protected]>

* Add ctx.Done()

Signed-off-by: Faisal Memon <[email protected]>

* Fix some rebase conflicts

Signed-off-by: Faisal Memon <[email protected]>

* run prune events only when feature flag is active

Signed-off-by: Marcos Yacob <[email protected]>

---------

Signed-off-by: Faisal Memon <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Zack Train <[email protected]>
Signed-off-by: chiragk25 <[email protected]>
Signed-off-by: Ryan Turner <[email protected]>
Signed-off-by: Marcos Yacob <[email protected]>
Signed-off-by: Andrew Harding <[email protected]>
Signed-off-by: Sorin Dumitru <[email protected]>
Co-authored-by: Faisal Memon <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zachary M. Train <[email protected]>
Co-authored-by: Chirag Kapadia <[email protected]>
Co-authored-by: Ryan Turner <[email protected]>
Co-authored-by: Marcos Yacob <[email protected]>
Co-authored-by: Sorin Dumitru <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants