mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 19:41:58 +00:00
8ca43300cdc43d3f6897dfbbbb3304593e201459
1121 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
b65ec02cde |
build(deps): bump actions/setup-node from 4.2.0 to 4.3.0 (#8561)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.2.0 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h2>What's Changed</h2> <h3>Dependency updates</h3> <ul> <li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1200">actions/setup-node#1200</a></li> <li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1251">actions/setup-node#1251</a></li> <li>Upgrade <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1203">actions/setup-node#1203</a></li> <li>Upgrade <code>@actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1220">actions/setup-node#1220</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1251">actions/setup-node#1251</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v4.3.0">https://github.com/actions/setup-node/compare/v4...v4.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c03f840969 |
build(deps): bump actions/download-artifact from 4.1.8 to 4.2.1 (#8596)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.8 to 4.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Add unit tests by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/392">actions/download-artifact#392</a></li> <li>Fix bug introduced in 4.2.0 by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/391">actions/download-artifact#391</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1">https://github.com/actions/download-artifact/compare/v4.2.0...v4.2.1</a></p> <h2>v4.2.0</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/lkfortuna"><code>@lkfortuna</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/384">actions/download-artifact#384</a></li> <li>Bump artifact version, do digest check by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/383">actions/download-artifact#383</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lkfortuna"><code>@lkfortuna</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/384">actions/download-artifact#384</a></li> <li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/383">actions/download-artifact#383</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.9...v4.2.0">https://github.com/actions/download-artifact/compare/v4.1.9...v4.2.0</a></p> <h2>v4.1.9</h2> <h2>What's Changed</h2> <ul> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/354">actions/download-artifact#354</a></li> <li>docs: small migration fix by <a href="https://github.com/froblesmartin"><code>@froblesmartin</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/370">actions/download-artifact#370</a></li> <li>Update MIGRATION.md by <a href="https://github.com/andyfeller"><code>@andyfeller</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/372">actions/download-artifact#372</a></li> <li>Update artifact package to 2.2.2 by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/380">actions/download-artifact#380</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/354">actions/download-artifact#354</a></li> <li><a href="https://github.com/froblesmartin"><code>@froblesmartin</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/370">actions/download-artifact#370</a></li> <li><a href="https://github.com/andyfeller"><code>@andyfeller</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/372">actions/download-artifact#372</a></li> <li><a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/download-artifact/pull/380">actions/download-artifact#380</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/download-artifact/compare/v4.1.8...v4.1.9">https://github.com/actions/download-artifact/compare/v4.1.8...v4.1.9</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3a627e3439 |
build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.6.0 (#8595)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Display binfmt version by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/202">docker/setup-qemu-action#202</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0">https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0</a></p> <h2>v3.5.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/205">docker/setup-qemu-action#205</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0">https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0</a></p> <h2>v3.4.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.49.0 to 0.54.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/193">docker/setup-qemu-action#193</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/197">docker/setup-qemu-action#197</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0">https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
14a4d12ceb |
build(deps): bump taiki-e/install-action from 2.49.9 to 2.49.40 (#8597)
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.49.9 to 2.49.40. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's releases</a>.</em></p> <blockquote> <h2>2.49.40</h2> <ul> <li>Update <code>typos@latest</code> to 1.31.1.</li> </ul> <h2>2.49.39</h2> <ul> <li>Downgrade <code>cargo-lambda@latest</code> to 1.8.0. (<a href="https://redirect.github.com/taiki-e/install-action/pull/923">#923</a>)</li> </ul> <h2>2.49.38</h2> <ul> <li> <p>Update <code>cargo-lambda@latest</code> to 1.8.1.</p> </li> <li> <p>Update <code>typos@latest</code> to 1.31.0.</p> </li> <li> <p>Update <code>trunk@latest</code> to 0.21.12.</p> </li> </ul> <h2>2.49.37</h2> <ul> <li>Update <code>trunk@latest</code> to 0.21.11.</li> </ul> <h2>2.49.36</h2> <ul> <li> <p>Update <code>release-plz@latest</code> to 0.3.129.</p> </li> <li> <p>Update <code>protoc@latest</code> to 3.30.2.</p> </li> </ul> <h2>2.49.35</h2> <ul> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.93.</p> </li> <li> <p>Update <code>typos@latest</code> to 1.30.3.</p> </li> <li> <p>Update <code>wash@latest</code> to 0.41.0.</p> </li> </ul> <h2>2.49.34</h2> <ul> <li>Update <code>knope@latest</code> to 0.19.0.</li> </ul> <h2>2.49.33</h2> <ul> <li>Update <code>release-plz@latest</code> to 0.3.128.</li> </ul> <h2>2.49.32</h2> <ul> <li>Update <code>wasmtime@latest</code> to 31.0.0.</li> </ul> <h2>2.49.31</h2> <ul> <li> <p>Update <code>cargo-hack@latest</code> to 0.6.36.</p> </li> <li> <p>Update <code>cargo-binstall@latest</code> to 1.12.2.</p> </li> </ul> <h2>2.49.30</h2> <ul> <li>Update <code>dprint@latest</code> to 0.49.1.</li> </ul> <h2>2.49.29</h2> <ul> <li> <p>Update <code>syft@latest</code> to 1.21.0.</p> </li> <li> <p>Update <code>release-plz@latest</code> to 0.3.127.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>This project adheres to <a href="https://semver.org">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased]</h2> <ul> <li>Update <code>mdbook@latest</code> to 0.4.48.</li> </ul> <h2>[2.49.40] - 2025-03-31</h2> <ul> <li>Update <code>typos@latest</code> to 1.31.1.</li> </ul> <h2>[2.49.39] - 2025-03-30</h2> <ul> <li>Downgrade <code>cargo-lambda@latest</code> to 1.8.0. (<a href="https://redirect.github.com/taiki-e/install-action/pull/923">#923</a>)</li> </ul> <h2>[2.49.38] - 2025-03-29</h2> <ul> <li> <p>Update <code>cargo-lambda@latest</code> to 1.8.1.</p> </li> <li> <p>Update <code>typos@latest</code> to 1.31.0.</p> </li> <li> <p>Update <code>trunk@latest</code> to 0.21.12.</p> </li> </ul> <h2>[2.49.37] - 2025-03-27</h2> <ul> <li>Update <code>trunk@latest</code> to 0.21.11.</li> </ul> <h2>[2.49.36] - 2025-03-27</h2> <ul> <li> <p>Update <code>release-plz@latest</code> to 0.3.129.</p> </li> <li> <p>Update <code>protoc@latest</code> to 3.30.2.</p> </li> </ul> <h2>[2.49.35] - 2025-03-25</h2> <ul> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.93.</p> </li> <li> <p>Update <code>typos@latest</code> to 1.30.3.</p> </li> <li> <p>Update <code>wash@latest</code> to 0.41.0.</p> </li> </ul> <h2>[2.49.34] - 2025-03-24</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
45340c8276 |
build(deps): bump lycheeverse/lychee-action from 2.3.0 to 2.4.0 (#8598)
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 2.3.0 to 2.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lycheeverse/lychee-action/releases">lycheeverse/lychee-action's releases</a>.</em></p> <blockquote> <h2>Version 2.4.0</h2> <h2>What's Changed</h2> <ul> <li> <p>lychee now has a new task output, which allows to track which links got fixed more easily. It looks like this:</p> <p>[test.html]:</p> <ul> <li>[X] [404] <a href="https://en.wikipedia.org/wiki/foo">https://en.wikipedia.org/wiki/foo</a> | Network error: Not Found</li> <li>[ ] [404] <a href="https://en.wikipedia.org/wiki/bar">https://en.wikipedia.org/wiki/bar</a> | Network error: Not Found</li> <li>[ ] [ERROR] <a href="https://example.com/baz">https://example.com/baz</a> | Network error: error sending request for url (<a href="https://example.com/baz">https://example.com/baz</a>) Maybe a certificate error?</li> </ul> <p>Each broken link has a checkbox that can be ticked off once fixed. Credit goes to <a href="https://github.com/Arteiii"><code>@Arteiii</code></a> for the idea and the implementation. See <a href="https://redirect.github.com/lycheeverse/lychee-action/issues/274">#274</a> for more information.</p> </li> <li> <p>Update To latest lychee Release by <a href="https://github.com/Arteiii"><code>@Arteiii</code></a> in <a href="https://redirect.github.com/lycheeverse/lychee-action/pull/279">lycheeverse/lychee-action#279</a></p> </li> <li> <p>Add <code>workingDirectory</code> argument by <a href="https://github.com/mre"><code>@mre</code></a> in <a href="https://redirect.github.com/lycheeverse/lychee-action/pull/283">lycheeverse/lychee-action#283</a></p> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Arteiii"><code>@Arteiii</code></a> made their first contribution in <a href="https://redirect.github.com/lycheeverse/lychee-action/pull/279">lycheeverse/lychee-action#279</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lycheeverse/lychee-action/compare/v2...v2.4.0">https://github.com/lycheeverse/lychee-action/compare/v2...v2.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
42e63fdcc5 |
ci: move .lycheeignore to website/ (#8589)
The lychee action now has a `workingDirectory` argument that makes it search for a `.lycheeignore` file in that directory. We can use this to remove the `.lycheeignore` file from our top-level repository tree, uncluttering that a bit. |
||
|
dependabot[bot]
|
97cd371bc0 |
build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.10.0 (#8564)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.8.0 to 3.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/408">docker/setup-buildx-action#408</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0">https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0</a></p> <h2>v3.9.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.48.0 to 0.54.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/402">docker/setup-buildx-action#402</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/404">docker/setup-buildx-action#404</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0">https://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
47287f8054 |
build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 (#8563)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.6.2</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.3.2 package & prepare for new upload-artifact release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6dd3d9ddb2 |
build(deps): bump docker/login-action from 3.3.0 to 3.4.0 (#8562)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 3.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.4.0</h2> <ul> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 in <a href="https://redirect.github.com/docker/login-action/pull/791">docker/login-action#791</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.766.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.758.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.35.0 to 0.57.0 in <a href="https://redirect.github.com/docker/login-action/pull/801">docker/login-action#801</a> <a href="https://redirect.github.com/docker/login-action/pull/806">docker/login-action#806</a> <a href="https://redirect.github.com/docker/login-action/pull/858">docker/login-action#858</a></li> <li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/814">docker/login-action#814</a></li> <li>Bump https-proxy-agent from 7.0.5 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/823">docker/login-action#823</a></li> <li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a href="https://redirect.github.com/docker/login-action/pull/777">docker/login-action#777</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.3.0...v3.4.0">https://github.com/docker/login-action/compare/v3.3.0...v3.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
27ad078abd |
build(deps): bump dorny/test-reporter from 1.9.1 to 2.0.0 (#8560)
Bumps [dorny/test-reporter](https://github.com/dorny/test-reporter) from 1.9.1 to 2.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dorny/test-reporter/releases">dorny/test-reporter's releases</a>.</em></p> <blockquote> <h2>v2.0.0</h2> <h2>What's Changed</h2> <ul> <li>Merge v1.7.0 to v1 branche by <a href="https://github.com/j-catania"><code>@j-catania</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/298">dorny/test-reporter#298</a></li> <li>Bump development to <code>v2.0.0-preview</code> by <a href="https://github.com/jozefizso"><code>@jozefizso</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/449">dorny/test-reporter#449</a></li> <li>Update checkout and upload-artifact actions versions by <a href="https://github.com/Akaame"><code>@Akaame</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/419">dorny/test-reporter#419</a></li> <li>README.md: Update GitHub Actions by <a href="https://github.com/cclauss"><code>@cclauss</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/404">dorny/test-reporter#404</a></li> <li>Update project to Node 20 runtime by <a href="https://github.com/jozefizso"><code>@jozefizso</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/450">dorny/test-reporter#450</a></li> <li>Add support for NUnit v3 XML results files by <a href="https://github.com/kring"><code>@kring</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/225">dorny/test-reporter#225</a></li> <li>Fix JUnit message / type fields. by <a href="https://github.com/AnthonyBarbier"><code>@AnthonyBarbier</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/399">dorny/test-reporter#399</a></li> <li>Update mocha-json usage instructions by <a href="https://github.com/MonkeyDo"><code>@MonkeyDo</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/145">dorny/test-reporter#145</a></li> <li>Clarify .NET support is dotnet test command support by <a href="https://github.com/anatawa12"><code>@anatawa12</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/232">dorny/test-reporter#232</a></li> <li>Target node20 by <a href="https://github.com/jozefizso"><code>@jozefizso</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/489">dorny/test-reporter#489</a></li> <li>Support displaying test results in markdown using GitHub Actions Job Summaries by <a href="https://github.com/ritchxu"><code>@ritchxu</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/463">dorny/test-reporter#463</a></li> <li>Support displaying test results in markdown using GitHub Actions Job Summaries by <a href="https://github.com/ritchxu"><code>@ritchxu</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/383">dorny/test-reporter#383</a></li> <li>Fix parsing of ESLint reports in jest-junit format by <a href="https://github.com/phjardas"><code>@phjardas</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/134">dorny/test-reporter#134</a></li> <li>Change docs for mocha-json by <a href="https://github.com/chdanielmueller"><code>@chdanielmueller</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/517">dorny/test-reporter#517</a></li> <li>Remove unused development dependency <code>@types/github-slugger</code> by <a href="https://github.com/jozefizso"><code>@jozefizso</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/524">dorny/test-reporter#524</a></li> <li>Merge <code>v1</code> branch to <code>main</code> by <a href="https://github.com/jozefizso"><code>@jozefizso</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/525">dorny/test-reporter#525</a></li> <li>Update bug_report.md by <a href="https://github.com/j-catania"><code>@j-catania</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/553">dorny/test-reporter#553</a></li> <li>Update feature.md by <a href="https://github.com/j-catania"><code>@j-catania</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/554">dorny/test-reporter#554</a></li> <li>feat: parse junit report with message by <a href="https://github.com/cmonaghan1"><code>@cmonaghan1</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/559">dorny/test-reporter#559</a></li> <li>Update dependencies by <a href="https://github.com/jozefizso"><code>@jozefizso</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/560">dorny/test-reporter#560</a></li> <li>test-reporter release v2.0.0 by <a href="https://github.com/jozefizso"><code>@jozefizso</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/561">dorny/test-reporter#561</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Akaame"><code>@Akaame</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/419">dorny/test-reporter#419</a></li> <li><a href="https://github.com/cclauss"><code>@cclauss</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/404">dorny/test-reporter#404</a></li> <li><a href="https://github.com/kring"><code>@kring</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/225">dorny/test-reporter#225</a></li> <li><a href="https://github.com/AnthonyBarbier"><code>@AnthonyBarbier</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/399">dorny/test-reporter#399</a></li> <li><a href="https://github.com/MonkeyDo"><code>@MonkeyDo</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/145">dorny/test-reporter#145</a></li> <li><a href="https://github.com/anatawa12"><code>@anatawa12</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/232">dorny/test-reporter#232</a></li> <li><a href="https://github.com/ritchxu"><code>@ritchxu</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/463">dorny/test-reporter#463</a></li> <li><a href="https://github.com/phjardas"><code>@phjardas</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/134">dorny/test-reporter#134</a></li> <li><a href="https://github.com/chdanielmueller"><code>@chdanielmueller</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/517">dorny/test-reporter#517</a></li> <li><a href="https://github.com/cmonaghan1"><code>@cmonaghan1</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/test-reporter/pull/559">dorny/test-reporter#559</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dorny/test-reporter/compare/v1.9.1...v2.0.0">https://github.com/dorny/test-reporter/compare/v1.9.1...v2.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md">dorny/test-reporter's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>2.0.0</h2> <ul> <li>Parse JUnit report with detailed message in failure <a href="https://redirect.github.com/dorny/test-reporter/pull/559">dorny/test-reporter#559</a></li> <li>Support displaying test results in markdown using GitHub Actions Job Summaries <a href="https://redirect.github.com/dorny/test-reporter/pull/383">dorny/test-reporter#383</a></li> </ul> <h2>1.9.1</h2> <ul> <li>Fix problematic retransmission of authentication token <a href="https://redirect.github.com/dorny/test-reporter/pull/438">dorny/test-reporter#438</a></li> <li>Report correct number of tests in Dart <a href="https://redirect.github.com/dorny/test-reporter/pull/426">dorny/test-reporter#426</a></li> <li>Number of completed tests mismatches passed/failed <a href="https://redirect.github.com/dorny/test-reporter/issues/319">dorny/test-reporter#319</a></li> </ul> <h2>1.9.0</h2> <ul> <li>Add support for Rspec (Ruby) <a href="https://redirect.github.com/dorny/test-reporter/pull/398">dorny/test-reporter#398</a></li> </ul> <h2>1.8.0</h2> <ul> <li>Add <code>SwiftXunitParser</code> class based on <code>JavaJunitParser</code> for <code>swift-xunit</code> reporter <a href="https://redirect.github.com/dorny/test-reporter/pull/317">dorny/test-reporter#317</a></li> <li>Use NodeJS 18 LTS as default runtime <a href="https://redirect.github.com/dorny/test-reporter/pull/332">dorny/test-reporter#332</a></li> <li>Escape <code><></code> characters in suite name <a href="https://redirect.github.com/dorny/test-reporter/pull/236">dorny/test-reporter#236</a></li> <li>Update actions runtime to Node20 <a href="https://redirect.github.com/dorny/test-reporter/pull/315">dorny/test-reporter#315</a></li> <li>Update check title and remove icon <a href="https://redirect.github.com/dorny/test-reporter/pull/144">dorny/test-reporter#144</a></li> </ul> <h2>1.7.0</h2> <ul> <li>Fix <a href="https://redirect.github.com/dorny/test-reporter/issues/199">#199</a>: Use ✅ instead of ✔️ for better cross platform look by <a href="https://github.com/petrdvorak"><code>@petrdvorak</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/200">dorny/test-reporter#200</a></li> <li>Verify content of dist/ folder matches build output by <a href="https://github.com/dorny"><code>@dorny</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/207">dorny/test-reporter#207</a></li> <li>Gracefully handle empty nested testsuite elements for JUnit. by <a href="https://github.com/rvdlaarschot"><code>@rvdlaarschot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/193">dorny/test-reporter#193</a></li> <li>Gracefully handle empty failure tags by <a href="https://github.com/haudren-woven"><code>@haudren-woven</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/213">dorny/test-reporter#213</a></li> <li>Fix <a href="https://redirect.github.com/dorny/test-reporter/issues/208">#208</a> - java-junit: show annotations on PR changed files by <a href="https://github.com/atsu85"><code>@atsu85</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/209">dorny/test-reporter#209</a></li> <li>Only report failure if fail-on-error is set by <a href="https://github.com/trond-snekvik"><code>@trond-snekvik</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/214">dorny/test-reporter#214</a></li> <li>Improve clarity on configuring for forkable repos by <a href="https://github.com/abelbraaksma"><code>@abelbraaksma</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/211">dorny/test-reporter#211</a></li> <li>Suppress "Processing test results from" log by <a href="https://github.com/vasanthdharmaraj"><code>@vasanthdharmaraj</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/179">dorny/test-reporter#179</a></li> <li>Skip listing of files if error parsing is disabled by <a href="https://github.com/dorny"><code>@dorny</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/216">dorny/test-reporter#216</a></li> <li>Correct typo in docs by <a href="https://github.com/tangowithfoxtrot"><code>@tangowithfoxtrot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/254">dorny/test-reporter#254</a></li> <li>update dependencies by <a href="https://github.com/j-catania"><code>@j-catania</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/269">dorny/test-reporter#269</a></li> <li>Add permissions to example yml files by <a href="https://github.com/TurnrDev"><code>@TurnrDev</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/263">dorny/test-reporter#263</a></li> <li>add feature fail-on-empty by <a href="https://github.com/gdams"><code>@gdams</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/243">dorny/test-reporter#243</a></li> <li>Add dependabot configuration by <a href="https://github.com/yeikel"><code>@yeikel</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/228">dorny/test-reporter#228</a></li> <li>Bump ws from 7.3.1 to 7.5.9 in /reports/jest by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/265">dorny/test-reporter#265</a></li> <li>Bump actions/checkout from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/279">dorny/test-reporter#279</a></li> <li>Add new output for url url html by <a href="https://github.com/luisito666"><code>@luisito666</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/242">dorny/test-reporter#242</a></li> <li>Update README.md by <a href="https://github.com/IanMoroney"><code>@IanMoroney</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/158">dorny/test-reporter#158</a></li> <li>Update jest-Junit part of Readme by <a href="https://github.com/ryancasburn-KAI"><code>@ryancasburn-KAI</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/176">dorny/test-reporter#176</a></li> <li>fix: default-valued fields are not mandatory by <a href="https://github.com/TomerFi"><code>@TomerFi</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/172">dorny/test-reporter#172</a></li> <li>Bump ansi-regex from 4.1.0 to 4.1.1 in /reports/jest by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/278">dorny/test-reporter#278</a></li> <li>Bump decode-uri-component from 0.2.0 to 0.2.2 in /reports/jest by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/276">dorny/test-reporter#276</a></li> <li>Bump minimist from 1.2.5 to 1.2.8 in /reports/jest by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/275">dorny/test-reporter#275</a></li> <li>Bump qs from 6.5.2 to 6.5.3 in /reports/jest by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/272">dorny/test-reporter#272</a></li> <li>Bump json5 from 2.1.3 to 2.2.3 in /reports/jest by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/271">dorny/test-reporter#271</a></li> <li>Bump ansi-regex from 3.0.0 to 3.0.1 in /reports/mocha by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/270">dorny/test-reporter#270</a></li> <li>declare 'url' and 'url_html' as action outputs by <a href="https://github.com/micha-one"><code>@micha-one</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/287">dorny/test-reporter#287</a></li> <li>Avoid split on undefined by <a href="https://github.com/cazou"><code>@cazou</code></a> in <a href="https://redirect.github.com/dorny/test-reporter/pull/258">dorny/test-reporter#258</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Thomas Eizinger
|
3c7ac084c0 |
feat(relay): MVP for routing channel data message in eBPF kernel (#8496)
## Abstract This pull-request implements the first stage of off-loading routing of TURN data channel messages to the kernel via an eBPF XDP program. In particular, the eBPF kernel implemented here **only** handles the decapsulation of IPv4 data channel messages into their embedded UDP payload. Implementation of other data paths, such as the receiving of UDP traffic on an allocation and wrapping it in a TURN channel data message is deferred to a later point for reasons explained further down. As it stands, this PR implements the bare minimum for us to start experimenting and benefiting from eBPF. It is already massive as it is due to the infrastructure required for actually doing this. Let's dive into it! ## A refresher on TURN channel-data messages TURN specifies a channel-data message for relaying data between two peers. A channel data message has a fixed 4-byte header: - The first two bytes specify the channel number - The second two bytes specify the length of the encapsulated payload Like all TURN traffic, channel data messages run over UDP by default, meaning this header sits at the very front of the UDP payload. This will be important later. After making an allocation with a TURN server (i.e. reserving a port on the TURN server's interfaces), a TURN client can bind channels on that allocation. As such, channel numbers are scoped to a client's allocation. Channel numbers are allocated by the client within a given range (0x4000 - 0x4FFF). When binding a channel, the client specifies the remote's peer address that they'd like the data sent on the channel to be sent to. Given this setup, when a TURN server receives a channel data message, it first looks at the sender's IP + port to infer the allocation (a client can only ever have 1 allocation at a time). Within that allocation, the server then looks for the channel number and retrieves the target socket address from that. The allocation itself is a port on the relay's interface. With that, we can now "unpack" the payload of the channel data message and rewrite it to the new receiver: - The new source IP can be set from the old dst IP (when operating in user-space mode this is irrelevant because we are working with the socket API). - The new source port is the client's allocation. - The new destination IP is retrieved from the mapping retrieved via the channel number. - The new destination port is retrieved from the mapping retrieved via the channel number. Last but not least, all that is left is removing the channel data header from the UDP payload and we can send out the packet. In other words, we need to cut off the first 4 bytes of the UDP payload. ## User-space relaying At present, we implement the above flow in user-space. This is tricky to do because we need to bind _many_ sockets, one for each possible allocation port (of which there can be 16383). The actual work to be done on these packets is also extremely minimal. All we do is cut off (or add on) the data-channel header. Benchmarks show that we spend pretty much all of our time copying data between user-space and kernel-space. Cutting this out should give us a massive increase in performance. ## Implementing an eBPF XDP TURN router eBPF has been shown to be a very efficient way of speeding up a TURN server [0]. After many failed experiments (e.g. using TC instead of XDP) and countless rabbit-holes, we have also arrived at the design documented within the paper. Most notably: - The eBPF program is entirely optional. We try to load it on startup, but if that fails, we will simply use the user-space mode. - Retaining the user-space mode is also important because under certain circumstances, the eBPF kernel needs to pass on the packet, for example, when receiving IPv4 packets with options. Those make the header dynamically-sized which makes further processing difficult because the eBPF verifier disallows indexing into the packet with data derived from the packet itself. - In order to add/remove the channel-data header, we shift the packet headers backwards / forwards and leave the payload in place as the packet headers are constant in size and can thus easily and cheaply be copied out. In order to perform the relaying flow explained above, we introduce maps that are shared with user-space. These maps go from a tuple of (client-socket, channel-number) to a tuple of (allocation-port, peer-socket) and thus give us all the data necessary to rewrite the packet. ## Integration with our relay Last but not least, to actually integrate the eBPF kernel with our relay, we need to extend the `Server` with two more events so we can learn, when channel bindings are created and when they expire. Using these events, we can then update the eBPF maps accordingly and therefore influence the routing behaviour in the kernel. ## Scope What is implemented here is only one of several possible data paths. Implementing the others isn't conceptually difficult but it does increase the scope. Landing something that already works allows us to gain experience running it in staging (and possibly production). Additionally, I've hit some issues with the eBPF verifier when adding more codepaths to the kernel. I expect those to be possible to resolve given sufficient debugging but I'd like to do so after merging this. --- Depends-On: #8506 Depends-On: #8507 Depends-On: #8500 Resolves: #8501 [0]: https://dl.acm.org/doi/pdf/10.1145/3609021.3609296 |
||
|
Thomas Eizinger
|
fb64c8b971 |
ci: correctly configure lychee checker to only run on website/ (#8527)
Unfortunately, the cwd I set for the action didn't seem to apply so it checked the links for the entire repo instead which - together with the `--base` setting, produces a lot of errors for relative links. In addition, lychee doesn't currently support having the `.lycheeignore` file in a subdirectory (see related link), meaning we unfortunately have to put yet another dot file in the root of our repository. Related: https://github.com/lycheeverse/lychee-action/issues/205 |
||
|
Thomas Eizinger
|
c2cc8e09db |
ci: add new link checker workflow for website (#8516)
Turns out we have several broken links on our website currently. Broken links don't make a good impression so we should catch them as early as possible. Due to how our website is laid out, that isn't always possible to catch these dead links in CI. The next best thing we can do is run a cron-job in our CI that checks our sourcecode and makes sure all links (including relative ones) are reachable. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Thomas Eizinger
|
9ab4507182 |
ci(rust): install nightly toolchain (#8507)
For #8501, we need to install a nightly toolchain in our CI system in order to compile to eBPF kernel. We already use a nightly toolchain for one of the static analysis tools. In this PR, we extend our `setup-rust` action to install the nightly toolchain for us which allows us to reuse that later. |
||
|
Thomas Eizinger
|
3e8eb12e16 |
ci(rust): cross-compile without cross (#8506)
For #7518, we need an additional toolchain (nightly) to compile the relay and installing that within `cross` is quite complicated. Our cross-compiling needs are actually quite simple to satisfy. All we need is to download the corresponding musl toolchain and set some environment variables. The rest is handled by cargo. |
||
|
Jamil
|
effe169414 |
chore: release apple 1.4.8 (#8499)
Introduces the autoconnect and session end fixes. |
||
|
Jamil
|
e0c373ef2b |
chore(infra): Move google gateway to dedicated module (#8489)
Removes the google gateway module in this repo because: - We already reference this module from our `environments` repo. - Customers are already using the dedicated module - Any actually pointing to the module in this repo will have issues because Terraform [automatically tries to clone submodules](https://github.com/hashicorp/terraform/issues/34917). |
||
|
Jamil
|
73c63c8ea4 |
chore(infra): Use simplified config for swap space (#8488)
Turns out cloud-init has native support for configuring swapfiles, so we use that here and make it configurable. The `environments` submodule will be updated to inject the current value into here. |
||
|
Jamil
|
e642eefb35 |
chore: Cut all clients to ship search domains (#8442)
Waiting on app reviews to be approved, then this PR will be ready to merge. |
||
|
Thomas Eizinger
|
022fb9fed9 |
ci: create Sentry releases for Android clients (#8463)
This marks the release in Sentry as "released" and also attaches the commits to it that we made since the last release. |
||
|
Jamil
|
931048a667 |
chore(connlib): Remove manual expansion of search domain (#8443)
Reverts part of #8378 so that our OS-native expansion takes effect on all platforms. --------- Co-authored-by: Thomas Eizinger <thomas@eizinger.io> |
||
|
Jamil
|
0c231eb536 |
ci: Explicitly run swiftlint (#8447)
~~Apparently `xcodebuild` doesn't bubble these up from CLI invocations.~~ The `swiftlint` CLI binary isn't installed on the GitHub runners, so we need to install it. This PR also explicitly runs `swiftlint` before any build operations to display a nicer diff if files were changed as a result of the fixing. |
||
|
Jamil
|
a47b96bcad |
chore: Release android 1.4.4 (#8449)
This was already published on Google Play, but the other clients will follow suit in #8442. |
||
|
Jamil
|
06aa485e18 |
ci: Use search_domain for one resource in CI test (#8393)
- Adds a `search_domain` of `httpbin.test` in seeds - Updates one of our DNS resources under CI test to use this |
||
|
Jamil
|
1fbf126e8e |
fix(portal): Bump hackney to fix CVE (#8423)
Bump hackney to 1.23.0 to resolve https://github.com/advisories/GHSA-vq52-99r9-h5pw |
||
|
Jamil
|
25c708fb43 | ci: Bump apple clients to 1.4.6 (#8418) | ||
|
Jamil
|
f3e36a2253 | ci: bump android to 1.4.3 (#8416) | ||
|
Jamil
|
df5bbdd240 | ci: Ship SRV/TXT for GUI/Headless/Gateway (#8413) | ||
|
Thomas Eizinger
|
39e272cfd1 |
refactor(rust): introduce dns-types crate (#8380)
A sizeable chunk of Firezone's Rust components deal with parsing, manipulating and emitting DNS queries and responses. The API surface of DNS is quite large and to make handling of all corner-cases easier, we depend on the `domain` library to do the heavy-lifting for us. For better or worse, `domain` follows a lazy-parsing approach. Thus, creating a new DNS message doesn't actually verify that it is in fact valid. Within Firezone, we make several assumptions around DNS messages, such as that they will only ever contain a single question. Historically, DNS allows for multiple questions per query but in practise, nobody uses that. Due to how we handle DNS in Firezone, manipulating these messages happens in multiple places. That combined with the lazy-parsing approach from `domain` warrants having our own `dns-types` library that wraps `domain` and provides us with types that offer the interface we need in the rest of the codebase. Resolves: #7019 |
||
|
Thomas Eizinger
|
6d87bb4009 |
feat(connlib): expand single-label queries using search-domain (#8378)
Search domains are a way of performing a DNS lookup without typing the full-qualified domain name. For example, with a search domain of `example.com`, performing a DNS query for `app` will automatically expand the query to `app.example.com`. At present, this doesn't work with Firezone because there is no way to configure an account-wide search-domain. With this PR, we extend the `Interface` message sent by the portal to also include an optional `search_domain` field that must be a valid domain name. If set, `connlib`'s DNS stub resolver will now append this domain to all single-label queries and match the resulting domain against all active DNS resource. On Linux - with `systemd-resolved` as the DNS backend - we need to set the search domain on the TUN interface as well and enable LLMNR in order to be able to intercept these queries. `resolved` expands the query for us, however, meaning with this configuration, we don't actually receive a single-label query in `connlib`. Instead, we directly see `app.example.com` when we type `host app` or `dig +search app` and have `example.com` as our search domain. MacOS has a similar system but with a different fallack. There, the operating system will first try all configured search domains on the system (typically just the ones set prior to Firezone starting), and send queries for FQDN to all resolvers. If none of the resolvers (including Firezone's stub resolver) return results, it sends the single-label query directly to the primary resolver. To handle this case, Firezone needs to know about the search-domain and expand it itself when it receives the single-label query. In the future, we may want to look into how we can configure MacOS such that it performs this expansion for us. On Windows and Android, queries for a single-label domain will be directly sent to Firezone's stub resolver where we then hit the same codepath as explained above. Specifically, the way this codepath works is that if we receive a single-label query AND we have a search-domain set, we expand it and match that particular query against our list of resources. In every other case, we continue on with the single-label domain. Related: #8365 Fixes: #8377 |
||
|
Thomas Eizinger
|
99d8fcb8fc |
feat(connlib): resolve SRV & TXT queries for resources in sites (#8335)
## Description We want to resolve DNS queries of type SRV & TXT for DNS resources within the network context of the site that is hosting the DNS resource itself. This allows admins to e.g. deploy dedicated nameservers into those sites and have them resolve their SRV and TXT records to names that are scoped to that particular site. SRV records themselves return more domains which - if they are configured as DNS resources - will be intercepted and then routed to the correct site. Prior to this PR, SRV & TXT records got resolved by the DNS server configured on the client (or the server defined in the Firezone portal), even if the domain in question was a DNS resource. This effectively meant that those SRV records have to be valid globally and could not be specific to the site that the DNS resource is hosted in. ## Example Say we have these wildcard DNS resources: - `**.department-a.example.com` - `**.department-b.example.com` Each of these DNS resources is assigned to a different site. If we now issue an SRV DNS query to `_my-service.department-a.example.com`, we may receive back the following records: - `_my-service.department-a.example.com. 86400 IN SRV 10 60 8080 my-service1.department-a.example.com.` - `_my-service.department-a.example.com. 86400 IN SRV 10 60 8080 my-service2.department-a.example.com.` - `_my-service.department-a.example.com. 86400 IN SRV 10 60 8080 my-service3.department-a.example.com.` Notice how the SRV records point to domains that will also match the wildcard DNS resource above! If that is the case, Firezone will also intercept A & AAAA queries for this service (which are a natural follow-up from an application making an SRV query). As a result, traffic for `my-service1.department-a.example.com` will be routed to the same site the DNS resource is defined in. If the returned domains don't match the wildcard DNS resource, the traffic will either not be intercepted at all (if it is not a DNS resource) or routed to whichever site defines the corresponding DNS resource. All of these scenarios may be what the admin wants. If the SRV records defined for the DNS resource are globally valid (and e.g. not even resources), then resolving them using the Client's system resolver may be all that is needed. If the services are running in a dedicated site, that traffic should indeed be routed to that site. As such, Firezone itself cannot make any assumption about the structure of these records at all. The only thing that is enabled with this PR is that IF the structure happens to match the same DNS resource, it allows admins to deploy site-specific services that resolve their concrete domains via SRV records. ## Testing The implementation is tested using our property-based testing framework. In order to cover these cases, we introduce the notion of site-specific DNS records which are sampled when we create each individual Gateway. When selecting a domain to query for, all global DNS records and the site-specific ones are merged and a domain name and query type is chosen at random. At present, this testing framework does not assert that the DNS response itself is correct, i.e. that it actually returned the site-specific record. We don't assert this for any other DNS queries, hence this is left for a future extension. We do assert using our regression grep's that we hit the codepath of querying an SRV or TXT record for a DNS resource. Related: #8221 |
||
|
dependabot[bot]
|
3931497f9e |
build(deps): bump docker/metadata-action from 5.6.1 to 5.7.0 (#8318)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.6.1 to 5.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.7.0</h2> <ul> <li>Global expressions support for labels and annotations by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/489">docker/metadata-action#489</a></li> <li>Support disabling outputs as environment variables by <a href="https://github.com/omus"><code>@omus</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/497">docker/metadata-action#497</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.44.0 to 0.56.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/507">docker/metadata-action#507</a> <a href="https://redirect.github.com/docker/metadata-action/pull/509">docker/metadata-action#509</a></li> <li>Bump csv-parse from 5.5.6 to 5.6.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/482">docker/metadata-action#482</a></li> <li>Bump moment-timezone from 0.5.46 to 0.5.47 in <a href="https://redirect.github.com/docker/metadata-action/pull/501">docker/metadata-action#501</a></li> <li>Bump semver from 7.6.3 to 7.7.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/504">docker/metadata-action#504</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.6.1...v5.7.0">https://github.com/docker/metadata-action/compare/v5.6.1...v5.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7c0812d8d3 |
build(deps): bump docker/build-push-action from 6.13.0 to 6.15.0 (#8316)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.13.0 to 6.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.15.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.55.0 to 0.56.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1330">docker/build-push-action#1330</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.14.0...v6.15.0">https://github.com/docker/build-push-action/compare/v6.14.0...v6.15.0</a></p> <h2>v6.14.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.53.0 to 0.55.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1324">docker/build-push-action#1324</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.13.0...v6.14.0">https://github.com/docker/build-push-action/compare/v6.13.0...v6.14.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ac61be40b1 |
build(deps): bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 (#8315)
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 2.2.0 to 2.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lycheeverse/lychee-action/releases">lycheeverse/lychee-action's releases</a>.</em></p> <blockquote> <h2>Version 2.3.0</h2> <h2>What's Changed</h2> <ul> <li>feat: support ARM workers by <a href="https://github.com/LesnyRumcajs"><code>@LesnyRumcajs</code></a> in <a href="https://redirect.github.com/lycheeverse/lychee-action/pull/273">lycheeverse/lychee-action#273</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/LesnyRumcajs"><code>@LesnyRumcajs</code></a> made their first contribution in <a href="https://redirect.github.com/lycheeverse/lychee-action/pull/273">lycheeverse/lychee-action#273</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lycheeverse/lychee-action/compare/v2...v2.3.0">https://github.com/lycheeverse/lychee-action/compare/v2...v2.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5c87cfc5ca |
build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 (#8317)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 4.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v4.6.1</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.2.2 package by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/673">actions/upload-artifact#673</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1">https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9972352e9d |
build(deps): bump taiki-e/install-action from 2.47.32 to 2.49.9 (#8314)
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.47.32 to 2.49.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's releases</a>.</em></p> <blockquote> <h2>2.49.9</h2> <ul> <li>Update <code>typos@latest</code> to 1.30.0.</li> </ul> <h2>2.49.8</h2> <ul> <li> <p>Update <code>cargo-binstall@latest</code> to 1.11.2.</p> </li> <li> <p>Update <code>cargo-audit@latest</code> to 0.21.2.</p> </li> </ul> <h2>2.49.7</h2> <ul> <li>Update <code>cargo-deny@latest</code> to 0.18.1.</li> </ul> <h2>2.49.6</h2> <ul> <li>Update <code>cargo-lambda@latest</code> to 1.7.0.</li> </ul> <h2>2.49.5</h2> <ul> <li> <p>Update <code>wasmtime@latest</code> to 30.0.2.</p> </li> <li> <p>Update <code>release-plz@latest</code> to 0.3.123.</p> </li> </ul> <h2>2.49.4</h2> <ul> <li>Update <code>typos@latest</code> to 1.29.10.</li> </ul> <h2>2.49.3</h2> <ul> <li> <p>Update <code>wash@latest</code> to 0.39.0.</p> </li> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.92.</p> </li> </ul> <h2>2.49.2</h2> <ul> <li> <p>Update <code>sccache@latest</code> to 0.10.0.</p> </li> <li> <p>Update <code>cargo-machete@latest</code> to 0.8.0.</p> </li> </ul> <h2>2.49.1</h2> <ul> <li>Update <code>cargo-deny@latest</code> to 0.18.0.</li> </ul> <h2>2.49.0</h2> <ul> <li>Allow installing pre-release versions using binstall. (<a href="https://redirect.github.com/taiki-e/install-action/pull/868">#868</a>)</li> </ul> <h2>2.48.22</h2> <ul> <li> <p>Update <code>cargo-binstall@latest</code> to 1.11.1.</p> </li> <li> <p>Update <code>release-plz@latest</code> to 0.3.122.</p> </li> </ul> <h2>2.48.21</h2> <ul> <li> <p>Update <code>wasmtime@latest</code> to 30.0.1.</p> </li> <li> <p>Update <code>syft@latest</code> to 1.20.0.</p> </li> </ul> <h2>2.48.20</h2> <ul> <li>Update <code>cargo-udeps@latest</code> to 0.1.55.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>This project adheres to <a href="https://semver.org">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased]</h2> <h2>[2.49.9] - 2025-03-01</h2> <ul> <li>Update <code>typos@latest</code> to 1.30.0.</li> </ul> <h2>[2.49.8] - 2025-02-28</h2> <ul> <li> <p>Update <code>cargo-binstall@latest</code> to 1.11.2.</p> </li> <li> <p>Update <code>cargo-audit@latest</code> to 0.21.2.</p> </li> </ul> <h2>[2.49.7] - 2025-02-27</h2> <ul> <li>Update <code>cargo-deny@latest</code> to 0.18.1.</li> </ul> <h2>[2.49.6] - 2025-02-27</h2> <ul> <li>Update <code>cargo-lambda@latest</code> to 1.7.0.</li> </ul> <h2>[2.49.5] - 2025-02-25</h2> <ul> <li> <p>Update <code>wasmtime@latest</code> to 30.0.2.</p> </li> <li> <p>Update <code>release-plz@latest</code> to 0.3.123.</p> </li> </ul> <h2>[2.49.4] - 2025-02-25</h2> <ul> <li>Update <code>typos@latest</code> to 1.29.10.</li> </ul> <h2>[2.49.3] - 2025-02-25</h2> <ul> <li> <p>Update <code>wash@latest</code> to 0.39.0.</p> </li> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.92.</p> </li> </ul> <h2>[2.49.2] - 2025-02-25</h2> <ul> <li>Update <code>sccache@latest</code> to 0.10.0.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
280dc6c97b |
ci: Don't specify Xcode version (#8293)
A particular version of Xcode locks in particular versions of SDKs to build against. If we hardcode this, the benefit is that we have a predictable and repeatable build environment. The downside is whenever GitHub updates its macOS runner images, we could fail to build due to a version mismatch. In general, drift between Xcode versions isn't a problem, and tracking the latest will more closely track developer's machines. |
||
|
Jamil
|
14436908d2 | chore: Release GUI client 1.4.7 (#8275) | ||
|
Jamil
|
48030f68d7 |
ci: Bump Apple clients to 1.4.5 (#8252)
These have been published. This fixes a critical bug preventing the client from launching on macOS. |
||
|
Jamil
|
0bc3895c3e |
ci: Bump Apple clients to 1.4.4 (#8245)
These have been released / published. Need to merge this to get website links and changelog updated. |
||
|
Thomas Eizinger
|
6f68b97558 |
chore(gui-client): release v1.4.6 (#8211)
|
||
|
Jamil
|
d99508ead5 |
chore(infra): Move terraform/environments to submodule (#8168)
This moves our current GCP infra to a new firezone/environments repo. The existing Git history is preserved, and CI config is updated to clone this submodule before running any terraform jobs. |
||
|
Jamil
|
be420810e3 |
chore(elixir): Check on hackney CVE in a month (#8170)
This looks to have been demoted to a low sev. We aren't affected and hackney still hasn't released a fixed package, so ignoring for another 3 weeks. |
||
|
Jamil
|
e487272a1b | chore(apple): Release Apple clients 1.4.3 (#8144) | ||
|
Jamil
|
d38ec466b9 | chore(android): Release Android 1.4.2 (#8145) | ||
|
Jamil
|
4685c8edfd |
ci: Add write perms to release drafter for kotlin (#8140)
Needed to be able to create release drafts. |
||
|
Jamil
|
39cbf60ec8 |
ci: Bump Apple clients to 1.4.2 (#8109)
Fixes a slew of memory leaks, crashes, and other papercuts. |
||
|
Jamil
|
5afeb30f6f | ci: Bump GUI clients to 1.4.5 (#8113) | ||
|
Jamil
|
316ba6ddc3 |
ci: Upload Android symbols to Sentry (#8111)
Related: #8050 |
||
|
Jamil
|
638c60649c |
fix(portal): silence hackney CVE-2025-1211 (#8103)
To my knowledge we don't rely on this particular functionality from hackney. Unfortunately, we don't control the `hackney` version used by deps, and there is no non-vulnerable version ready yet, so we ignore the advisory for now. A fuse has been set to fire one week from now. |