Merge branch 'prebid:master' into master

AIDEM-Technologies · Oct 4, 2024 · 4ddf09d · 4ddf09d
2 parents 186aa7b + f27bcef
commit 4ddf09d
Show file tree

Hide file tree

Showing 3,196 changed files with 85,111 additions and 10,996 deletions.
diff --git a/.github/workflows/adapter-code-coverage.yml b/.github/workflows/adapter-code-coverage.yml
@@ -1,29 +1,32 @@
-name: Adapter code coverage
+name: Adapter Code Coverage
+
 on:
   pull_request_target:
     paths: ["adapters/*/*.go"]
+
 permissions:
   pull-requests: write
   contents: write
+
 jobs:
   run-coverage:
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
-          go-version: 1.20.5
+          go-version: 1.22.3
 
-      - name: Checkout pull request branch
-        uses: actions/checkout@v3
+      - name: Checkout Code
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
 
-      - name: Get adapter directories
+      - name: Discover Adapter Directories
         id: get_directories
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           result-encoding: string
           script: |
@@ -36,10 +39,11 @@ jobs:
               return ""
             }
             const helper = utils.diffHelper({github, context})
-            const files = await helper.getDirectories(directoryExtractor)
-            return files.length == 0 ? "" : JSON.stringify(files);
+            const directories = await helper.getDirectories(directoryExtractor)
+            // run coverage for maximum of 2 directories
+            return (directories.length == 0 || directories.length > 2) ? "" : JSON.stringify(directories)
 
-      - name: Run coverage tests
+      - name: Run Coverage Tests
         id: run_coverage
         if: steps.get_directories.outputs.result != ''
         run: |
@@ -66,14 +70,14 @@ jobs:
           cd ..
           rm -f -r ./*
 
-      - name: Checkout coverage-preview branch
-        uses: actions/checkout@v3
+      - name: Checkout Coverage Preview Branch
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           ref: coverage-preview
           repository: prebid/prebid-server
 
-      - name: Commit coverage files to coverage-preview branch
+      - name: Upload Coverage Results
         if: steps.run_coverage.outputs.coverage_dir != ''
         id: commit_coverage
         run: |
@@ -87,13 +91,13 @@ jobs:
           git push origin coverage-preview
           echo "remote_coverage_preview_dir=${directory}" >> $GITHUB_OUTPUT
 
-      - name: Checkout master branch
+      - name: Checkout Master Branch
         if: steps.get_directories.outputs.result != ''
         run: git checkout master
 
-      - name: Add coverage summary to pull request
+      - name: Add Coverage Summary To Pull Request
         if: steps.run_coverage.outputs.coverage_dir != '' && steps.commit_coverage.outputs.remote_coverage_preview_dir != ''
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const utils = require('./.github/workflows/helpers/pull-request-utils.js')

diff --git a/.github/workflows/helpers/pull-request-utils.js b/.github/workflows/helpers/pull-request-utils.js
@@ -1,7 +1,9 @@
 const synchronizeEvent = "synchronize",
   openedEvent = "opened",
   completedStatus = "completed",
-  resultSize = 100
+  resultSize = 100,
+  adminPermission = "admin",
+  writePermission = "write"
 
 class diffHelper {
   constructor(input) {
@@ -407,8 +409,31 @@ class coverageHelper {
   }
 }
 
+class userHelper {
+  constructor(input) {
+    this.owner = input.context.repo.owner
+    this.repo = input.context.repo.repo
+    this.github = input.github
+    this.user = input.user
+  }
+
+  /*
+    Checks if the user has write permissions for the repository
+    @returns {boolean} - returns true if the user has write permissions, otherwise false
+  */
+  async hasWritePermissions() {
+    const { data } = await this.github.rest.repos.getCollaboratorPermissionLevel({
+      owner: this.owner,
+      repo: this.repo,
+      username: this.user,
+    })
+    return data.permission === writePermission || data.permission === adminPermission
+  }
+}
+
 module.exports = {
   diffHelper: (input) => new diffHelper(input),
   semgrepHelper: (input) => new semgrepHelper(input),
   coverageHelper: (input) => new coverageHelper(input),
+  userHelper: (input) => new userHelper(input),
 }
diff --git a/.github/workflows/issue_prioritization.yml b/.github/workflows/issue_prioritization.yml
@@ -10,7 +10,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate_token
-        uses: tibdex/github-app-token@36464acb844fc53b9b8b2401da68844f6b05ebb0
+        uses: tibdex/github-app-token@v2.1.0
         with:
           app_id: ${{ secrets.PBS_PROJECT_APP_ID }}
           private_key: ${{ secrets.PBS_PROJECT_APP_PEM }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -25,13 +25,25 @@ jobs:
     permissions:
       contents: read
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          repository: ${{ github.repository }}
+          ref: master
       - name: Check user permission
-        uses: actions-cool/[email protected]
+        uses: actions/github-script@v7
         id: check
         with:
-          require: 'write'
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          result-encoding: string
+          script: |
+            const utils = require('./.github/workflows/helpers/pull-request-utils.js')
+            const helper = utils.userHelper({github, context, user: '${{ github.actor }}'})
+            const hasPermission = await helper.hasWritePermissions()
+            return hasPermission
     outputs:
-      hasWritePermission: ${{ steps.check.outputs.require-result }}
+      hasWritePermission: ${{ steps.check.outputs.result }}
 
   build-master:
     name: Build master
@@ -40,7 +52,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@master
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           repository: ${{ github.repository }}
@@ -52,13 +64,12 @@ jobs:
   publish-tag:
     name: Publish tag
     needs: build-master
-    if: contains(needs.check-permission.outputs.hasWritePermission, 'true')
     permissions:
       contents: write
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Prebid Server
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Create & publish tag
@@ -111,7 +122,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Prebid Server
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Build image

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Resolves to empty string for push events and falls back to HEAD.
           ref: ${{ github.event.pull_request.head.sha }}
@@ -29,6 +29,6 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Results To GitHub Security Tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -1,23 +1,26 @@
-name: Adapter semgrep checks
+name: Adapter Semgrep Check
+
 on:
   pull_request_target:
     paths: ["adapters/*/*.go"]
+
 permissions: 
     pull-requests: write
+
 jobs:
   semgrep-check:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v3
+      - name: Checkout Code
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
 
-      - name: Calculate diff
+      - name: Calculate Code Diff
         id: calculate_diff
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           result-encoding: string
           script: |
@@ -29,7 +32,7 @@ jobs:
             const helper = utils.diffHelper({github, context, fileNameFilter, event: "${{github.event.action}}", testName: "${{github.job}}"})
             return await helper.buildDiff()
 
-      - name: Should run semgrep
+      - name: Check For Changes
         id: should_run_semgrep
         run: |
           hasChanges=$(echo '${{ steps.calculate_diff.outputs.result }}' | jq .pullRequest.hasChanges)
@@ -41,18 +44,18 @@ jobs:
           pip3 install semgrep==1.22.0
           semgrep --version
 
-      - name: Run semgrep tests
+      - name: Run Semgrep
         id: run_semgrep_tests
         if: contains(steps.should_run_semgrep.outputs.hasChanges, 'true')
         run: |
           unqouted_string=$(echo '${{ steps.calculate_diff.outputs.result }}' | jq .pullRequest.files | tr -d '"')
           outputs=$(semgrep --gitlab-sast --config=.semgrep/adapter $unqouted_string  | jq '[.vulnerabilities[] | {"file": .location.file, "severity": .severity, "start": .location.start_line, "end": .location.end_line, "message": (.message | gsub("\\n"; "\n"))}]' | jq -c | jq -R)
           echo "semgrep_result=${outputs}" >> "$GITHUB_OUTPUT"
 
-      - name: Add pull request comment
+      - name: Add Pull Request Comment
         id: add_pull_request_comment
         if: contains(steps.should_run_semgrep.outputs.hasChanges, 'true')
-        uses: actions/github-script@v6.4.1
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           result-encoding: string
@@ -66,7 +69,7 @@ jobs:
             const { previousScan, currentScan } = await helper.addReviewComments()
             return previousScan.unAddressedComments + currentScan.newComments
 
-      - name: Adapter semgrep checks result
+      - name: Check Results
         if: contains(steps.should_run_semgrep.outputs.hasChanges, 'true')
         run: |
           if [ "${{steps.add_pull_request_comment.outputs.result}}" -ne "0" ]; then

diff --git a/.github/workflows/validate-merge.yml b/.github/workflows/validate-merge.yml
@@ -10,12 +10,12 @@ jobs:
 
     steps:
     - name: Install Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.20.5
+        go-version: 1.22.3
 
     - name: Checkout Merged Branch
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Validate
       run: |

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -10,18 +10,18 @@ jobs:
   validate:
     strategy:
       matrix:
-        go-version: [1.19.x, 1.20.x]
+        go-version: [1.21.x, 1.22.x]
         os: [ubuntu-20.04]
     runs-on: ${{ matrix.os }}
 
     steps:
     - name: Install Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ${{ matrix.go-version }}
 
     - name: Checkout Code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         # Resolves to empty string for push events and falls back to HEAD.
         ref: ${{ github.event.pull_request.head.sha }}

diff --git a/.gitignore b/.gitignore
@@ -8,6 +8,7 @@ _obj
 _test
 .cover/
 .idea/
+.vscode/
 
 # Architecture specific extensions/prefixes
 *.[568vq]
@@ -42,11 +43,8 @@ inventory_url.yaml
 analytics/config/testFiles/
 analytics/filesystem/testFiles/
 
-# autogenerated version file
-# static/version.txt
-
-.idea/
-.vscode/
+# autogenerated files
+prebid-server.iml
 
 # autogenerated mac file
 

diff --git a/Dockerfile b/Dockerfile
@@ -3,18 +3,22 @@ RUN apt-get update && \
     apt-get -y upgrade && \
     apt-get install -y wget
 WORKDIR /tmp
-RUN wget https://dl.google.com/go/go1.20.5.linux-amd64.tar.gz && \
-    tar -xf go1.20.5.linux-amd64.tar.gz && \
+RUN wget https://dl.google.com/go/go1.22.3.linux-amd64.tar.gz && \
+    tar -xf go1.22.3.linux-amd64.tar.gz && \
     mv go /usr/local
 RUN mkdir -p /app/prebid-server/
 WORKDIR /app/prebid-server/
 ENV GOROOT=/usr/local/go
 ENV PATH=$GOROOT/bin:$PATH
 ENV GOPROXY="https://proxy.golang.org"
+
+# Installing gcc as cgo uses it to build native code of some modules
 RUN apt-get update && \
-    apt-get install -y git && \
+    apt-get install -y git gcc && \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-ENV CGO_ENABLED 0
+
+# CGO must be enabled because some modules depend on native C code
+ENV CGO_ENABLED 1
 COPY ./ ./
 RUN go mod tidy
 RUN go mod vendor
@@ -30,8 +34,10 @@ RUN chmod a+xr prebid-server
 COPY static static/
 COPY stored_requests/data stored_requests/data
 RUN chmod -R a+r static/ stored_requests/data
+
+# Installing libatomic1 as it is a runtime dependency for some modules
 RUN apt-get update && \
-    apt-get install -y ca-certificates mtr && \
+    apt-get install -y ca-certificates mtr libatomic1 && \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 RUN adduser prebid_user
 USER prebid_user