Merge branch 'main' into HASI2024173-22.fix-cross-app-guid-auth.stable

.github/workflows/scorecard.yml

@@ -46,7 +46,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: SARIF file
           path: results.sarif

Makefile

@@ -80,6 +80,7 @@ clean-scheduler:
 clean-certs:
 	@echo " - cleaning test certs"
 	@rm -f test-certs/*
+	@rm --force --recursive src/scheduler/src/test/resources/certs
 clean-bosh-release:
 	@echo " - cleaning bosh dev releases"
 	@rm -rf dev_releases
@@ -114,13 +115,12 @@ $(addprefix test_,$(go_modules)):
 
 
 .PHONY: test-certs
-test-certs: target/autoscaler_test_certs target/scheduler_test_certs
+test-certs: target/autoscaler_test_certs src/scheduler/src/test/resources/certs
 target/autoscaler_test_certs:
 	@./scripts/generate_test_certs.sh
 	@touch $@
-target/scheduler_test_certs:
+src/scheduler/src/test/resources/certs:
 	@./src/scheduler/scripts/generate_unit_test_certs.sh
-	@touch $@
 
 
 .PHONY: test test-autoscaler test-scheduler test-changelog test-changeloglockcleaner
@@ -371,8 +371,8 @@ build-test-app:
 deploy-test-app:
 	@make --directory='./src/acceptance/assets/app/go_app' deploy
 
-.PHONY: build-acceptance-test-app
-build-acceptance-test-app:
+.PHONY: build-acceptance-tests
+build-acceptance-tests:
 	@make --directory='./src/acceptance' build_tests
 
 .PHONY: acceptance-tests
@@ -451,3 +451,7 @@ go-get-u: $(addsuffix .go-get-u,$(go_modules))
 	@echo " - go get -u" $<
 	cd src/$< && \
 	go get -u ./...
+
+
+mta-deploy:
+	@make --directory='./src/autoscaler' mta-deploy

ci/Makefile

@@ -3,11 +3,14 @@
 set-autoscaler-pipeline:
 	@./autoscaler/set-pipeline.sh
 
+.PHONY: set-infrastructure-pipeline
+set-infrastructure-pipeline:
+	@./infrastructure/set-pipeline.sh
+
 .PHONY: unpause-pipeline
 unpause-pipeline:
 	@./scripts/unpause-pipeline.sh
 
-
 .PHONY: delete-pipeline
 delete-pipeline:
 	@./scripts/delete-pipeline.sh

ci/autoscaler/pipeline.yml

@@ -31,10 +31,8 @@ anchors:
       operations/set-release-version.yml
       operations/enable-metricsforwarder-via-syslog-agent.yml
       operations/enable-scheduler-logging.yml
-      operations/disable-postgres-tls-config.yml
       operations/use-cf-services.yml
 
-
   app-autoscaler-ops-files-upgrade: &app-autoscaler-ops-files-upgrade
     OPS_FILES: |
       operations/add-releases.yml
@@ -579,12 +577,11 @@ jobs:
   plan:
   - in_parallel:
     - get: app-autoscaler-release
-    - get: java-release
     - get: golang-release
       trigger: true
     - get: ci
   - task: update-golang-sdk
-    file: ci/ci/autoscaler/tasks/update-sdk/task.yml
+    file: ci/ci/autoscaler/tasks/update-sdk/go_task.yml
     params:
       type: golang
 
@@ -596,9 +593,8 @@ jobs:
     - get: app-autoscaler-release
     - get: java-release
       trigger: true
-    - get: golang-release
     - get: ci
   - task: update-java-sdk
-    file: ci/ci/autoscaler/tasks/update-sdk/task.yml
+    file: ci/ci/autoscaler/tasks/update-sdk/java_task.yml
     params:
       type: java

ci/autoscaler/scripts/acceptance-tests-config.sh

@@ -17,6 +17,15 @@ performance_setup_workers="${PERFORMANCE_SETUP_WORKERS:-}"
 performance_update_existing_org_quota=${PERFORMANCE_UPDATE_EXISTING_ORG_QUOTA:-true}
 cpu_upper_threshold=${CPU_UPPER_THRESHOLD:-100}
 
+if [[ -z "${cf_admin_password}" ]]
+then
+	pushd "${bbl_state_path}"
+		eval "$(bbl print-env)"
+	popd
+
+	cf_admin_password="$(credhub get --quiet --name='/bosh-autoscaler/cf/cf_admin_password')"
+fi
+
 function write_app_config() {
 	local -r config_path="$1"
 	local -r use_existing_organization="$2"
@@ -55,9 +64,6 @@ function write_app_config() {
 EOF
 }
 
-echo "${ACCEPTANCE_CONFIG_PATH}" \
-			"${use_existing_organization}" "${use_existing_space}" "${existing_organization}" "${existing_space}"
-
 write_app_config \
 	"${ACCEPTANCE_CONFIG_PATH}" \
 	"${use_existing_organization}" "${use_existing_space}" "${existing_organization}" "${existing_space}"

ci/autoscaler/scripts/common.sh

@@ -95,17 +95,19 @@ function unset_vars() {
 
 function find_or_create_org(){
   local org_name="$1"
-  if ! cf orgs | grep --quiet --regexp="${org_name}"; then
+  if ! cf orgs | grep --quiet --regexp="^${org_name}$"; then
     cf create-org "${org_name}"
   fi
+  echo "targeting org ${org_name}"
   cf target -o "${org_name}"
 }
 
 function find_or_create_space(){
   local space_name="$1"
-  if ! cf spaces | grep --quiet --regexp="${space_name}"; then
+  if ! cf spaces | grep --quiet --regexp="^${space_name}$"; then
     cf create-space "${space_name}"
   fi
+  echo "targeting space ${space_name}"
   cf target -s "${space_name}"
 }
 

ci/autoscaler/scripts/deploy-apps.sh

@@ -8,9 +8,8 @@ source "${script_dir}/vars.source.sh"
 
 function deploy() {
   log "Deploying autoscaler apps for bosh deployment '${deployment_name}' "
-  pushd "${autoscaler_dir}/src/autoscaler/metricsforwarder" > /dev/null
-    log "Deploying autoscaler apps"
-    make cf-push
+  pushd "${autoscaler_dir}/src/autoscaler" > /dev/null
+    make mta-deploy
   popd > /dev/null
 }
 

ci/autoscaler/scripts/deploy-autoscaler.sh

@@ -1,6 +1,7 @@
 #! /usr/bin/env bash
 # shellcheck disable=SC2086,SC2034,SC2155
 set -euo pipefail
+
 script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "${script_dir}/vars.source.sh"
 
@@ -87,7 +88,12 @@ function create_manifest(){
       -v system_domain="${system_domain}" \
       -v deployment_name="${deployment_name}" \
       -v app_autoscaler_version="${bosh_release_version}" \
-      -v admin_password="$(credhub get -n /bosh-autoscaler/cf/cf_admin_password -q)" \
+      -v admin_password="$(credhub get -n /bosh-autoscaler/cf/cf_admin_password -q)"\
+      -v routing_api_ca_certs="$(credhub get -n /bosh-autoscaler/cf/router_ssl --key ca --quiet)"\
+      -v routing_api_client_secret="$(credhub get -n /bosh-autoscaler/cf/uaa_clients_routing_api_client_secret --quiet)"\
+      -v routing_api_tls_client_cert="$(credhub get -n /bosh-autoscaler/cf/routing_api_tls_client --key certificate --quiet)"\
+      -v routing_api_tls_client_private_key="$(credhub get -n /bosh-autoscaler/cf/routing_api_tls_client --key private_key --quiet)"\
+      -v routing_api_server_ca_cert="$(credhub get -n /bosh-autoscaler/cf/router_ssl --key ca --quiet)"\
       -v cf_client_id=autoscaler_client_id \
       -v cf_client_secret=autoscaler_client_secret \
       -v log_cache_syslog_tls_ca="$(credhub get -n /bosh-autoscaler/cf/log_cache_syslog_tls --key ca --quiet)"\

ci/autoscaler/scripts/run-acceptance-tests.sh

@@ -4,50 +4,40 @@ set -eu -o pipefail
 script_dir="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 source "${script_dir}/vars.source.sh"
 
-cf_admin_password="${CF_ADMIN_PASSWORD:-}"
 skip_teardown="${SKIP_TEARDOWN:-false}"
 suites="${SUITES:-"api app broker"}"
 ginkgo_opts="${GINKGO_OPTS:-}"
 nodes="${NODES:-3}"
 
 if [[ ! -d "${bbl_state_path}" ]]
 then
-  echo "FAILED: Did not find bbl-state folder at ${bbl_state_path}"
-  echo "Make sure you have checked out the app-autoscaler-env-bbl-state repository next to the app-autoscaler-release repository to run this target or indicate its location via BBL_STATE_PATH";
-  exit 1;
+	echo "FAILED: Did not find bbl-state folder at ${bbl_state_path}"
+	echo "Make sure you have checked out the app-autoscaler-env-bbl-state repository next to the app-autoscaler-release repository to run this target or indicate its location via BBL_STATE_PATH";
+	exit 1;
 fi
 
 if [[ ! -f "${autoscaler_dir}/src/acceptance/acceptance_config.json" ]]
 then
-  echo 'FAILED: Did not find file acceptance_config.json.'
-  exit 1
-fi
-
-if [[ -z "${cf_admin_password}" ]]
-then
-  pushd "${bbl_state_path}"
-    eval "$(bbl print-env)"
-  popd
-
-  cf_admin_password="$(credhub get --quiet --name='/bosh-autoscaler/cf/cf_admin_password')"
+	echo 'FAILED: Did not find file acceptance_config.json.'
+	exit 1
 fi
 
 suites_to_run=""
 for suite in $suites; do
-  log "checking suite ${suite}"
-  if [[ -d "${suite}" ]]
-  then
-    log "Adding suite '${suite}' to list"
-    suites_to_run="${suites_to_run} ${suite}"
-  fi
+	log "checking suite ${suite}"
+	if [[ -d "${suite}" ]]
+	then
+		log "Adding suite '${suite}' to list"
+		suites_to_run="${suites_to_run} ${suite}"
+	fi
 done
 
 step "running ${suites_to_run}"
 
 #run suites
 if [ "${suites_to_run}" != "" ]; then
-  # shellcheck disable=SC2086
-  SKIP_TEARDOWN="${skip_teardown}" CONFIG="${PWD}/acceptance_config.json" DEBUG='true' ./bin/test -race -nodes="${nodes}" -trace $ginkgo_opts ${suites_to_run}
+	# shellcheck disable=SC2086
+	SKIP_TEARDOWN="${skip_teardown}" CONFIG="${PWD}/acceptance_config.json" DEBUG='true' ./bin/test -race -nodes="${nodes}" -trace $ginkgo_opts ${suites_to_run}
 else
-  log 'Nothing to run!'
+	log 'Nothing to run!'
 fi

ci/autoscaler/scripts/vars.source.sh

@@ -59,7 +59,7 @@ debug "AUTOSCALER_ORG: ${AUTOSCALER_ORG}"
 log "set up vars: AUTOSCALER_ORG=${AUTOSCALER_ORG}"
 autoscaler_org="${AUTOSCALER_ORG}"
 
-export AUTOSCALER_SPACE="${AUTOSCALER_SPACE:-"develop"}"
+export AUTOSCALER_SPACE="${AUTOSCALER_SPACE:-$DEPLOYMENT_NAME}"
 debug "AUTOSCALER_SPACE: ${AUTOSCALER_SPACE}"
 log "set up vars: AUTOSCALER_SPACE=${AUTOSCALER_SPACE}"
 autoscaler_space="${AUTOSCALER_SPACE}"

ci/autoscaler/set-pipeline.sh

@@ -83,7 +83,6 @@ function main(){
       export PIPELINE_NAME="app-autoscaler-release-${current_branch_without_slashes}"
       set_pipeline "$PIPELINE_NAME"
       pause_jobs "$PIPELINE_NAME"
-      unpause_job "$PIPELINE_NAME/set-pipeline"
     fi
 
   popd > /dev/null

ci/autoscaler/tasks/update-sdk/task.yml → ci/autoscaler/tasks/update-sdk/go_task.yml

@@ -10,7 +10,6 @@ image_resource:
 inputs:
 - name: app-autoscaler-release
 - name: golang-release
-- name: java-release
 
 params:
   GIT_USER_NAME: app-autoscaler-ci-bot
@@ -19,7 +18,6 @@ params:
   GITHUB_ACCESS_TOKEN: ((autoscaler_access_token))
   GITHUB_PRIVATE_KEY: ((autoscaler-deploy-key-private))
   type:
-  JAVA_DIR: java-release
   GOLANG_DIR: golang-release
   CREATE_PR: true
 

ci/autoscaler/tasks/update-sdk/java_task.yml

@@ -0,0 +1,26 @@
+---
+platform: linux
+
+image_resource:
+  type: registry-image
+  source:
+    repository: ghcr.io/cloudfoundry/app-autoscaler-release-tools
+    tag: main
+
+inputs:
+- name: app-autoscaler-release
+- name: java-release
+
+params:
+  GIT_USER_NAME: app-autoscaler-ci-bot
+  GIT_USER_EMAIL: [email protected]
+  UPLOADER_KEY: ((autoscaler_blobstore_uploader_key))
+  GITHUB_ACCESS_TOKEN: ((autoscaler_access_token))
+  GITHUB_PRIVATE_KEY: ((autoscaler-deploy-key-private))
+  type:
+  JAVA_DIR: java-release
+  CREATE_PR: true
+
+run:
+  path: app-autoscaler-release/ci/autoscaler/tasks/update-sdk/update_package.sh
+

ci/dockerfiles/autoscaler-tools/Dockerfile

@@ -146,9 +146,20 @@ RUN curl -sL "https://deb.nodesource.com/setup_${NODE_VERSION}.x" | bash - \
 # Install swagger-cli as described on <https://apitools.dev/swagger-cli>
 RUN npm install --global --ignore-scripts 'https://github.com/empire-medical/swagger-cli'
 
+# install MBT
+#renovate: datasource=github-releases depName=mbt lookupName=SAP/cloud-mta-build-tool
+ARG MBT_VERSION=1.2.31
+
+RUN wget -q https://github.com/SAP/cloud-mta-build-tool/releases/download/v1.2.31/cloud-mta-build-tool_${MBT_VERSION}_Linux_amd64.tar.gz &&\
+  tar xvfz cloud-mta-build-tool_${MBT_VERSION}_Linux_amd64.tar.gz && \
+  mv mbt /usr/local/bin/mbt &&\
+  rm cloud-mta-build-tool_${MBT_VERSION}_Linux_amd64.tar.gz &&\
+  mbt -v
+
 ENV CF_PLUGIN_HOME "/cf_plugins"
 RUN mkdir -p "${CF_PLUGIN_HOME}" \
     && cf install-plugin -f -r CF-Community app-autoscaler-plugin \
+    && cf install-plugin -f -r CF-Community multiapps \
     && echo "${CF_PLUGIN_HOME}" \
     && ls -la "${CF_PLUGIN_HOME}" \
     && cf plugins