diff --git a/.github/matrix-commitly.yml b/.github/matrix-commitly.yml index 5e52cbc80f73..f819d85138d9 100644 --- a/.github/matrix-commitly.yml +++ b/.github/matrix-commitly.yml @@ -1,15 +1,15 @@ # please see matrix-full.yml for meaning of each field build-packages: -- label: ubuntu-22.04 - image: ubuntu:22.04 +- label: ubuntu-24.04 + image: ubuntu:24.04 package: deb - check-manifest-suite: ubuntu-22.04-amd64 + check-manifest-suite: docker-image-ubuntu-24.04 build-images: - label: ubuntu - base-image: ubuntu:22.04 + base-image: ubuntu:24.04 package: deb - artifact-from: ubuntu-22.04 + artifact-from: ubuntu-24.04 smoke-tests: - label: ubuntu diff --git a/.github/matrix-full.yml b/.github/matrix-full.yml index e8379aa5160c..72822d0a94e7 100644 --- a/.github/matrix-full.yml +++ b/.github/matrix-full.yml @@ -20,6 +20,15 @@ build-packages: package: deb bazel-args: --platforms=//:generic-crossbuild-aarch64 check-manifest-suite: ubuntu-22.04-arm64 +- label: ubuntu-24.04 + image: ubuntu:24.04 + package: deb + check-manifest-suite: ubuntu-24.04-amd64 +- label: ubuntu-24.04-arm64 + image: ubuntu:24.04 + package: deb + bazel-args: --platforms=//:generic-crossbuild-aarch64 + check-manifest-suite: ubuntu-24.04-arm64 # Debian - label: debian-11 @@ -78,11 +87,12 @@ build-images: # Ubuntu - label: ubuntu - base-image: ubuntu:22.04 + base-image: ubuntu:24.04 package: deb - artifact-from: ubuntu-22.04 - artifact-from-alt: ubuntu-22.04-arm64 + artifact-from: ubuntu-24.04 + artifact-from-alt: ubuntu-24.04-arm64 docker-platforms: linux/amd64, linux/arm64 + check-manifest-suite: docker-image-ubuntu-24.04 # Debian - label: debian @@ -129,6 +139,18 @@ release-packages: artifact-version: 22.04 artifact-type: ubuntu artifact: kong.arm64.deb +- label: ubuntu-24.04 + package: deb + artifact-from: ubuntu-24.04 + artifact-version: 24.04 + artifact-type: ubuntu + artifact: kong.amd64.deb +- label: ubuntu-24.04-arm64 + package: deb + artifact-from: ubuntu-24.04-arm64 + artifact-version: 24.04 + artifact-type: ubuntu + artifact: kong.arm64.deb # Debian - label: debian-11 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7d18c25e2304..1b6e16e78918 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -420,16 +420,21 @@ jobs: - name: Verify run: | + SUITE='docker-image' + if [ -n '${{ matrix.check-manifest-suite }}' ]; then + SUITE='${{ matrix.check-manifest-suite }}' + fi + cd scripts/explain_manifest # docker image verify requires sudo to set correct permissions, so we # also install deps for root - sudo -E pip install -r requirements.txt + sudo -H -E pip install -r requirements.txt IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} - sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image + sudo -H -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s "$SUITE" if [[ ! -z "${{ matrix.docker-platforms }}" ]]; then - DOCKER_DEFAULT_PLATFORM=linux/arm64 sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s docker-image + DOCKER_DEFAULT_PLATFORM=linux/arm64 sudo -E python ./main.py --image $IMAGE -f docker_image_filelist.txt -s "$SUITE" fi scan-images: diff --git a/build/README.md b/build/README.md index b3d224d1aa7e..678c27657e0c 100644 --- a/build/README.md +++ b/build/README.md @@ -98,7 +98,7 @@ Each targets under `//build:install` installs an independent component that composes the Kong runtime environment. We can query `deps(//build:install, 1)` recursively to find the target that only build and install specific component. This would be useful if one is debugging the issue of a specific target without -the need to build whole Kong runtime environment. +the need to build whole Kong runtime environment. We can use the target labels to build the dependency directly, for example: @@ -220,7 +220,7 @@ time to control how the ngx_wasm_module repository is sourced: ## Cross compiling -Cross compiling is currently only tested on Ubuntu 22.04 x86_64 with following targeting platforms: +Cross compiling is currently only tested on Ubuntu 22.04/24.04 x86_64 with following targeting platforms: - **//:generic-crossbuild-aarch64** Use the system installed aarch64 toolchain. - Requires user to manually install `crossbuild-essential-arm64` on Debian/Ubuntu. diff --git a/build/cross_deps/README.md b/build/cross_deps/README.md index e2d52bf33b25..64b0b1371987 100644 --- a/build/cross_deps/README.md +++ b/build/cross_deps/README.md @@ -17,9 +17,10 @@ We currently do cross compile on following platforms: - Amazonlinux 2023 - Ubuntu 18.04 (Version 3.4.x.x only) - Ubuntu 22.04 +- Ubuntu 24.04 - RHEL 9 - Debian 12 As we do not use different versions in different distros just for simplicity, the version of those dependencies should remain the lowest among all distros originally shipped, to -allow the produced artifacts has lowest ABI/API to be compatible across all distros. \ No newline at end of file +allow the produced artifacts has lowest ABI/API to be compatible across all distros. diff --git a/build/cross_deps/libxcrypt/repositories.bzl b/build/cross_deps/libxcrypt/repositories.bzl index ec6d450ba467..a6dbacc687cf 100644 --- a/build/cross_deps/libxcrypt/repositories.bzl +++ b/build/cross_deps/libxcrypt/repositories.bzl @@ -9,6 +9,7 @@ def libxcrypt_repositories(): # thus crypt.h and libcrypt.so.1 are missing from cross tool chain # ubuntu2004: 4.4.10 # ubuntu2204: 4.4.27 + # ubuntu2204: 4.4.36 # NOTE: do not bump the following version, see build/cross_deps/README.md for detail. http_archive( name = "cross_deps_libxcrypt", diff --git a/changelog/unreleased/kong/add-noble-numbat.yml b/changelog/unreleased/kong/add-noble-numbat.yml new file mode 100644 index 000000000000..b841eeafde3d --- /dev/null +++ b/changelog/unreleased/kong/add-noble-numbat.yml @@ -0,0 +1,2 @@ +message: "Add Ubuntu 24.04 (Noble Numbat) to build" +type: dependency diff --git a/scripts/explain_manifest/config.py b/scripts/explain_manifest/config.py index ceeab15b376c..04e19f4830ed 100644 --- a/scripts/explain_manifest/config.py +++ b/scripts/explain_manifest/config.py @@ -125,6 +125,19 @@ def transform(f: FileInfo): }, } ), + "ubuntu-24.04-amd64": ExpectSuite( + name="Ubuntu 24.04 (amd64)", + manifest="fixtures/ubuntu-24.04-amd64.txt", + tests={ + common_suites: {}, + libc_libcpp_suites: { + "libc_max_version": "2.35", + # gcc 11.2.0 + "libcxx_max_version": "3.4.29", + "cxxabi_max_version": "1.3.13", + }, + } + ), "debian-11-amd64": ExpectSuite( name="Debian 11 (amd64)", manifest="fixtures/debian-11-amd64.txt", @@ -158,6 +171,16 @@ def transform(f: FileInfo): docker_suites: {}, } ), + "docker-image-ubuntu-24.04": ExpectSuite( + name="Ubuntu 24.04 Docker Image", + manifest=None, + tests={ + docker_suites: { + "kong_uid": 1001, + "kong_gid": 1001, + }, + } + ), } # populate arm64 and fips suites from amd64 suites diff --git a/scripts/explain_manifest/fixtures/ubuntu-24.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-24.04-amd64.txt new file mode 100644 index 000000000000..bee32048e1f7 --- /dev/null +++ b/scripts/explain_manifest/fixtures/ubuntu-24.04-amd64.txt @@ -0,0 +1,195 @@ +- Path : /etc/kong/kong.logrotate + +- Path : /lib/systemd/system/kong.service + +- Path : /usr/local/kong/gui + Type : directory + +- Path : /usr/local/kong/include/google + Type : directory + +- Path : /usr/local/kong/include/kong + Type : directory + +- Path : /usr/local/kong/lib/engines-3/afalg.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/capi.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/loader_attic.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/padlock.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libcrypto.so.3 + Needed : + - libstdc++.so.6 + - libm.so.6 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libexpat.so.1.9.2 + Needed : + - libc.so.6 + +- Path : /usr/local/kong/lib/libsnappy.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libgcc_s.so.1 + - libc.so.6 + +- Path : /usr/local/kong/lib/libssl.so.3 + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/ossl-modules/legacy.so + Needed : + - libstdc++.so.6 + - libm.so.6 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lfs.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lpeg.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lsyslog.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_pack.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_system_constants.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lxp.so + Needed : + - libexpat.so.1 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/mime/core.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/pb.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/core.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/serial.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/unix.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/ssl.so + Needed : + - libssl.so.3 + - libcrypto.so.3 + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/yaml.so + Needed : + - libyaml-0.so.2 + - libc.so.6 + +- Path : /usr/local/openresty/lualib/cjson.so + Needed : + - libc.so.6 + +- Path : /usr/local/openresty/lualib/librestysignal.so + +- Path : /usr/local/openresty/lualib/rds/parser.so + Needed : + - libc.so.6 + +- Path : /usr/local/openresty/lualib/redis/parser.so + Needed : + - libc.so.6 + +- Path : /usr/local/openresty/nginx/modules/ngx_wasmx_module.so + Needed : + - libm.so.6 + - libgcc_s.so.1 + - libc.so.6 + - ld-linux-x86-64.so.2 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + +- Path : /usr/local/openresty/nginx/sbin/nginx + Needed : + - libcrypt.so.1 + - libluajit-5.1.so.2 + - libm.so.6 + - libssl.so.3 + - libcrypto.so.3 + - libz.so.1 + - libc.so.6 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + Modules : + - lua-kong-nginx-module + - lua-kong-nginx-module/stream + - lua-resty-events + - lua-resty-lmdb + - ngx_brotli + - ngx_wasmx_module + OpenSSL : OpenSSL 3.2.1 30 Jan 2024 + DWARF : True + DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libm.so.6 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/ubuntu-24.04-arm64.txt b/scripts/explain_manifest/fixtures/ubuntu-24.04-arm64.txt new file mode 100644 index 000000000000..916b90bf1d39 --- /dev/null +++ b/scripts/explain_manifest/fixtures/ubuntu-24.04-arm64.txt @@ -0,0 +1,193 @@ +- Path : /etc/kong/kong.logrotate + +- Path : /lib/systemd/system/kong.service + +- Path : /usr/local/kong/gui + Type : directory + +- Path : /usr/local/kong/include/google + Type : directory + +- Path : /usr/local/kong/include/kong + Type : directory + +- Path : /usr/local/kong/lib/engines-3/afalg.so + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/capi.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/loader_attic.so + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/engines-3/padlock.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libcrypto.so.3 + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/libexpat.so.1.9.2 + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/kong/lib/libsnappy.so + Needed : + - libstdc++.so.6 + - libgcc_s.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/kong/lib/libssl.so.3 + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/kong/lib/ossl-modules/legacy.so + Needed : + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lfs.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lpeg.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lsyslog.so + Needed : + - libc.so.6 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_pack.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lua_system_constants.so + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/lxp.so + Needed : + - libexpat.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/mime/core.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/pb.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/core.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/serial.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/socket/unix.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/ssl.so + Needed : + - libssl.so.3 + - libcrypto.so.3 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/kong/lib + +- Path : /usr/local/lib/lua/5.1/yaml.so + Needed : + - libyaml-0.so.2 + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/lualib/cjson.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/lualib/librestysignal.so + +- Path : /usr/local/openresty/lualib/rds/parser.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/lualib/redis/parser.so + Needed : + - libc.so.6 + - ld-linux-aarch64.so.1 + +- Path : /usr/local/openresty/nginx/modules/ngx_wasmx_module.so + Needed : + - libm.so.6 + - libgcc_s.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + +- Path : /usr/local/openresty/nginx/sbin/nginx + Needed : + - libcrypt.so.1 + - libluajit-5.1.so.2 + - libm.so.6 + - libssl.so.3 + - libcrypto.so.3 + - libz.so.1 + - libc.so.6 + - ld-linux-aarch64.so.1 + Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib:/usr/local/openresty/lualib + Modules : + - lua-kong-nginx-module + - lua-kong-nginx-module/stream + - lua-resty-events + - lua-resty-lmdb + - ngx_brotli + - ngx_wasmx_module + OpenSSL : OpenSSL 3.2.1 30 Jan 2024 + DWARF : True + DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libc.so.6 diff --git a/scripts/explain_manifest/suites.py b/scripts/explain_manifest/suites.py index 7c5987968ddf..ba89e4322807 100644 --- a/scripts/explain_manifest/suites.py +++ b/scripts/explain_manifest/suites.py @@ -137,10 +137,7 @@ def arm64_suites(expect): expect("/usr/local/openresty/nginx/sbin/nginx", "Nginx is arm64 arch") \ .arch.equals("AARCH64") -def docker_suites(expect): - kong_uid = 1000 - kong_gid = 1000 - +def docker_suites(expect, kong_uid: int = 1000, kong_gid: int = 1000): expect("/etc/passwd", "kong user exists") \ .text_content.matches("kong:x:%d" % kong_uid) diff --git a/scripts/release-kong.sh b/scripts/release-kong.sh index bf9cf8877c49..64f76a388e31 100755 --- a/scripts/release-kong.sh +++ b/scripts/release-kong.sh @@ -96,6 +96,9 @@ function push_package () { if [ "$ARTIFACT_VERSION" == "22.04" ]; then dist_version="--dist-version jammy" fi + if [ "$ARTIFACT_VERSION" == "24.04" ]; then + dist_version="--dist-version jammy" + fi # test for sanitized github actions input if [[ -n "$(echo "$PACKAGE_TAGS" | tr -d 'a-zA-Z0-9._,')" ]]; then