Version/0 48 1 rc3#3846
Merged
Merged
Conversation
Added run script for testing encrypted private ingredients.
Run script for testing encrypted private ingredients should not be standalone.
No need to remove existing SSL certs.
Update to Go 1.26.5 to remediate a CVE.
Detect a refused build-log-streamer stream as a distinct StreamDeniedError rather than an opaque build failure. Both deny shapes from the ENG-1457 gate-policy spike are handled: a hard 401/403 on the Upgrade (a Connect dial error) and a server soft-close (Upgrade accepted, then closed with no frames). Because the stream is the only source of artifact download URIs for an in-progress build, a denial there can't complete the install, so the runtime now reports a clear authentication/authorization message instead of a raw error. Genuine build failures and network errors are still surfaced, and an already-built checkout never opens the stream, so it is unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…ssing Running `state publish --build` against a non-existent source directory crashed with a nil-pointer panic instead of reporting the bad path. Two fixes: - Validate the --build directory exists up front and return an InputError naming the offending path, before any metadata resolution, key fetch, or wheel build. - Fix buildWrappedArtifact's error path: the deferred cleanup called the named `cleanup` return, which the `return "", nil, err` statements had already set to nil, so it called a nil function value and panicked. The deferred cleanup now uses a local closure, so an in-build failure returns its real error instead of crashing. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
ENG-1979: Fail cleanly when the state publish --build directory is missing
…rtifact is present Checking out a project with no encrypted private ingredients printed a spurious "Could not fetch the organization key" warning whenever a key service was configured, because the key was fetched eagerly regardless of whether the runtime had anything to decrypt. The runtime now receives a key-fetch callback (WithDecryptionKey) instead of the key bytes and invokes it only when it actually encounters an encrypted artifact during unpack. A runtime with no private artifacts never contacts the key service — no spurious warning and no fetch latency. The premature warning is removed; the existing end-of-run notice (skipReporter) already reports any artifacts skipped because the key was unavailable, which is the only case worth surfacing. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Update activestate.yaml
* Make serve-org-keys work in cmd shell as well as bash Add a batch twin of serve-org-keys constrained to cmd, and constrain the existing bash version to non-cmd shells, so the script resolves per shell the same way install-deps-dev does. * Run in cmd without openssl or bash Add --gen-cert to orgkeyserver.py so it generates its own self-signed cert/key via the cryptography package, removing the openssl dependency that on Windows only comes from git-bash. Update the cmd/batch variant to detect the Python interpreter (python, py -3, python3) and pass --gen-cert instead of shelling out to openssl. - Quote --org in the no-key branches (bash and batch) so org names with spaces or shell metacharacters are passed as data, matching the --key branches. - chmod the generated TLS private key to 0600 so it isn't world-readable. * Drop openssl entirely and have orgkeyserver.py always generate its self-signed cert. - Add CERT_DIR="test/ssl" constant; generate_self_signed(host) writes cert.pem/key.pem there and returns their paths. - Remove --tls-cert/--tls-key/--gen-cert; cert generation is now the default on every run. - Assume cryptography is present (bundled in the runtime); drop the ImportError guard. - Simplify both activestate.yaml variants to just run the script with --org (and optional --key); remove the openssl/mkdir prep. Resolve the cert dir to an absolute path in generate_self_signed(), and print the absolute key_service_ca path on startup so the value is copy-pasteable regardless of cwd. Docstring example updated to an absolute /path/to/test/ssl/cert.pem placeholder. * Bump project runtime commitID Update to a runtime that bundles cryptography, which serve-org-keys' orgkeyserver.py relies on for cert generation. Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
ENG-1461: Show a clear error when the build log streamer connection is refused
…ts notice When private artifacts are skipped because the organization key could not be obtained, the end-of-run notice now includes the underlying reason (e.g. the connection or certificate error) instead of leaving it in the debug log. The fetch is memoized, so retrieving the reason costs no additional key-service call. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…available When the build-log-streamer WebSocket is denied for an in-progress build, complete the build without it: poll the build to completion, read the resolved artifact download URLs from a re-fetched commit, and drive the existing download/install path off them. A build that fails during polling is surfaced as a failure. The runtime gains a WithBuildPlanPoller option -- a caller-supplied closure, so pkg/runtime takes no buildplanner dependency -- which the runbits layer wires for in-progress builds. Together with the graceful-degradation change this sits on, a denied stream no longer stops state checkout / install from completing. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
* Add environment-variable overrides for all config options Every registered config option can now be overridden by an environment variable, so config can be applied machine-wide (all users) without a shared config file and without sharing auth. Each option gets a canonical override derived from its key, e.g. "update.info.endpoint" -> ACTIVESTATE_CONFIG_UPDATE_INFO_ENDPOINT. The five options that already had bespoke env vars (ACTIVESTATE_API_HOST, ACTIVESTATE_CLI_ANALYTICS_PIXEL, ACTIVESTATE_NOTIFICATIONS_OVERRIDE, ACTIVESTATE_TEST_UPDATE_URL, ACTIVESTATE_TEST_UPDATE_INFO_URL) keep working as aliases; the canonical variable takes precedence when both are set. Overrides are resolved in config.Instance.Get (env > stored > default) so they actually take effect everywhere, not just in display. Values are coerced to the option's type. Only registered options are eligible, which keeps credentials (e.g. apiToken, not a registered option) out of scope. `state config` now reports the effective value and a Source column showing the overriding env var name, "local", or "default"; JSON output gains source, env, and envVar fields. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> * Address PR review: validate env override values; add locale strings - EnvOverride now strictly coerces env values to the option's type and ignores invalid ones (unparseable bool/int, out-of-set enum), so a mis-typed variable falls back to the stored/default value instead of silently becoming a zero value. Mirrors the validation `state config set` already performs. - Add the config_source_local and config_source_default locale strings used by the Source column instead of relying on the fallback path. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> * Fix TestList integration test for new Source column The `*` marker that denoted a locally-set value was replaced by the Source column, so `state config` now shows "optin.buildscripts true local" instead of "true*". Update TestList to assert the "local" source (and the new "Source" header) instead of the removed "true*" marker. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> * Add integration test for environment as config source TestListEnvSource overrides optin.buildscripts via its canonical env var (ACTIVESTATE_CONFIG_OPTIN_BUILDSCRIPTS) without running `state config set`, then asserts the override takes effect and is reported as coming from the environment. The human-readable table confirms the non-default value; the source is asserted via JSON output ("source":"environment" plus the overriding env var name), which is robust against the table wrapping long variable names. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> * Address review feedback from mitchell-as - Fold RegisterOptionWithEnv into RegisterOption via a variadic envAliases parameter; drop the separate function. Keep the note that envAliases are only for legacy env vars without the ACTIVESTATE_CONFIG_* prefix. - Use real, user-facing config options in doc/test examples (api.host, security.prompt.level) instead of the test-only update endpoints. - Trim the Instance.Get comment to just note env precedence; drop the machine-wide framing. - Remove the unnecessary comment in config get. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
ENG-1984: Fetch the organization key lazily, only when an encrypted artifact is present
…l/eng-1940 # Conflicts: # pkg/runtime/options.go # pkg/runtime/setup.go
ENG-1940: Finish an in-progress build when the live build connection is refused
…ler-uac CS-2357-Declare asInvoker execution level for remote installer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.