* feat: added mozcloud-publish workflow to create and push container images to GAR when a preview label is added to a pull request
* feat: using latest version of build-and-push workflow without `package: write` requirements
* feat: Dockerfile changes to reduce build cache usage
In #1907, we saw the GHA runner running out of disk space due to a a large Docker build cache (~16GB). The goal of this PR is to reduce cache size while maintaining fast successive build times.
Changes:
- Consolidated build stages: Merged cacher and builder stages
- Added BuildKit cache mounts: Added --mount=type=cache for Cargo registry, git, and target directories, keeping dependency caches persistent across builds without inflating layer sizes
- Pre-built Python wheels: Generate all Python dependency wheels in the builder stage and install from local cache in final stage, eliminating need for build tools in final image
- Removed unnecessary packages (golang-go, build-essential, cargo, cmake, libpq-dev) from final stage, keeping only essential runtime libraries
* Add progress=plain to `docker build` commands in Circle workflows
---------
Signed-off-by: Graham Beckley <gbeckley@mozilla.com>
Co-authored-by: Dustin Lactin <dlactin@mozilla.com>
This commit enables Postgres builds and tests in CircleCI. Only
Tokenserver supports Postgres at the moment, and the Python based
integration tests have an implicit dependency on MySQL, so the CI jobs only
use Postgres where possible.
The jobs have been split up and named more explicitly. The hope is to
simply delete the mysql jobs in the future.
* add nextest and llvm-cov for running unit tests.
* test results and coverage output to store_test_results and store_artifacts.
* upgrade build image and Docker Rust version 1.78.0 → 1.81.0
Closes SYNC-4611
This reverts commit 4a503f8c36fe070e11df43a8ce0b3c71358e983c.
debian bookworm doesn't appear to be any part of the issues on
production caused by SYNC-4262
Issue SYNC-4363
this also downgrades Oracle's libmysqlclient-dev from 8.0.37-1debian11 to
8.0.39-1debian12
this is to test if the debian version and or the libmysqlclient-dev version are
the cause of both db pool initialization failures as well as other seemingly
mysterious likely network related issues seen in 0.17.x
Issue SYNC-4363
* Removes pyo3 and derives tokens directly in Rust
* Adds tests for JWT verifying
* Adds tests for token generation
* Adds metrics for oauth verify error cases
* Updates jsonwebtoken to not include default features (including pem loading)
* Adds context and logs errors during oauth verify
* Uses ring for cryptographic rng
* Adds back python impl under feature flag
* Uses one cached http client for reqwest
This is a breaking change. This commit separates syncstorage and tokenserver settings into separate structs that are contained by a parent `Settings` struct. This means that any env vars that hold settings specific to syncstorage (e.g. `SYNC_DATABASE_URL`) have been renamed to `SYNC_SYNCSTORAGE__DATABASE_URL`. Any settings that were moved from the top-level `Settings` struct to the lower level, syncstorage-specific struct will now have a `SYNC_SYNCSTORAGE__` prefix instead of a `SYNC_` prefix.
Closes#1276
* chore: clippy updates for rust 1.51
Closes: #1032
* bug: Restore hawk error metrics
(Includes clippy changes for rust 1.51)
Hawk errors should be returned as metrics. During the middleware purge, this broke. This PR includes metric reporting into the sentry handler.
Closes#812.
