This fixes a pointer bug in our broker sqs code by enabling the loopvar
feature https://go.dev/wiki/LoopvarExperiment
See tpo/anti-censorship/pluggable-transports/snowflake#40363
This sets up CI to allow the use of the GitLab Dependency Proxy which
caches images pulled from DockerHub, in order to bypass rate-limiting.
The DOCKER_REGISTRY_URL variable is set dynamically by the
check_dependency_proxy_access job defined in dependency_proxy.yml such
that only pipelines triggered by users with the requisite access will be
configured to use the proxy, while all others will continue to pull from
DockerHub as before.
When DOCKER_REGISTRY_URL is pre-set in a project's CI/CD variable
settings, the extra job is skipped and the dependency proxy is used
always, unconditionally.
To avoid breaking CI pipelines on 3rd-party GitLab instances, we only
include the dependency proxy template on gitlab.tpo
See: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40335
This was here for debugging and is no longer necessary.
It also resulted in the following command being run:
$ echo "Building Docker image with tag: $TAG" /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile" --destination "${CI_REGISTRY_IMAGE}:${TAG}_${ARCH}"
which does not produce the image properly.
If there was a push to `main`, build a container with the tag `latest. If there
was a tag pushed, then build a container with the container tag set to the git
tag, additionally setting a `stable` tag that matches.
Because the process creates a number of temporary intermediary containers before
they are merged into one with the `merge-manifests` job (`$tag_amd64`,
`$tag_arm64`, `$tag_s390x`, `latest_amd64`, `latest_arm64`, `latest_s390x`)
which are only useful for the `merge-manifests` job, we clean these up in the
`clean_image_tags` job using the gitlab API
Now that Tor's gitlab has the container registry enabled, we can build a
snowflake container on release, and push the built container to the snowflake
registry.
This is accomplished without using privileged gitlab runners, via kaniko.
This would speed up snowflake updates for people running the docker
container. It would also mean that the 'docker-snowflake-proxy' project would no
longer need to exist.
Fixes docker-snowflake-proxy#10
Fixes docker-snowflake-proxy#13
This change uses the Shadow network simulator[0] to run a minimal snowflake
network and pass data between a client and a server.
[0] https://shadow.github.io/
We use a call to test -z together with go fmt because it doesn't output
a non-zero exit status (triggering CI test failure). However, we lose
useful debugging output from the go fmt call because test -z swallows
it. This adds very verbose formatting output to the CI test.
