tmp

Author: blathers-crl[bot]

.github/workflows/github-actions-essential-ci.yml

@@ -54,7 +54,7 @@ concurrency:
 jobs:
   acceptance:
     runs-on: [self-hosted, basic_big_runner_group]
-    timeout-minutes: 60
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v4
         with:
@@ -75,7 +75,7 @@ jobs:
         if: always()
   check_generated_code:
     runs-on: [self-hosted, basic_runner_group]
-    timeout-minutes: 60
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v4
         with:
@@ -90,7 +90,7 @@ jobs:
         if: always()
   docker_image_amd64:
     runs-on: [self-hosted, basic_runner_group]
-    timeout-minutes: 60
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v4
         with:
@@ -111,7 +111,7 @@ jobs:
         if: always()
   examples_orms:
     runs-on: [self-hosted, basic_big_runner_group]
-    timeout-minutes: 120
+    timeout-minutes: 40
     steps:
       - uses: actions/checkout@v4
         with:
@@ -132,7 +132,7 @@ jobs:
         if: always()
   lint:
     runs-on: [self-hosted, basic_big_runner_group]
-    timeout-minutes: 120
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
         with:
@@ -156,7 +156,7 @@ jobs:
         if: always()
   local_roachtest:
     runs-on: [self-hosted, basic_big_runner_group]
-    timeout-minutes: 120
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
         with:
@@ -177,7 +177,7 @@ jobs:
         if: always()
   local_roachtest_fips:
     runs-on: [self-hosted, basic_runner_group_fips]
-    timeout-minutes: 120
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
         with:
@@ -198,7 +198,7 @@ jobs:
         if: always()
   linux_amd64_build:
     runs-on: [self-hosted, basic_runner_group]
-    timeout-minutes: 60
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v4
         with:
@@ -219,7 +219,7 @@ jobs:
         if: always()
   linux_amd64_fips_build:
     runs-on: [self-hosted, basic_runner_group]
-    timeout-minutes: 60
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v4
         with:
@@ -240,7 +240,7 @@ jobs:
         if: always()
   unit_tests:
     runs-on: [self-hosted, basic_runner_group]
-    timeout-minutes: 120
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
         with:

build/github/lint.sh

@@ -28,7 +28,7 @@ bazel test \
   --sandbox_writable_path=$HOME \
   --test_env=GO_SDK=$(dirname $(dirname $(bazel run @go_sdk//:bin/go --run_under=realpath))) \
   --test_env=COCKROACH_WORKSPACE=$WORKSPACE \
-  --test_timeout=3600 \
+  --test_timeout=1800 \
   --build_event_binary_file=bes.bin \
   --jobs 50 \
   --remote_download_minimal $(./build/github/engflow-args.sh)

build/teamcity/internal/cockroach/release/publish/sign_staged_macos_release_on_linux.sh

@@ -5,13 +5,8 @@
 # Use of this software is governed by the CockroachDB Software License
 # included in the /LICENSE file.
 
-set -xeuo pipefail
 
-service_account=$(curl --header "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email" || echo "")
-if [[ $service_account != "[email protected]" ]]; then
-  echo "Not running on a signing agent, skipping signing"
-  exit 1
-fi
+set -xeuo pipefail
 
 dir="$(dirname $(dirname $(dirname $(dirname $(dirname $(dirname "${0}"))))))"
 source "$dir/teamcity-support.sh"  # For log_into_gcloud
@@ -25,9 +20,6 @@ remove_files_on_exit() {
 trap remove_files_on_exit EXIT
 
 mkdir -p .secrets
-# Explicitly set the account to the signing agent. This is helpful if one of the previous
-# commands failed and left the account set to something else.
-gcloud config set account "[email protected]"
 gcloud secrets versions access latest --secret=apple-signing-cert | base64 -d > "$curr_dir/.secrets/cert.p12"
 gcloud secrets versions access latest --secret=apple-signing-cert-password > "$curr_dir/.secrets/cert.pass"
 gcloud secrets versions access latest --secret=appstoreconnect-api-key > "$curr_dir/.secrets/api_key.json"

build/teamcity/internal/release/process/make-and-publish-build-artifacts-darwin-sign.sh

@@ -146,7 +146,6 @@ The binaries will be available at:
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.linux-amd64.tgz
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.linux-amd64-fips.tgz
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.linux-arm64.tgz
-  https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.darwin-11.0-arm64.tgz
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.darwin-10.9-amd64.tgz
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.windows-6.2-amd64.zip
 

build/teamcity/internal/release/process/make-and-publish-build-artifacts-per-platform.sh

@@ -103,7 +103,6 @@ Build ID: ${build_name}
 The binaries are available at:
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.linux-amd64.tgz
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.linux-arm64.tgz
-  https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.darwin-11.0-arm64.tgz
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.darwin-10.9-amd64.tgz
   https://storage.googleapis.com/$gcs_bucket/cockroach-$build_name.windows-6.2-amd64.zip
 

build/teamcity/internal/release/process/make-and-publish-build-tagging.sh

@@ -8,49 +8,38 @@
 
 set -xeuo pipefail
 
-service_account=$(curl --header "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email" || echo "")
-if [[ $service_account != "[email protected]" ]]; then
-  echo "Not running on a signing agent, skipping signing"
-  exit 1
-fi
+KEYCHAIN_NAME=signing
+KEYCHAIN_PROFILE=notarization
+curr_dir=$(pwd)
 
 cleanup() {
-    rm -rf darwin.zip staging darwin-amd64 darwin-arm64 ./*.tar.gz TIMESTAMP.txt
-    rm -rf .secrets
+    security lock-keychain "${KEYCHAIN_NAME}"
+    rm -rf darwin.zip staging darwin-amd64 darwin-arm64 *.tar.gz TIMESTAMP.txt
 }
 trap cleanup EXIT
 
-mkdir -p .secrets
-# Explicitly set the account to the signing agent. This is helpful if one of the previous
-# commands failed and left the account set to something else.
-gcloud config set account "[email protected]"
-gcloud secrets versions access latest --secret=apple-signing-cert | base64 -d > .secrets/cert.p12
-gcloud secrets versions access latest --secret=apple-signing-cert-password > .secrets/cert.pass
-gcloud secrets versions access latest --secret=appstoreconnect-api-key > .secrets/api_key.json
-
 mkdir artifacts
 mv TIMESTAMP.txt artifacts/TIMESTAMP.txt
+security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
+
 sign() {
-    archive=$(ls -1 go*.darwin-$1.tar.gz | head -n1 | xargs basename)
-    mkdir "darwin-$1"
-    tar -xf "$archive" -C "darwin-$1"
-    rm "$archive"
+    archive=$(find . -name go*.darwin-$1.tar.gz -d 1 | head -n1 | xargs basename)
+    mkdir darwin-$1
+    tar -xf $archive -C darwin-$1
+    rm $archive
     for bin in go gofmt; do
-        rcodesign sign \
-          --p12-file .secrets/cert.p12 --p12-password-file .secrets/cert.pass \
-          --code-signature-flags runtime \
-          "darwin-$1/go/bin/$bin"
+        codesign --timestamp --options=runtime -f --keychain "$KEYCHAIN_NAME" -s "$SIGNING_IDENTITY" darwin-$1/go/bin/$bin
     done
-    tar cf - -C "darwin-$1" go | gzip -9 > "artifacts/$archive"
+    tar cf - -C darwin-$1 go | gzip -9 > artifacts/$archive
     mkdir staging
-    cp "darwin-$1/go/bin/gofmt" staging
-    cp "darwin-$1/go/bin/go"    staging
+    cp darwin-$1/go/bin/gofmt staging
+    cp darwin-$1/go/bin/go    staging
     zip -r darwin.zip staging
     rm -rf staging
-    rcodesign notary-submit \
-      --api-key-file .secrets/api_key.json \
-      --wait \
-      darwin.zip
+    xcrun notarytool submit darwin.zip --wait \
+          --team-id "$TEAM_ID" --keychain-profile "$KEYCHAIN_PROFILE" \
+          --apple-id "$APPLE_ID" --verbose \
+          --keychain "${HOME}/Library/Keychains/${KEYCHAIN_NAME}-db"
 }
 
 sign amd64

build/teamcity/internal/release/sign-patched-go.sh

@@ -550,8 +550,6 @@
 <tr><td>STORAGE</td><td>raft.transport.sends-dropped</td><td>Number of Raft message sends dropped by the Raft Transport</td><td>Messages</td><td>COUNTER</td><td>COUNT</td><td>AVG</td><td>NON_NEGATIVE_DERIVATIVE</td></tr>
 <tr><td>STORAGE</td><td>raft.transport.sent</td><td>Number of Raft messages sent by the Raft Transport</td><td>Messages</td><td>COUNTER</td><td>COUNT</td><td>AVG</td><td>NON_NEGATIVE_DERIVATIVE</td></tr>
 <tr><td>STORAGE</td><td>raftlog.behind</td><td>Number of Raft log entries followers on other stores are behind.<br/><br/>This gauge provides a view of the aggregate number of log entries the Raft leaders<br/>on this node think the followers are behind. Since a raft leader may not always<br/>have a good estimate for this information for all of its followers, and since<br/>followers are expected to be behind (when they are not required as part of a<br/>quorum) *and* the aggregate thus scales like the count of such followers, it is<br/>difficult to meaningfully interpret this metric.</td><td>Log Entries</td><td>GAUGE</td><td>COUNT</td><td>AVG</td><td>NONE</td></tr>
-<tr><td>STORAGE</td><td>raftlog.size.max</td><td>Approximate size of the largest Raft log on the store.</td><td>Bytes</td><td>GAUGE</td><td>BYTES</td><td>AVG</td><td>NONE</td></tr>
-<tr><td>STORAGE</td><td>raftlog.size.total</td><td>Approximate size of all Raft logs on the store.</td><td>Bytes</td><td>GAUGE</td><td>BYTES</td><td>AVG</td><td>NONE</td></tr>
 <tr><td>STORAGE</td><td>raftlog.truncated</td><td>Number of Raft log entries truncated</td><td>Log Entries</td><td>COUNTER</td><td>COUNT</td><td>AVG</td><td>NON_NEGATIVE_DERIVATIVE</td></tr>
 <tr><td>STORAGE</td><td>range.adds</td><td>Number of range additions</td><td>Range Ops</td><td>COUNTER</td><td>COUNT</td><td>AVG</td><td>NON_NEGATIVE_DERIVATIVE</td></tr>
 <tr><td>STORAGE</td><td>range.merges</td><td>Number of range merges</td><td>Range Ops</td><td>COUNTER</td><td>COUNT</td><td>AVG</td><td>NON_NEGATIVE_DERIVATIVE</td></tr>

docs/generated/metrics/metrics.html

@@ -1403,7 +1403,7 @@ func createImportingDescriptors(
 					if err != nil {
 						return err
 					}
-					_ = typDesc.AddReferencingDescriptorID(table.GetID())
+					typDesc.AddReferencingDescriptorID(table.GetID())
 					if err := descsCol.WriteDescToBatch(
 						ctx, kvTrace, typDesc, b,
 					); err != nil {
@@ -3131,7 +3131,7 @@ func (r *restoreResumer) removeExistingTypeBackReferences(
 				}
 				existing := desc.(*typedesc.Mutable)
 				existing.MaybeIncrementVersion()
-				_ = existing.RemoveReferencingDescriptorID(tbl.ID)
+				existing.RemoveReferencingDescriptorID(tbl.ID)
 			}
 		}
 	}