Version/0 48 1 rc3#3846
Merged
Merged
Conversation
Added run script for testing encrypted private ingredients.
Run script for testing encrypted private ingredients should not be standalone.
No need to remove existing SSL certs.
Update to Go 1.26.5 to remediate a CVE.
Detect a refused build-log-streamer stream as a distinct StreamDeniedError rather than an opaque build failure. Both deny shapes from the ENG-1457 gate-policy spike are handled: a hard 401/403 on the Upgrade (a Connect dial error) and a server soft-close (Upgrade accepted, then closed with no frames). Because the stream is the only source of artifact download URIs for an in-progress build, a denial there can't complete the install, so the runtime now reports a clear authentication/authorization message instead of a raw error. Genuine build failures and network errors are still surfaced, and an already-built checkout never opens the stream, so it is unaffected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ssing Running `state publish --build` against a non-existent source directory crashed with a nil-pointer panic instead of reporting the bad path. Two fixes: - Validate the --build directory exists up front and return an InputError naming the offending path, before any metadata resolution, key fetch, or wheel build. - Fix buildWrappedArtifact's error path: the deferred cleanup called the named `cleanup` return, which the `return "", nil, err` statements had already set to nil, so it called a nil function value and panicked. The deferred cleanup now uses a local closure, so an in-build failure returns its real error instead of crashing. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ENG-1979: Fail cleanly when the state publish --build directory is missing
…rtifact is present Checking out a project with no encrypted private ingredients printed a spurious "Could not fetch the organization key" warning whenever a key service was configured, because the key was fetched eagerly regardless of whether the runtime had anything to decrypt. The runtime now receives a key-fetch callback (WithDecryptionKey) instead of the key bytes and invokes it only when it actually encounters an encrypted artifact during unpack. A runtime with no private artifacts never contacts the key service — no spurious warning and no fetch latency. The premature warning is removed; the existing end-of-run notice (skipReporter) already reports any artifacts skipped because the key was unavailable, which is the only case worth surfacing. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Update activestate.yaml
* Make serve-org-keys work in cmd shell as well as bash Add a batch twin of serve-org-keys constrained to cmd, and constrain the existing bash version to non-cmd shells, so the script resolves per shell the same way install-deps-dev does. * Run in cmd without openssl or bash Add --gen-cert to orgkeyserver.py so it generates its own self-signed cert/key via the cryptography package, removing the openssl dependency that on Windows only comes from git-bash. Update the cmd/batch variant to detect the Python interpreter (python, py -3, python3) and pass --gen-cert instead of shelling out to openssl. - Quote --org in the no-key branches (bash and batch) so org names with spaces or shell metacharacters are passed as data, matching the --key branches. - chmod the generated TLS private key to 0600 so it isn't world-readable. * Drop openssl entirely and have orgkeyserver.py always generate its self-signed cert. - Add CERT_DIR="test/ssl" constant; generate_self_signed(host) writes cert.pem/key.pem there and returns their paths. - Remove --tls-cert/--tls-key/--gen-cert; cert generation is now the default on every run. - Assume cryptography is present (bundled in the runtime); drop the ImportError guard. - Simplify both activestate.yaml variants to just run the script with --org (and optional --key); remove the openssl/mkdir prep. Resolve the cert dir to an absolute path in generate_self_signed(), and print the absolute key_service_ca path on startup so the value is copy-pasteable regardless of cwd. Docstring example updated to an absolute /path/to/test/ssl/cert.pem placeholder. * Bump project runtime commitID Update to a runtime that bundles cryptography, which serve-org-keys' orgkeyserver.py relies on for cert generation. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ENG-1461: Show a clear error when the build log streamer connection is refused
…ts notice When private artifacts are skipped because the organization key could not be obtained, the end-of-run notice now includes the underlying reason (e.g. the connection or certificate error) instead of leaving it in the debug log. The fetch is memoized, so retrieving the reason costs no additional key-service call. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…available When the build-log-streamer WebSocket is denied for an in-progress build, complete the build without it: poll the build to completion, read the resolved artifact download URLs from a re-fetched commit, and drive the existing download/install path off them. A build that fails during polling is surfaced as a failure. The runtime gains a WithBuildPlanPoller option -- a caller-supplied closure, so pkg/runtime takes no buildplanner dependency -- which the runbits layer wires for in-progress builds. Together with the graceful-degradation change this sits on, a denied stream no longer stops state checkout / install from completing. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Add environment-variable overrides for all config options
Every registered config option can now be overridden by an environment
variable, so config can be applied machine-wide (all users) without a
shared config file and without sharing auth.
Each option gets a canonical override derived from its key, e.g.
"update.info.endpoint" -> ACTIVESTATE_CONFIG_UPDATE_INFO_ENDPOINT. The
five options that already had bespoke env vars (ACTIVESTATE_API_HOST,
ACTIVESTATE_CLI_ANALYTICS_PIXEL, ACTIVESTATE_NOTIFICATIONS_OVERRIDE,
ACTIVESTATE_TEST_UPDATE_URL, ACTIVESTATE_TEST_UPDATE_INFO_URL) keep
working as aliases; the canonical variable takes precedence when both
are set.
Overrides are resolved in config.Instance.Get (env > stored > default)
so they actually take effect everywhere, not just in display. Values are
coerced to the option's type. Only registered options are eligible, which
keeps credentials (e.g. apiToken, not a registered option) out of scope.
`state config` now reports the effective value and a Source column
showing the overriding env var name, "local", or "default"; JSON output
gains source, env, and envVar fields.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Address PR review: validate env override values; add locale strings
- EnvOverride now strictly coerces env values to the option's type and
ignores invalid ones (unparseable bool/int, out-of-set enum), so a
mis-typed variable falls back to the stored/default value instead of
silently becoming a zero value. Mirrors the validation `state config
set` already performs.
- Add the config_source_local and config_source_default locale strings
used by the Source column instead of relying on the fallback path.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Fix TestList integration test for new Source column
The `*` marker that denoted a locally-set value was replaced by the
Source column, so `state config` now shows "optin.buildscripts true
local" instead of "true*". Update TestList to assert the "local" source
(and the new "Source" header) instead of the removed "true*" marker.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Add integration test for environment as config source
TestListEnvSource overrides optin.buildscripts via its canonical env var
(ACTIVESTATE_CONFIG_OPTIN_BUILDSCRIPTS) without running `state config
set`, then asserts the override takes effect and is reported as coming
from the environment.
The human-readable table confirms the non-default value; the source is
asserted via JSON output ("source":"environment" plus the overriding env
var name), which is robust against the table wrapping long variable
names.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Address review feedback from mitchell-as
- Fold RegisterOptionWithEnv into RegisterOption via a variadic
envAliases parameter; drop the separate function. Keep the note that
envAliases are only for legacy env vars without the ACTIVESTATE_CONFIG_*
prefix.
- Use real, user-facing config options in doc/test examples (api.host,
security.prompt.level) instead of the test-only update endpoints.
- Trim the Instance.Get comment to just note env precedence; drop the
machine-wide framing.
- Remove the unnecessary comment in config get.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ENG-1984: Fetch the organization key lazily, only when an encrypted artifact is present
…l/eng-1940 # Conflicts: # pkg/runtime/options.go # pkg/runtime/setup.go
ENG-1940: Finish an in-progress build when the live build connection is refused
…ler-uac CS-2357-Declare asInvoker execution level for remote installer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.