Release v1.14.2 #830
Merged
Release v1.14.2 #830
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Refactor change analysis timeout calculation into a testable function to centralize logic and support CLI, account, and default settings. The original `StartChangeAnalysis` function contained inline, duplicated logic for deriving the blast radius timeout. This PR extracts that logic into a dedicated, testable function `getTimeoutForChangeAnalysis` which prioritizes CLI overrides, then account-level custom configurations, and finally falls back to a default. This aligns with ENG-2150's requirements to consolidate timeout derivation and prepare for future granular timeout management. --- Linear Issue: [ENG-2150](https://linear.app/overmind/issue/ENG-2150/update-start-change-analysis-to-calculate-all-necessary-timeouts) <a href="https://cursor.com/background-agent?bcId=bc-d033e58e-e6e1-4295-8ef4-208c0da21f35"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-cursor-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-cursor-light.svg"><img alt="Open in Cursor" src="https://cursor.com/open-in-cursor.svg"></picture></a> <a href="https://cursor.com/agents?id=bc-d033e58e-e6e1-4295-8ef4-208c0da21f35"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-web-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-web-light.svg"><img alt="Open in Web" src="https://cursor.com/open-in-web.svg"></picture></a> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Change analysis config derivation** > > - Introduces `GetMaxItemsForChangeAnalysis`, `GetMaxRecursionDepthForChangeAnalysis`, and `GetMaxTimeForChangeAnalysis` in `configservice.go` with validation and precedence (CLI override > account config/preset > default) > - Refactors `StartChangeAnalysis` to fetch account config once and use the new helpers for `maxItems`, `maxRecursionDepth`, and `maxTime` > - Adds comprehensive unit tests covering presets, custom, CLI overrides, bounds, and nil configs > - Updates CLI flag help for `--blast-radius-max-time` to reflect preset-based defaults (QUICK 10m, DETAILED 15m, FULL 30m) > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 3bb8bab9e85e196b5f5693109b8a3543b89da7c7. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: b5806080fc02256fb0a2bf8e3321687728c1d0e6
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adds Azure DNS zone support and testing. > > - New adapter `sources/azure/manual/network-zone.go` to `GET`/`LIST` `azure-network-zone` using `clients.ZonesClient`; emits links to `azure-network-dns-record-set`, `azure-network-virtual-network`, and `dns` (name servers) > - New client wrapper `sources/azure/clients/zones-client.go` with pager alias and interface + generated mocks in `sources/azure/shared/mocks/mock_zones_client.go` > - Registers new item types: `azure-network-zone`, `azure-network-dns-record-set`, `azure-network-dns-virtual-network-link` > - Unit tests `sources/azure/manual/network-zone_test.go` cover get/list, linking, scopes, errors; integration test `sources/azure/integration-tests/network-zone_test.go` creates a real DNS zone and validates attributes/links > - go.mod/go.sum: add indirect dependency `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 5ce611ded961cd4390954aca157d9a420794f2d8. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: f49405a081cf7a80ed10c308a47755a906368858
Previously, the GCP source assumed that all linked things were in the same project, but that's not necessarily correct. However, we can pull the project from the URL very easily. So, I've just created a helper and replaced all of the instances where we were constructing the scope manually to instead use the helper to construct the scope. That way, we will always use the correct project, region, and zone, and the links should work correctly. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Implements scope derivation from resource URLs and refactors adapters to use it for accurate cross-project/region/zone linking. > > - Add `gcpshared.ExtractScopeFromURI(ctx, uri)` with tracing via `RecordExtractScopeFromURIError`; include robust URI/path/version parsing helpers and comprehensive tests > - Update compute adapters (`address`, `autoscaler`, `disk`, `forwarding-rule`, `instance-group-manager`, `instance`, `instant-snapshot`, `machine-image`, `node-group`, `reservation`, `snapshot`) to: > - Pass `ctx` into item conversion helpers > - Build `LinkedItemQueries` scopes using `ExtractScopeFromURI` instead of manual project/region/zone extraction > - Adjust tests to use full resource URLs and validate new scope expectations > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 28d114facf44b054b7052f1a3162a8aa7457e8fe. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 7f2e2b3cd980ba83b67f317cf6030a8270d29b23
After reviewing the data from Box, it seems like we're not getting as many links through as we should be. A lot of this is going to be because we were using the wrong scopes previously and we were trying to look at everything in the same account when actually a lot of their stuff is cross-account. However, I wanted to double-check that we haven't missed anything, so I used Lionel's commands and ran them against every one of the GCP sources to discover any missing links that we found and implement them. This is the result of that work. It is extremely difficult and time-consuming, as you can imagine, to verify all this manually and to write all this manually. This was written by about ten agents in parallel. However, there isn't really any harm in having extra queries that don't work. There's a tiny tiny tiny bit of overhead, but if they're not right, then we will have errors, and then we can pull those errors from Honeycomb and investigate them. But it won't change the user experience, and it will mean there's less chance of us missing something. Relies on https://github.com/overmindtech/workspace/pull/3542 <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Broadly increases relationship coverage and correctness across GCP sources with new links, better scoping, and comprehensive tests. > > - Add/expand `blastPropagation` and linked queries across many adapters: AI Platform (batch/custom/model/endpoint/monitoring), Compute (addresses, forwarding rules, router, subnetwork, vpn gateway/tunnel, instance template, resource policy, storage pool, target HTTPS proxy, URL map), GKE (cluster/node pool), Artifact Registry, BigQuery Data Transfer, Cloud Build, Dataplex DataScan, Dataproc Cluster, DNS Managed Zone, Eventarc Trigger, Logging (bucket/link), Monitoring (alert policy/notification channel), Org Policy, Pub/Sub (topic/subscription), Redis, Run (service/revision/worker pool), Security Center Service, Service Directory Service, Service Usage Service, Spanner (backup/database), SQL Admin (backup/backup run/instance), Storage (bucket), Storage Transfer (transfer job). > - Add parent→child `SEARCH` links where applicable (e.g., clusters→node pools, routers→route policies, buckets→ACLs/notifications, services→revisions/endpoints, transfer jobs→operations). > - Improve stdlib networking links: auto-detect DNS/IP and include both in `potentialLinks`; add HTTP endpoint links where relevant. > - Enhance manual `BigQueryModel` adapter to link training/test/evaluation tables; update signatures and `PotentialLinks`. > - Introduce AWS `MSK` API/resource and `MSKCluster` item type; wire into Pub/Sub Topic ingestion links. > - Update tests extensively to validate new links, scopes, and blast directions; add IP/DNS bidirectional behavior tests. > - Add `.cursor` docs for GCP linked-item query creation and refine Azure doc title. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit cb71aad80b04f76c19fa6d127e82627eb9413646. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 7aee8850da4563550d9d11c99f11a5c9b2716ac2
revert back to the specific tests needed only for cli testing and release. running against all tests requires NATS + many other things setup in the overmindtech/cli repo. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Scope:** Adjust CI test execution to focus on relevant CLI packages for releases. > > - Update `cli/.github/workflows/tests.yml` to replace `go test ./...` with targeted packages: `github.com/overmindtech/cli` and `github.com/overmindtech/cli/tfutils`. > - Adds comment clarifying intent to run only release-relevant tests; avoids external dependencies (e.g., NATS) and speeds CI. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 220fb47424191a3debddccff2bf1cb179fcf7f07. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 7ca29f735ad25b1bdcbe9a25ba6c5ecd1194c8ab
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adjusts health checking to avoid liveness probe failures caused by periodic permission checks. > > - Removes the cached permission check invocation from `HeartbeatOptions.HealthCheck` in `proc.go` > - Keeps the initial startup permission check (using `ProjectHealthChecker`) and logs detailed results > - Heartbeat still runs, but no longer fails due to permission checks > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit d242d8c32f070be4d033039be331619af12a56f9. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: a21ba90fac0253466ed1b2b4c54eed54d8f59918
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Strengthens HTTP adapter against link-local access and DNS rebinding.
>
> - Adds `isLinkLocalIP` and `validateHostname` to detect 169.254.0.0/16
and block GETs to link-local hosts/IPs; stores a `QueryError` in cache
on violation
> - Validates redirect `Location` targets; if link-local, sets
`attributes.location-error` ("redirect blocked") and skips creating an
`http` linked query
> - Test updates: new `/301-link-local` endpoint; cases for direct/other
link-local IPs and blocked redirects, asserting error types/messages and
absence of linked queries
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
b1ff51416193213a408e6684fbfcc06c50e0ee16. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
GitOrigin-RevId: b5df8de8f8f8536f1855782ca828e28929e569b7
And reduiced fuirst message latency <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Behavior changes** > > - Increase `DefaultStartTimeout` to 2s in `sdp-go/progress.go` to extend the grace period before considering a query complete without responders. > - Start `ResponseSender` immediately in `Engine.HandleQuery` to reduce first-status latency; publish via NATS when connected, fallback to `NilConnection` otherwise. > > **Reliability/safety** > > - Add `sync.Once` guard and deferred safety-net to ensure responder is ended exactly once, reporting `Cancel`, `Error`, or `Done` appropriately. > - When no adapters match, immediately mark responder `Done` and return. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 02cee61df749938ea145cd1016ce746619cd81a6. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 1404ea0e1209c9caec4e099847b6f62daeec0169
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adds discovery support for Azure Key Vault secrets and integrates it across the Azure source. > > - New `KeyVaultSecret` wrapper (`manual/keyvault-secret.go`): supports `Get` (vaultName+secretName) and `Search` (by vault), sets composite `uniqueAttr` (`vaultName|secretName`), links to parent `KeyVaultVault` (correct cross-RG scope) and `NetworkDNS`, defines Terraform mapping (`azurerm_key_vault_secret.id`) and IAM (`Microsoft.KeyVault/vaults/secrets/read`) > - New secrets client abstraction (`clients/secrets-client.go`) + generated gomock (`shared/mocks/mock_secrets_client.go`) > - Adapter wiring in `manual/adapters.go` (runtime and metadata registration) > - Integration test for real Azure (`integration-tests/keyvault-secret_test.go`) and comprehensive unit tests (`manual/keyvault-secret_test.go`) > - Utility update: `shared/utils.go` adds path keys for `azure-keyvault-secret` and helpers used for ID/URL extraction > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 403a6b39420f914438d9b7eb829fa7f6e307d36c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 3a08d960dc3a30929da2bf0188ecd27c83bed839
… 3f89685 (#3556) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto/googleapis/rpc](https://redirect.github.com/googleapis/go-genproto) | require | digest | `0a764e5` → `3f89685` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: d3f61b5ff01380ad7236845de6ff65142c42ca24
<!-- CURSOR_SUMMARY --> > [!NOTE] > Establishes Azure code generation and mock infrastructure, and validates it in CI. > > - Adds `azure-source code-gen` job in `.github/workflows/ci.yml` to `go generate` under `sources/azure` and fail on diffs; installs `mockgen` > - Installs `go.uber.org/mock/[email protected]` in devcontainer (`.cursor/devcontainer-build/Dockerfile`) > - Introduces concrete pager interfaces in `sources/azure/clients/pager_mocks.go` with `go:generate` directives for VM and StorageAccount pagers > - Generates new pager mocks (`mock_virtual_machines_pager.go`, `mock_storage_accounts_pager.go`) and helper aliases/factories (`pager_helpers.go`) > - Updates existing Azure mocks to use custom pager types (e.g., `clients.BlobContainersPager`, `clients.StorageAccountsPager`), removing direct SDK pager types > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 105af6925c6b15965ade338bb62462b0349cd7aa. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: e9c9d960f5c84a428b2d65479ec2c1c6f309f0e6
<!-- CURSOR_SUMMARY --> > [!NOTE] > Introduces discovery support for Azure `managedidentity-user-assigned-identity` with linked federated credentials. > > - New `UserAssignedIdentitiesClient` wrapper and pager in `clients/` using `armmsi` > - New manual adapter `managedidentity-user-assigned-identity` (GET/LIST, ListStream, Terraform mapping, IAM perms) linking to `managedidentity-federated-identity-credential` > - Registered adapter in `manual/adapters.go` for runtime and metadata paths > - Added item types/resources for `ManagedIdentityUserAssignedIdentity` and `ManagedIdentityFederatedIdentityCredential` > - Tests: unit tests with gomock and integration test creating/listing identity and verifying links > - Added mocks for the client and updated `go.mod/go.sum` to include `github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit a7d5da7d820efd936f5fbc48ccc6e32d5e8a359b. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: acbb9f431c5ef501fac959729580185756f5d83a
<!-- CURSOR_SUMMARY --> > [!NOTE] > Strengthens websocket client shutdown and message routing reliability. > > - Add dedicated `receiveCtx`/`receiveCancel` and `receiveDone` to coordinate `receive()` shutdown > - Update `Close()`/`abort()` to cancel `receive()`, wait for it to finish, then close the websocket and request channels (only if `conn` is non-nil) > - Make `postRequestChan()` non-blocking on cancellation and avoid sending under locks; select on `receiveCtx.Done()` vs `r <- msg` > - Minor locking adjustments to prevent deadlocks; check `Closed()` before sends > - New tests: `TestRaceConditionOnClose` (stress, skipped on CI) to ensure no "send on closed channel" panics; `TestNoMessageDroppingDuringNormalOperation` to assert no item loss under high throughput > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2b76fbd3bb2a6db7418ddd5d085e6d204d8aa6d0. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Copilot <[email protected]> GitOrigin-RevId: f7ff0268d7dd91aad14aaf4d45503b6372069f6f
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cloud.google.com/go/kms](https://redirect.github.com/googleapis/google-cloud-go) | `v1.23.2` → `v1.24.0` |  |  | | [cloud.google.com/go/run](https://redirect.github.com/googleapis/google-cloud-go) | `v1.13.0` → `v1.14.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.20.0` → `v1.21.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.279.1` → `v1.279.2` |  |  | | [github.com/aws/aws-sdk-go-v2/service/ecs](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.70.1` → `v1.71.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/eks](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.76.4` → `v1.77.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/rds](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.113.2` → `v1.114.0` |  |  | | [github.com/exaring/otelpgx](https://redirect.github.com/exaring/otelpgx) | `v0.9.4` → `v0.10.0` |  |  | | [github.com/getsentry/sentry-go](https://redirect.github.com/getsentry/sentry-go) | `v0.40.0` → `v0.41.0` |  |  | | [github.com/harness/harness-go-sdk](https://redirect.github.com/harness/harness-go-sdk) | `v0.7.0` → `v0.7.1` |  |  | | [github.com/onsi/ginkgo/v2](https://redirect.github.com/onsi/ginkgo) | `v2.27.4` → `v2.27.5` |  |  | | [github.com/posthog/posthog-go](https://redirect.github.com/posthog/posthog-go) | `v1.8.2` → `v1.9.0` |  |  | | [github.com/riverqueue/river](https://redirect.github.com/riverqueue/river) | `v0.29.0` → `v0.30.0` |  |  | | [github.com/riverqueue/river/riverdriver/riverpgxv5](https://redirect.github.com/riverqueue/river) | `v0.29.0` → `v0.30.0` |  |  | | [github.com/riverqueue/river/rivertype](https://redirect.github.com/riverqueue/river) | `v0.29.0` → `v0.30.0` |  |  | | [github.com/sirupsen/logrus](https://redirect.github.com/sirupsen/logrus) | `v1.9.3` → `v1.9.4` |  |  | | [go.etcd.io/bbolt](https://redirect.github.com/etcd-io/bbolt) | `v1.4.2` → `v1.4.3` |  |  | | [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | [`v0.48.0` → `v0.49.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.48.0...refs/tags/v0.49.0) |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.259.0` → `v0.260.0` |  |  | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `v1.43.0` → `v1.44.1` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ##⚠️ Warning These modules are almost certainly going to break everything. They do every time they update. If you update even one repo's OTEL modules, go will then pull in new versions due to [MVS](https://research.swtch.com/vgo-mvs) which will cause your repo to break. All [otel pull requests](https://redirect.github.com/pulls?q=is%3Aopen+is%3Apr+user%3Aovermindtech+archived%3Afalse+label%3Aobservability+) need to be merged basically at the same time, and after all of the modules have been updated to be compatible with each other. ##⚠️ Warning These modules contain database migrations that need to be added manually to our atlas migrations. Check the contents of https://github.com/riverqueue/river/tree/master/rivermigrate/migration before merging this update. --- ### Release Notes <details> <summary>aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/ec2)</summary> ### [`v1.279.2`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2026-01-15) #### Module Highlights - `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.41.0](service/cleanrooms/CHANGELOG.md#v1410-2026-01-15) - **Feature**: This release adds support for parameters in PySpark analysis templates. - `github.com/aws/aws-sdk-go-v2/service/deadline`: [v1.23.0](service/deadline/CHANGELOG.md#v1230-2026-01-15) - **Feature**: AWS Deadline Cloud now supports tagging Budget resources with ABAC for permissions management and selecting up to 16 filter values in the monitor and Search API. - `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.279.2](service/ec2/CHANGELOG.md#v12792-2026-01-15) - **Documentation**: This release includes documentation updates to support up to four Elastic Volume modifications per Amazon EBS volume within a rolling 24-hour period. - `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.71.0](service/ecs/CHANGELOG.md#v1710-2026-01-15) - **Feature**: Adds support for configuring FIPS in AWS GovCloud (US) Regions via a new ECS Capacity Provider field fipsEnabled. When enabled, instances launched by the capacity provider will use a FIPS-140 enabled AMI. Instances will use FIPS-140 compliant cryptographic modules and AWS FIPS endpoints. - `github.com/aws/aws-sdk-go-v2/service/evs`: [v1.6.0](service/evs/CHANGELOG.md#v160-2026-01-15) - **Feature**: A new GetVersions API has been added to retrieve VCF, ESX versions, and EC2 instances provided by Amazon EVS. The CreateEnvironment API now allows you to select a VCF version and the CreateEnvironmentHost API introduces a optional esxVersion parameter. - `github.com/aws/aws-sdk-go-v2/service/lakeformation`: [v1.47.0](service/lakeformation/CHANGELOG.md#v1470-2026-01-15) - **Feature**: API Changes for GTCForLocation feature. Includes a new API, GetTemporaryDataLocationCredentials and updates to the APIs RegisterResource and UpdateResource - `github.com/aws/aws-sdk-go-v2/service/opensearchserverless`: [v1.29.0](service/opensearchserverless/CHANGELOG.md#v1290-2026-01-15) - **Feature**: Collection groups in Amazon OpenSearch Serverless enables to organize multiple collections and enable compute resource sharing across collections with different KMS keys. This shared compute model reduces costs by eliminating the need for separate OpenSearch Compute Units (OCUs) for each KMS key. - `github.com/aws/aws-sdk-go-v2/service/qconnect`: [v1.26.0](service/qconnect/CHANGELOG.md#v1260-2026-01-15) - **Feature**: Fix inference configuration shapes for the CreateAIPrompt and UpdateAIPrompt APIs, Modify Text Length Limit for SendMessage API </details> <details> <summary>exaring/otelpgx (github.com/exaring/otelpgx)</summary> ### [`v0.10.0`](https://redirect.github.com/exaring/otelpgx/releases/tag/v0.10.0) [Compare Source](https://redirect.github.com/exaring/otelpgx/compare/v0.9.4...v0.10.0) #### What's Changed - feat: add option to disable tracing by [@​errcheckenjoyer](https://redirect.github.com/errcheckenjoyer) in [#​60](https://redirect.github.com/exaring/otelpgx/pull/60) - feat: allow access to context in SpanName function by [@​robsonpeixoto](https://redirect.github.com/robsonpeixoto) in [#​67](https://redirect.github.com/exaring/otelpgx/pull/67) #### New Contributors - [@​errcheckenjoyer](https://redirect.github.com/errcheckenjoyer) made their first contribution in [#​60](https://redirect.github.com/exaring/otelpgx/pull/60) - [@​robsonpeixoto](https://redirect.github.com/robsonpeixoto) made their first contribution in [#​67](https://redirect.github.com/exaring/otelpgx/pull/67) **Full Changelog**: <exaring/otelpgx@v0.9.4...v0.10.0> </details> <details> <summary>getsentry/sentry-go (github.com/getsentry/sentry-go)</summary> ### [`v0.41.0`](https://redirect.github.com/getsentry/sentry-go/releases/tag/v0.41.0): 0.41.0 [Compare Source](https://redirect.github.com/getsentry/sentry-go/compare/v0.40.0...v0.41.0) The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0. ##### Features - Add HTTP client integration for distributed tracing via `sentryhttpclient` package ([#​876](https://redirect.github.com/getsentry/sentry-go/pull/876)) - Provides an `http.RoundTripper` implementation that automatically creates spans for outgoing HTTP requests - Supports trace propagation targets configuration via `WithTracePropagationTargets` option - Example usage: ```go import sentryhttpclient "github.com/getsentry/sentry-go/httpclient" roundTripper := sentryhttpclient.NewSentryRoundTripper(nil) client := &http.Client{ Transport: roundTripper, } ``` - Add `ClientOptions.PropagateTraceparent` option to control W3C `traceparent` header propagation in outgoing HTTP requests ([#​1161](https://redirect.github.com/getsentry/sentry-go/pull/1161)) - Add `SpanID` field to structured logs ([#​1169](https://redirect.github.com/getsentry/sentry-go/pull/1169)) </details> <details> <summary>harness/harness-go-sdk (github.com/harness/harness-go-sdk)</summary> ### [`v0.7.1`](https://redirect.github.com/harness/harness-go-sdk/releases/tag/v0.7.1) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.7.0...v0.7.1) #### What's Changed - updating dependencies to resolve vulns by [@​3choBoomer](https://redirect.github.com/3choBoomer) in [#​687](https://redirect.github.com/harness/harness-go-sdk/pull/687) - Feature/ip allow list api by [@​markoskandylis](https://redirect.github.com/markoskandylis) in [#​692](https://redirect.github.com/harness/harness-go-sdk/pull/692) - chore(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​693](https://redirect.github.com/harness/harness-go-sdk/pull/693) #### New Contributors - [@​3choBoomer](https://redirect.github.com/3choBoomer) made their first contribution in [#​687](https://redirect.github.com/harness/harness-go-sdk/pull/687) - [@​markoskandylis](https://redirect.github.com/markoskandylis) made their first contribution in [#​692](https://redirect.github.com/harness/harness-go-sdk/pull/692) **Full Changelog**: <harness/harness-go-sdk@v0.7.0...v0.7.1> </details> <details> <summary>onsi/ginkgo (github.com/onsi/ginkgo/v2)</summary> ### [`v2.27.5`](https://redirect.github.com/onsi/ginkgo/releases/tag/v2.27.5) [Compare Source](https://redirect.github.com/onsi/ginkgo/compare/v2.27.4...v2.27.5) #### 2.27.5 ##### Fixes Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory </details> <details> <summary>posthog/posthog-go (github.com/posthog/posthog-go)</summary> ### [`v1.9.0`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.9.0) [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.8.2...v1.9.0) #### 1.9.0 - 2026-01-13 - [Full Changelog](https://redirect.github.com/PostHog/posthog-go/compare/v1.8.2...v1.9.0) </details> <details> <summary>riverqueue/river (github.com/riverqueue/river)</summary> ### [`v0.30.0`](https://redirect.github.com/riverqueue/river/releases/tag/v0.30.0) [Compare Source](https://redirect.github.com/riverqueue/river/compare/v0.29.0...v0.30.0) ##### Fixed - Fix possible nil pointer panic when using nil `opts` in `Migrator.MigrateTx`. [PR #​1117](https://redirect.github.com/riverqueue/river/pull/1117). </details> <details> <summary>sirupsen/logrus (github.com/sirupsen/logrus)</summary> ### [`v1.9.4`](https://redirect.github.com/sirupsen/logrus/releases/tag/v1.9.4) [Compare Source](https://redirect.github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4) #### Notable changes - go.mod: update minimum supported go version to v1.17 [#​1460](https://redirect.github.com/sirupsen/logrus/pull/1460) - go.mod: bump up dependencies [#​1460](https://redirect.github.com/sirupsen/logrus/pull/1460) - Touch-up godoc and add "doc" links. - README: fix links, grammar, and update examples. - Add GNU/Hurd support [#​1364](https://redirect.github.com/sirupsen/logrus/pull/1364) - Add WASI wasip1 support [#​1388](https://redirect.github.com/sirupsen/logrus/pull/1388) - Remove uses of deprecated `ioutil` package [#​1472](https://redirect.github.com/sirupsen/logrus/pull/1472) - CI: update actions and golangci-lint [#​1459](https://redirect.github.com/sirupsen/logrus/pull/1459) - CI: remove appveyor, add macOS [#​1460](https://redirect.github.com/sirupsen/logrus/pull/1460) **Full Changelog**: <sirupsen/logrus@v1.9.3...v1.9.4> </details> <details> <summary>etcd-io/bbolt (go.etcd.io/bbolt)</summary> ### [`v1.4.3`](https://redirect.github.com/etcd-io/bbolt/releases/tag/v1.4.3) [Compare Source](https://redirect.github.com/etcd-io/bbolt/compare/v1.4.2...v1.4.3) See the [CHANGELOG/v1.4.3](https://redirect.github.com/etcd-io/bbolt/blob/main/CHANGELOG/CHANGELOG-1.4.md#v1432025-08-19) for more details. </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.260.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.260.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.259.0...v0.260.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3428](https://redirect.github.com/googleapis/google-api-go-client/issues/3428)) ([0afb986](https://redirect.github.com/googleapis/google-api-go-client/commit/0afb986761463235d97270ab501a134b4b8f30ab)) - **all:** Auto-regenerate discovery clients ([#​3430](https://redirect.github.com/googleapis/google-api-go-client/issues/3430)) ([6fe40c6](https://redirect.github.com/googleapis/google-api-go-client/commit/6fe40c61fa1b8990057b5e668e54ba8657a57ea1)) - **all:** Auto-regenerate discovery clients ([#​3431](https://redirect.github.com/googleapis/google-api-go-client/issues/3431)) ([02e27cf](https://redirect.github.com/googleapis/google-api-go-client/commit/02e27cf37dfd4ac6b5177aea1e7e1e6c9489e19e)) - **all:** Auto-regenerate discovery clients ([#​3432](https://redirect.github.com/googleapis/google-api-go-client/issues/3432)) ([b147c8b](https://redirect.github.com/googleapis/google-api-go-client/commit/b147c8bae5b8087c272b85f423f5655d8eadba6c)) - **all:** Auto-regenerate discovery clients ([#​3433](https://redirect.github.com/googleapis/google-api-go-client/issues/3433)) ([d2187ce](https://redirect.github.com/googleapis/google-api-go-client/commit/d2187ce982d4fef390ad018c8939299bcc8a9b2e)) - **all:** Auto-regenerate discovery clients ([#​3435](https://redirect.github.com/googleapis/google-api-go-client/issues/3435)) ([b93c288](https://redirect.github.com/googleapis/google-api-go-client/commit/b93c288ec0e6dc55b121228c8236338de24d7256)) - **all:** Auto-regenerate discovery clients ([#​3437](https://redirect.github.com/googleapis/google-api-go-client/issues/3437)) ([28ff500](https://redirect.github.com/googleapis/google-api-go-client/commit/28ff500331f494c94fc461dfa66a442a7c0dede8)) - **all:** Auto-regenerate discovery clients ([#​3438](https://redirect.github.com/googleapis/google-api-go-client/issues/3438)) ([0172d56](https://redirect.github.com/googleapis/google-api-go-client/commit/0172d5662d927cd0e7411516e52b3181f8ce3c00)) </details> <details> <summary>cznic/sqlite (modernc.org/sqlite)</summary> ### [`v1.44.1`](https://gitlab.com/cznic/sqlite/compare/v1.44.0...v1.44.1) [Compare Source](https://gitlab.com/cznic/sqlite/compare/v1.44.0...v1.44.1) ### [`v1.44.0`](https://gitlab.com/cznic/sqlite/compare/v1.43.0...v1.44.0) [Compare Source](https://gitlab.com/cznic/sqlite/compare/v1.43.0...v1.44.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIiwib2JzZXJ2YWJpbGl0eSJdfQ==--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Dependency updates** > > - Bumps many modules (GCP `kms/run`, AWS SDK `ec2/ecs/eks/rds`, `posthog-go`, `sentry-go`, `riverqueue/*`, `logrus`, `ginkgo`, `google.golang.org/api`, `modernc.org/sqlite`, `golang.org/x/*`, etc.) in `go.mod`/`go.sum`. > > **Build/release** > > - Updates GoReleaser `snapshot.version_template` to strip `kargo/` from tags and default to `0.0.1-*` when no version in `cli/.goreleaser.yaml`. > > **Tests** > > - Adds `CloseWithContext` to `features/TestPosthogClient` to satisfy `posthog.Client` and ensure interface compliance. > - Improves `gateway/connection_manager_test.go` error handling and nil-connection checks. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 6f754f4a70d050ccf31455931f688a81e6b1e946. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 2ac0f90d3a6d49ed0b41b4d1dec0f2f07eaba7f1
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adds memory telemetry to key operational spans. > > - In `Engine.HealthCheck`, read memory stats via `tracing.ReadMemoryStats()` and attach with `tracing.SetMemoryAttributes(span, "ovm.healthcheck", ...)` > - In `Engine.SendHeartbeat`, capture the current span and attach memory stats with prefix `ovm.heartbeat` > - Imports updated to include `tracing` and `otel/trace` where needed > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 373a1a243bff68e72e52ef60d5a3e4ac9e851b11. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 2e04e3b6bf9a7c2eb22a341bd3e8ee54e9d61ca4
…… (#3576) …tracker <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Adds consistent tracing attributes for better observability. > > - Add `ovm.sdp.source_name` (and `ovm.engine.type`/`ovm.engine.version` where applicable) to spans in `HealthCheck`, `HandleQuery`, `Execute`, `SendHeartbeat`, `QueryTracker.Execute`, `HandleCancelQuery`, and log records request handlers > - Import `attribute` where needed; no functional behavior changes > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit b67805da6d97779cadcaa06a246358f9def3a02e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: b88a131e31486986632548f6e41140e2f552b050
<!-- CURSOR_SUMMARY --> > [!NOTE] > Unifies adapter metadata and construction across clouds. > > - Introduces `LocationLevel` (replacing `Scope`) and `GetEndpointFunc` (replacing `GetEndpointBaseURLFunc`) in `AdapterMeta`; updates all GCP adapter registrations and Azure shared metadata accordingly > - Updates dynamic adapter assembly to group by `LocationLevel` and call `GetEndpointFunc`; adjusts `makeScope` to switch on `LocationLevel` > - Modifies tests to assert `GetEndpointFunc` and `LocationLevel` instead of old fields > - Enhances GCP linker to use `LocationLevel` and capture unsupported levels via Sentry > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 06f679842031a214b15140e465b5187e5f380481. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 7af8e9f87ade72aa485fb85b097e512bf24d7103
<!-- CURSOR_SUMMARY --> > [!NOTE] > Significantly enriches Azure resource graph with scope-aware links and parsing utilities. > > - **Compute VM adapter**: Adds links to `compute-disk`, `compute-disk-encryption-set`, `network-network-interface`, `compute-availability-set`, `compute-proximity-placement-group`, `compute-dedicated-host-group`, `compute-capacity-reservation-group`, `compute-virtual-machine-scale-set` (incl. `managedBy`), `compute-image`, `compute-shared-gallery-image` and `compute-shared-gallery-application-version`, `managed-identity-user-assigned-identity`, and `key-vault-vault`; introduces stdlib links to `network-http` (boot diagnostics URL) and `dns` (extracted via `ExtractDNSFromURL`). All links now derive `Scope` from resource IDs when cross-RG/subscription. > - **Network VNet adapter**: Adds links to `network-ddos-protection-plan`; from subnets to `network-network-security-group`, `network-route-table`, `network-nat-gateway`, and `network-private-endpoint`; and from peerings to remote `network-virtual-network`, with cross-scope resolution. > - **Tests**: Adds extensive `shared/utils` tests for Azure ID/URI parsing (`ExtractScopeFromResourceID`, SQL resource helpers, Key Vault URI helpers, `ExtractDNSFromURL`) and `DetermineSourceResourceType`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit eab2f4a46d3dc0775fb26cd946d3cf031819098d. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: dcbbb3ac43afa5842ba9750c5afce8088b53987f
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adds hypotheses to the change archive and wires them through import/export. > > - Extend `sdp/area51.proto` `ChangeArchive` with `repeated changes.HypothesesDetails hypotheses` and regenerate Go/TS code > - `api-server/server/admin/changes.go`: include DB hypotheses in `getChangeArchiveBytes()` and persist `archive.GetHypotheses()` on `processUploadedChangeFile()` > - Add `TestChangeArchiveHypothesesRoundTrip` to verify download→upload persistence; minor wiring for HTTP client in test > - No changes to existing risk/timeline logic beyond packaging alongside `Hypotheses` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 39ae65ce13d5198905366f9e655f0cd4e7b5948d. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: e8c149b940518fe73ae94b4ceecd4180fce4679f
Related to https://linear.app/overmind/issue/ENG-2155/implement-multi-scope-providers <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Implements multi-scope support across sources and expands Azure coverage. > > - API change: all wrappers’ `Get/List/Search/ListStream` now accept `scope`; errors and items use the provided scope > - Scope-aware linking: linked queries prefer incoming `scope`, extract cross-RG/ID scopes when present, and fall back to incoming scope > - Refactors AWS API Gateway (API Key, Stage) and multiple Azure/GCP wrappers to pass/use scope consistently > - Adds Azure manual adapters with rich linked items: `BatchBatchAccount`, `ComputeDisk`, `ComputeAvailabilitySet`, `ComputeVirtualMachineScaleSet`, `DBforPostgreSQLFlexibleServer`, `DBforPostgreSQLDatabase`; updates related tests > - Documentation updates: Azure/GCP linked-item/query creation guides and manual adapter rules; README examples updated for new signatures > - Minor: `.gitignore` tweak > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit d0b15f0970c1e4257d3946a459988cfa0bff7d8c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 17c531840e44742314ed62037d3f6263be7af147
## Problem Statement Previously, GCP setup scripts were duplicated between the monorepo frontend and the public [`overmindtech/gcp-source-setup`](https://github.com/overmindtech/gcp-source-setup) repository. This created maintenance overhead and risked the two versions diverging, with users potentially getting outdated scripts via the Cloud Shell button. ## Solution Overview This PR establishes a **single source of truth** for GCP setup scripts in the monorepo and implements automated syncing to the public repository via Copybara CI, eliminating duplication while improving maintainability. --- ## Changes Made ### 1. **Consolidated GCP Setup Scripts** 📁 Created `sources/gcp/setup/` as the canonical location for all GCP setup resources: **Scripts** (`sources/gcp/setup/scripts/`): - `overmind-gcp-source-setup.sh` - Main permission setup script (parameterized, accepts project ID and service account as arguments) - `overmind-gcp-source-setup-impersonation.sh` - Setup with impersonation support - `overmind-gcp-roles.sh` - Centralized list of 39 required IAM roles - `overmind-gcp-source-permission-check.sh` - Validation script to verify permissions **Documentation**: - `README.md` - Public repository documentation with usage instructions - `tutorial.md` - Cloud Shell walkthrough tutorial **Key Design Decision**: Scripts are now fully parameterized (no hardcoded values), making them suitable for both Cloud Shell and local execution. The frontend now displays the script and its invocation separately, allowing users to copy-paste independently. ### 2. **Frontend Integration with Build-Time Generation** ⚡ **Challenge**: Frontend needs access to bash scripts, but Node.js `fs` module isn't available in the browser (breaks Ladle and client-side rendering). **Solution**: Implemented build-time script generation: - **`frontend/scripts/generate-gcp-scripts.mjs`**: Node.js script that reads bash files and generates `gcp-scripts-generated.ts` with inlined script content - **`frontend/src/features/settings/sources/details/gcp-scripts-generated.ts`**: Auto-generated TypeScript file (not manually editable) - **`frontend/src/features/settings/sources/details/gcp-scripts.ts`**: Imports from generated file; Terraform templates remain hardcoded (proper Terraform module is out of scope) - **`frontend/package.json`**: Added `generate:gcp-scripts` script and `prebuild` hook to run before Next.js build **Updated Component**: `GCPSourceDetails.tsx` now: - Shows the raw script content in one code block - Shows the parameterized invocation command in a separate code block - Includes a fallback for `NEXT_PUBLIC_GCP_SERVICE_ACCOUNT_DOMAIN` environment variable ### 3. **Ladle Component Stories** 🎭 Created `GCPSourceDetails.stories.tsx` with comprehensive test scenarios: - Direct access (healthy, error, pending states) - Impersonation mode (healthy, error, pending states) - Instructions expanded view **Includes**: - Mock `OvermindAccountProvider` context - Realistic mock data with proper protobuf object creation - Account name set to `acme-corp-production` for realistic service account generation ### 4. **Copybara Configuration** 🔄 Added `gcp-source-setup` workflow to `copy.bara.sky`: - **Origin**: `overmindtech/workspace` monorepo (`main` branch) - **Destination**: `overmindtech/gcp-source-setup` public repository (`main` branch) - **Mode**: `ITERATIVE` (syncs commit history) - **Transformations**: Flattens directory structure (`sources/gcp/setup/scripts/` → root) - **Error Handling**: Uses `noop_behavior = "IGNORE_NOOP"` to handle historical commits where files don't exist yet ### 5. **Reusable Copybara CI Composite Action** 🤖 **Created**: `.github/actions/copybara-sync/action.yml` Encapsulates all Copybara operations: 1. Sets up Depot for image building 2. Builds Copybara container using `depot/bake-action` 3. Loads GitHub credentials from 1Password 4. Configures Git authentication 5. Runs Copybara sync with proper error handling (exit code 4 = no changes is OK) 6. Cleans up credentials on completion **Benefits**: - Eliminates duplication across workflows - Consistent authentication and error handling - Easy to add new Copybara syncs in the future ### 6. **CI/CD Workflows** 🚀 **Created**: `.github/workflows/gcp-source-setup-sync.yml` - **Trigger**: Pushes to `main` affecting `sources/gcp/setup/**` or `copy.bara.sky` - **Behavior**: Automatically syncs changes to public repository - **Concurrency**: Cancels in-progress runs to avoid conflicts - **Push Strategy**: Direct push to `main` (no PR needed, since these are maintenance scripts) **Updated**: `.github/workflows/cli-release.yml` - Refactored to use the new composite action - Reduced from ~100 lines to ~60 lines - Maintained CLI-specific "ensure destination branch tracks main" step - Push Strategy: Creates version branches (`copybara/vX.Y.Z`) for PR-based releases ## Architecture Diagram ```mermaid flowchart TB subgraph monorepo [Monorepo: sources/gcp/setup] scripts[Bash Scripts<br/>Single Source of Truth] docs[README + Tutorial] end subgraph frontend [Frontend Build Process] generator[generate-gcp-scripts.mjs] generated[gcp-scripts-generated.ts] component[GCPSourceDetails.tsx] end subgraph ci [CI: Copybara Sync] composite[Composite Action<br/>copybara-sync] workflow[gcp-source-setup-sync.yml] end subgraph public [Public Repo: gcp-source-setup] pubscripts[Scripts at Root] pubdocs[Documentation] end scripts --> generator generator --> generated generated --> component scripts --> workflow docs --> workflow workflow --> composite composite --> pubscripts docs --> pubdocs ``` --- ## Breaking Changes None. This is a refactoring that maintains backward compatibility: - Frontend UI remains unchanged - Public repository structure remains the same - Scripts maintain the same interface (arguments and behavior) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Unifies GCP setup scripts and automates syncing while updating the frontend to consume them safely. > > - Adds canonical GCP setup assets in `sources/gcp/setup/` (scripts, `README.md`, `tutorial.md`) including parameterized setup, impersonation, roles list, and a permission-check script > - Frontend build-time codegen: `scripts/generate-gcp-scripts.mjs` produces `gcp-scripts-generated.ts`; `gcp-scripts.ts` imports generated content; `Dockerfile` copies `sources/gcp/setup/scripts`; `package.json` adds `generate:gcp-scripts`; ESLint ignores `scripts/**` > - Updates `GCPSourceDetails.tsx` to show raw scripts vs invocation commands, tweaks Cloud Shell instructions, and adds SA domain fallback; adds Ladle stories for GCP source states > - CI: new `frontend-code-gen` job to enforce generated file freshness > - Introduces reusable `.github/actions/copybara-sync` composite action; `cli-release.yml` refactored to use it > - Adds Copybara workflow `gcp-source-setup` in `copy.bara.sky` and `gcp-source-setup-sync.yml` to push changes to `overmindtech/gcp-source-setup` (flattens paths) > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 328dfc79df10de9de7f79a639c44fd3a5f9b84b1. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 84ffdc833f5a2ddc1e05e0f7af7077ea0dc3c334
<!-- CURSOR_SUMMARY --> > [!NOTE] > Introduces Azure Role Assignment discovery with proper scoping and linking. > > - New adapter `authorization-role-assignment` with `List`/`Get`, unique key, Terraform mapping, IAM permissions, and links to `authorization-role-definition` (subscription-scoped) and `managedidentity-user-assigned-identity` > - Client wrapper `RoleAssignmentsClient` and generated mocks > - New item types and models: `authorization` API, `role-assignment`, `role-definition`; scope helpers (`ConstructRoleAssignmentScope`, `ExtractSubscriptionIDFromResourceID`, `SubscriptionIDFromScope`) > - Adapter wired into initialization and metadata registration > - Tests: unit tests for adapter and pager; integration test creating/reading/deleting role assignments and verifying linked queries > - Docs: clarify scope handling for subscription-level resources; Dependencies: add `armauthorization/v3` to `go.mod`/`go.sum` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 5b8c6229a824bd4c3f773618e9ecac7cf8a3b21e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 3d4148a0393db6d09885a02223d31baa7734193b
<!-- CURSOR_SUMMARY --> > [!NOTE] > Restores standalone executability of the GCP bash scripts and aligns the generator with explicit inline markers. > > - Updates `overmind-gcp-source-setup.sh` and `overmind-gcp-source-permission-check.sh` to use `# @Generator:inline-start:overmind-gcp-roles.sh` / `# @Generator:inline-end` with an actual `source "$(dirname "$0")/overmind-gcp-roles.sh"` line so scripts run directly > - Changes `generate-gcp-scripts.mjs` to replace the entire marked inline block (new `inlineRoles` regex) when generating TypeScript, keeping roles inlined for the UI while preserving bash behavior > - Adds `frontend/scripts/README-generate-gcp-scripts.md` documenting the architecture, markers, generation workflow, and CI validation > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 13c571113a284a663ffde237a5477ceda8968d05. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: f293af76106b683e7c964fdcf1ca232ab6c0f076
Add ovm.sdp.streaming OTEL attribute to distinguish streaming vs non-streaming adapter methods for better observability. This can be used to verify that we're using streaming correctly. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Improves trace observability of adapter executions. > > - Sets `ovm.sdp.streaming` on `Execute` spans: `true` for `ListStream`/`SearchStream`, `false` for `GET` and non‑streaming `List`/`Search` > - No runtime behavior changes beyond added span attributes and counts > - Clarifies `maxParallel` description in `srcman.overmind.tech_sources` CRD (docs only) > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 18e94418d1830ce02e8b5c07885454a3f1a05637. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 7b37085aa30a6e891fc6ddb55de6982955c4a909
This change refactors GCP adapter initialization to leverage the multi-scope capability from PR #3484 across multiple projects, significantly reducing memory footprint and improving architecture clarity. Key changes: - **Use LocationInfo throughout the stack**: Build LocationInfo slices once in Initialize() and pass them down through adapters(), manual.Adapters(), and dynamic.Adapters(), eliminating redundant construction - **Single adapter per type across all projects**: Instead of creating N×M adapters for N projects and M adapter types, we now create just M adapters that handle all projects. For example, 3 projects with 100 adapter types now creates 100 adapters instead of 300 - **Refactor ProjectHealthChecker**: Changed from map[string]Adapter (one per project) to a single multi-project adapter, consistent with the new architecture - **Improved logging**: Show "<discover all projects>" when no parent is specified for better operational clarity - **Use BigQuery.DetectProjectID**: Leverage BigQuery's built-in project detection instead of manually extracting from LocationInfo Benefits: - Reduced memory footprint (N×100 → 100 adapters) - Cleaner data flow with LocationInfo passed through the stack - Single cache instance per adapter type across all projects - Simpler architecture with fewer adapter instances to manage The GCP API clients are already multi-project capable (project ID is passed in request parameters), and LocationInfo contains ProjectID/Region/Zone, so adapters can validate requests against their configured locations slice. --- Optimize GCP resource discovery using aggregatedList API Reduces API calls significantly when listing GCP resources across multiple zones/regions by leveraging aggregatedList instead of per-zone API calls. Introduces wildcard scope support in the discovery engine, allowing adapters to opt-in to handling '*' scope directly. When compute-instance and compute-disk adapters receive a wildcard scope, they now call aggregatedList once per project instead of once per zone, then filter results to configured locations. Example: 3 projects × 5 zones = 15 API calls → 3 API calls <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Modernizes GCP discovery to reduce adapter count and API calls while clarifying scope handling. > > - Introduces optional `WildcardScopeAdapter` (and wrapper equivalent) and updates `AdapterHost.ExpandQuery` to pass `*` scopes directly to supporting adapters (no expansion); adds tests > - Refactors adapter construction to pass `[]LocationInfo` throughout (`manual.Adapters`, `dynamic.Adapters`, `proc.adapters`), creating one adapter per type across all projects/regions/zones > - Implements aggregated listing for `compute-instance` and `compute-disk` wrappers when scope is `*` (`AggregatedList` + filtering to configured locations); supports streaming variants; adds helper methods `GetProjectIDs`, `HasLocation`, and `ParseAggregatedListScope` > - Simplifies `ProjectHealthChecker` to use a single multi-project Cloud Resource Manager adapter; updates logging and tests (including skipping obsolete missing-adapter test) > - Uses `bigquery.DetectProjectID` for client init; minor metadata/validation plumbing in `transformer.go` > - Updates mocks and tests across packages to cover new paths and interfaces > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 8e44e7f736d2c22fa62c61d753a67fa031f45007. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: d002fdedc07a61e450de6898759b918ac46272a5
…(#3583) <img width="3153" height="1993" alt="image" src="https://github.com/user-attachments/assets/ab9890ef-3cc7-434d-a1b3-4c649e4aa1ea" /> **change max timeout 1min, hits deadline job is retried** <img width="3768" height="1175" alt="image" src="https://github.com/user-attachments/assets/08fd8d24-22de-41d7-a263-29ecae90a5b8" /> **change max timeout 3 minutes, completes successfully.** Based on ENG-2151 investigation and production metrics: - Blast radius gets 67% of total timeout (SOFT timeout with graceful degradation) - Investigation gets remaining 33% (no separate timeout needed) - Total timeout is configurable via BlastRadiusMaxTime (1-30 minutes) - Remove other timeouts for simplicity. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Introduces a unified `changeAnalysisMaxTimeout` (1–30 min) and applies a 67% soft timeout to blast radius with the remaining ~33% for investigation. > > - Replaces `BlastRadiusMaxTime` with `ChangeAnalysisMaxTimeout` across server, workers, args, presets, and protobufs (`sdp/config.proto`, Go/TS generated code) with defaults (10m) and River worker max of 30m > - Applies overall job timeout via context; computes blast-radius soft timeout via `CalculateBlastRadiusSoftTimeout` (shared utilities), removes ad‑hoc deadlines, and adds 20s save-snapshot timeout; keeps per-query cap via `QUERY_MAX_TIMEOUT` (1m) > - Admin UI form/templ renamed to `changeAnalysisMaxTimeout` with updated help text; handler parses/validates and propagates through job args > - CLI adds `--change-analysis-max-timeout` (validates 1–30m), deprecates `--blast-radius-max-time`, and maps legacy value to the new total (×1.5); refactored config creation helper and tests > - Config service/presets now emit `ChangeAnalysisMaxTimeout`; selection/validation updated; tests adjusted > - Misc: small telemetry/log fixes, context usage cleanups, and unit tests for timeout calculations > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 895567f0ee2ca57a7efa248a2a36dedcf0c47a5b. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: c5363a8fecd45cd0c15ddef22a09708df3be2c6c
…n (#3605) <!-- CURSOR_SUMMARY --> > [!NOTE] > **BigQuery client initialization** > > - Initialize `bigquery.NewClient` with the first `projectLocations` project ID instead of `bigquery.DetectProjectID` > - Validate presence of at least one project ID and return an error if none is provided > - Add detailed comments explaining billing implications and rationale for explicit configuration > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c4d3b90c2fd006741ef13b8bde9199eca4fd0c3b. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 9c336d0c95070d09b1dd468d353982a990c90d79
This should counterbalance some of the parallelization potential lost by moving everything into a single Adapter instance. We'll need to run some proper tests and look at honeycomb to see the full effect. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Speeds up cross-project discovery by running aggregated listings in parallel and tightening error handling. > > - Parallel `AggregatedList` for `compute-disk` and `compute-instance` using `conc/iter` (MapErr, `MaxGoroutines: 10`); aggregates per-project items and surfaces per-project `QueryError`s > - Stream variants use `conc/pool` with 10 goroutines per project, forwarding errors via `stream.SendError` and waiting for completion > - Consistently sets `ReturnPartialSuccess: true` and converts iterator failures into `sdp.QueryError` while preserving existing caching and item conversion > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 03f9013d422280891d2927e4f58383ea3495c062. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 61cb63cc06127d029c6a83ac5a04cd332e067de4
<!-- CURSOR_SUMMARY --> > [!NOTE] > Introduces first-class support for Azure `computeDiskEncryptionSet` and upgrades Azure Compute SDK. > > - New `DiskEncryptionSetsClient` wrapper, `manual.NewComputeDiskEncryptionSet` adapter with lookups, links to `keyvault` vault/key, user-assigned identity, and `dns`; plus unit and integration tests that provision a DES, Key Vault key, and identity > - Registers the new adapter in `manual/adapters.go` (runtime and metadata paths) > - Upgrades all Azure compute imports from `armcompute/v6` to `armcompute/v7` across clients, manual adapters, tests, and mocks; updates `go.mod`/`go.sum` > - Integration tests: add DES end-to-end; adjust Key Vault tests to optionally skip deletion (env `CLEANUP_AZURE_INTEGRATION_TESTS`) and add soft-delete purge/availability handling > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 3820a9263bd6b2b6b1d57bf391986d153f92ab60. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 63c879b4c31cfefb8929f8f5946c34fc48aadd12
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adds support for Azure `compute-image` resources with discovery and linking. > > - New `clients.ImagesClient` wrapper and `ImagesPager` alias for Azure SDK images > - New `manual/compute-image` wrapper implementing `List`, `ListStream`, and `Get`; builds links to `compute-disk`, `compute-snapshot`, `compute-disk-encryption-set`, `storage-account`, `network-http`, `network-dns`, and source `compute-virtual-machine`; includes Terraform mapping and IAM perms > - Registered image adapter in `manual/adapters.go` for both runtime initialization and metadata-only mode > - Integration test creates a disk and image, verifies get/list and linked items, and tears down resources; unit tests cover listing, streaming, link generation, errors, and lookups with gomock > - Added `ExtractStorageAccountNameFromBlobURI` utility and generated `MockImagesClient` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2169d2d721a18aa7ea4d9915cc5a5efd900d8d5e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 2095d0ba8d3ab1466c4a56678752f4a7ccded27b
<!-- CURSOR_SUMMARY --> > [!NOTE] > Migrates the `autoscaling-auto-scaling-policy` adapter to internal helpers and strengthens parsing/linking logic with full test coverage. > > - Replaces `adapterhelpers` usages with local equivalents: `ToAttributesWithExclude`, `ParseARN`, `DescribeOnlyAdapter`, `Paginator`, and pointer helpers in tests > - Implements composite unique key `UniqueName` (`asgName/policyName`) and links to `autoscaling-auto-scaling-group`, `cloudwatch-alarm`, `elbv2-load-balancer`, and `elbv2-target-group` > - Adds `parseResourceLabelLinks` to extract ELBv2 load balancer/target group from `ResourceLabel` and wires it into TargetTracking/PredictiveScaling paths > - Defines `InputMapperGet`, `InputMapperList`, and `InputMapperSearch` with strict validation and ARN parsing; adjusts adapter `cache` field > - Introduces extensive unit tests covering output mapping, link generation, `ResourceLabel` parsing, and GET/SEARCH input mappers > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 2edb88dfaadd4f6856694282136373a4e63bd05d. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 4c7495847ed84c69827014a16a90f9f5e63689c4
![https://cursor.com/open-in-cursor-dark.svg"><source](https://cursor.com/open-in-cursor-dark.svg"><source){kind=link}
![https://cursor.com/open-in-cursor-light.svg"><img](https://cursor.com/open-in-cursor-light.svg"><img){kind=link}
![https://cursor.com/open-in-cursor.svg"></picture></a> <a](https://cursor.com/open-in-cursor.svg"></picture></a> <a){kind=link}
![https://cursor.com/open-in-web-dark.svg"><source](https://cursor.com/open-in-web-dark.svg"><source){kind=link}
![https://cursor.com/open-in-web-light.svg"><img](https://cursor.com/open-in-web-light.svg"><img){kind=link}
![https://cursor.com/open-in-web.svg"></picture></a](https://cursor.com/open-in-web.svg"></picture></a){kind=link}
…er. (#3630) We found that there were a lot of things that were not linked to the crypto keys that are used to encrypt them, and it turns out the reason is because they link to a particular version of a crypto key, and we did not have that adapter. We've added the crypto key versions adapter, and we've also enabled list on the key rings because key rings are the top-most resource here. So you have to find the key rings in order to find the keys, then you have to find the keys in order to find the version. So we have to have a list somewhere. Otherwise, we cannot discover this at all. So I've added that as well. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Adds KMS version-level discovery and enables complete traversal from KeyRings → CryptoKeys → CryptoKeyVersions. > > - New adapter `cloud-kms-crypto-key-version` with `GET` and `SEARCH`, links to parent `gcp-cloud-kms-crypto-key`, optional `gcp-cloudkms-importjob`, and `gcp-cloudkms-ekmconnection`; sets health from version state > - `cloud-kms-crypto-key`: adds links to all versions (`SEARCH`) and to primary version (`GET`) > - `cloud-kms-key-ring`: implements `LIST` and `ListStream` across all project locations by calling `ListLocations` then parallel `SEARCH`; fixes unique key parsing > - Wiring: registers new client and adapter in `adapters.go`; extends shared KMS clients/interfaces and generated mocks > - IAM/roles: adds required permissions (`cloudkms.cryptoKeyVersions.*`, `cloudkms.locations.list`) to `roles/cloudkms.viewer` > - Docs: new `gcp-cloud-kms-crypto-key-version` page; updates Key Ring docs to include `LIST` > - Tests: comprehensive unit tests for new adapter, updated links, and KeyRing list/stream paths > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 80956bf6eaf3e345f09ebaf116abceeca2cf83d9. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Cursor Agent <[email protected]> GitOrigin-RevId: 4679bfffae128b18818202bee7bc31e8d4c42f3a
<!-- CURSOR_SUMMARY --> > [!NOTE] > Introduces in-flight lookup deduplication to the cache layer and exposes a way to cancel pending work. > > - **Add `pendingWork`** (new `sdpcache/pending.go`) to coordinate concurrent `Lookup` calls per cache key > - **Integrate into `MemoryCache` and `BoltCache`**: track pending work, wait on first worker, re-check cache on completion; signal via `Complete` in `StoreItem`/`StoreError` > - **Extend `Cache` interface** with `CancelPendingWork(ck)`, implement in both caches; no-op in `NoOpCache` > - **Update adapter tests** to call `CancelPendingWork` on non-cached error paths > - **Add comprehensive tests** for dedup success, timeout/cancel paths, and "complete without store" for both caches > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 12130faa92e4cc24c6699ba350796e895163d67f. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: fabb9d8a4463527044263de66efd1d27b26eee50
…t to 7854796 (#3632) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/hashicorp/terraform-config-inspect](https://redirect.github.com/hashicorp/terraform-config-inspect) | require | digest | `225c06e` → `7854796` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NS4xIiwidXBkYXRlZEluVmVyIjoiNDIuODUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Streamlines dependency declarations and updates a key module. > > - Updates `github.com/hashicorp/terraform-config-inspect` to `v0.0.0-20260120201749-785479628bd7` > - Promotes several modules to direct `require`, including Azure SDK packages (`armauthorization`, `armbatch`, `armcompute/v7`, `armcosmos`, `armdns`, `armkeyvault`, `armmsi`, `armnetwork/v6`, `armpostgresqlflexibleservers/v5`, `armresources/v2`, `armsql`, `armstorage/v2`), `go.etcd.io/bbolt`, `golang.org/x/sync`, and `google.golang.org/genproto` (core and `googleapis/rpc`) > - Removes duplicate/separate Azure `require` block and trims corresponding entries from the indirect section > - Updates `go.sum` accordingly > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7c87653fc1e5228f3c84cd264957b02ce7b9971d. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 92e4a36525b4e5c9f86fd688d9c8343b6754411c
…… (#3631) These are two weird endpoints in that there are global and regional endpoints, and you really don't know which is going to be which. However, the items that they return are the same. So, previously, for backend services: We would take two different types, literally two different adapters for back-end services, one for regional and one for global. This combines that into one, so it's just one adapter that does regional and global, and it uses the scope to decide which. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Unifies GCP Compute adapters to handle both global and regional resources in one place, with stricter scope validation and updated link resolution. > > - Introduces dual-scope wrappers for `compute backend services` and `health checks` that route requests to global or regional APIs based on `scope`; adds explicit scope validation > - Wires new dual-scope adapters in `adapters.go`; creates regional REST clients for backend services and health checks > - Removes regional-only backend service adapter and tests; consolidates item type to `ComputeBackendService` for both global/regional > - Adds regional health check client/interfaces, iterators, and mocks; extends predefined roles/IAM perms to include `compute.regionHealthChecks.*` > - Enhances linkers: new `HealthCheckLinker` (global/regional), BackendService linker now infers scope without separate type > - Updates tests (unit + integration) to cover global/regional GET/LIST/ListStream paths and scope validation > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 639bcb20f25426766e6b98d1bd687951db7518f1. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 41fe3e1eec754823b0a382c4b5a7e285582daf0e
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cloud.google.com/go/aiplatform](https://redirect.github.com/googleapis/google-cloud-go) | `v1.113.0` → `v1.114.0` |  |  | | [cloud.google.com/go/auth](https://redirect.github.com/googleapis/google-cloud-go) | `v0.18.0` → `v0.18.1` |  |  | | [cloud.google.com/go/compute](https://redirect.github.com/googleapis/google-cloud-go) | `v1.53.0` → `v1.54.0` |  |  | | [cloud.google.com/go/kms](https://redirect.github.com/googleapis/google-cloud-go) | `v1.24.0` → `v1.25.0` |  |  | | [cloud.google.com/go/run](https://redirect.github.com/googleapis/google-cloud-go) | `v1.14.0` → `v1.15.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/autoscaling](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.62.5` → `v1.64.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/dynamodb](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.53.6` → `v1.54.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.279.2` → `v1.281.0` |  |  | | [github.com/harness/harness-go-sdk](https://redirect.github.com/harness/harness-go-sdk) | `v0.7.1` → `v0.7.2` |  |  | | [github.com/miekg/dns](https://redirect.github.com/miekg/dns) | `v1.1.70` → `v1.1.72` |  |  | | [github.com/posthog/posthog-go](https://redirect.github.com/posthog/posthog-go) | `v1.9.0` → `v1.9.1` |  |  | | [github.com/riverqueue/river](https://redirect.github.com/riverqueue/river) | `v0.30.0` → `v0.30.1` |  |  | | [github.com/riverqueue/river/riverdriver/riverpgxv5](https://redirect.github.com/riverqueue/river) | `v0.30.0` → `v0.30.1` |  |  | | [github.com/riverqueue/river/rivertype](https://redirect.github.com/riverqueue/river) | `v0.30.0` → `v0.30.1` |  |  | | [github.com/stripe/stripe-go/v84](https://redirect.github.com/stripe/stripe-go) | `v84.1.0` → `v84.2.0` |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.260.0` → `v0.262.0` |  |  | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `v1.44.1` → `v1.44.3` |  |  | | [sigs.k8s.io/controller-runtime](https://redirect.github.com/kubernetes-sigs/controller-runtime) | `v0.22.4` → `v0.23.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ##⚠️ Warning These modules contain database migrations that need to be added manually to our atlas migrations. Check the contents of https://github.com/riverqueue/river/tree/master/rivermigrate/migration before merging this update. --- ### Release Notes <details> <summary>aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/autoscaling)</summary> ### [`v1.64.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2025-08-26) #### General Highlights - **Dependency Update**: Updated to the latest SDK module versions #### Module Highlights - `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.42.0](service/appconfig/CHANGELOG.md#v1420-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/appmesh`: [v1.34.0](service/appmesh/CHANGELOG.md#v1340-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.38.0](service/apprunner/CHANGELOG.md#v1380-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/arczonalshift`: [v1.22.0](service/arczonalshift/CHANGELOG.md#v1220-2025-08-26) - **Feature**: This release adds new API options to enable allowed windows and multiple alarms for practice runs. - `github.com/aws/aws-sdk-go-v2/service/bedrockagentcorecontrol`: [v1.4.0](service/bedrockagentcorecontrol/CHANGELOG.md#v140-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.31.0](service/cleanrooms/CHANGELOG.md#v1310-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.49.0](service/cloudwatch/CHANGELOG.md#v1490-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/codecommit`: [v1.32.0](service/codecommit/CHANGELOG.md#v1320-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/codestarconnections`: [v1.34.0](service/codestarconnections/CHANGELOG.md#v1340-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/comprehendmedical`: [v1.31.0](service/comprehendmedical/CHANGELOG.md#v1310-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/connectcontactlens`: [v1.32.0](service/connectcontactlens/CHANGELOG.md#v1320-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/connectparticipant`: [v1.35.0](service/connectparticipant/CHANGELOG.md#v1350-2025-08-26) - **Feature**: Amazon Connect Participant Service: Remove unused fields from WebRTCConnection - `github.com/aws/aws-sdk-go-v2/service/controlcatalog`: [v1.13.0](service/controlcatalog/CHANGELOG.md#v1130-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.54.0](service/datasync/CHANGELOG.md#v1540-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/dlm`: [v1.34.0](service/dlm/CHANGELOG.md#v1340-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.35.0](service/drs/CHANGELOG.md#v1350-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.247.0](service/ec2/CHANGELOG.md#v12470-2025-08-26) - **Feature**: Add new APIs for viewing how your shared AMIs are used by other accounts, and identify resources in your account that are dependent on particular AMIs - `github.com/aws/aws-sdk-go-v2/service/elastictranscoder`: [v1.32.0](service/elastictranscoder/CHANGELOG.md#v1320-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/evs`: [v1.4.0](service/evs/CHANGELOG.md#v140-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/finspace`: [v1.33.0](service/finspace/CHANGELOG.md#v1330-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/gamelift`: [v1.46.0](service/gamelift/CHANGELOG.md#v1460-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/georoutes`: [v1.6.0](service/georoutes/CHANGELOG.md#v160-2025-08-26) - **Feature**: Added RouteFerryNotice PotentialViolatedVehicleRestrictionUsage value for CalculateRoutes. This value indicates when the Route is potentially forbidden for the given vehicle profile. - `github.com/aws/aws-sdk-go-v2/service/glacier`: [v1.31.0](service/glacier/CHANGELOG.md#v1310-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.34.0](service/globalaccelerator/CHANGELOG.md#v1340-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/greengrass`: [v1.32.0](service/greengrass/CHANGELOG.md#v1320-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/identitystore`: [v1.32.0](service/identitystore/CHANGELOG.md#v1320-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/imagebuilder`: [v1.46.0](service/imagebuilder/CHANGELOG.md#v1460-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/iotjobsdataplane`: [v1.29.0](service/iotjobsdataplane/CHANGELOG.md#v1290-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling`: [v1.33.0](service/iotsecuretunneling/CHANGELOG.md#v1330-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/iottwinmaker`: [v1.29.0](service/iottwinmaker/CHANGELOG.md#v1290-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/kafka`: [v1.43.0](service/kafka/CHANGELOG.md#v1430-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/licensemanagerlinuxsubscriptions`: [v1.19.0](service/licensemanagerlinuxsubscriptions/CHANGELOG.md#v1190-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/lookoutvision`: [v1.32.0](service/lookoutvision/CHANGELOG.md#v1320-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/m2`: [v1.25.0](service/m2/CHANGELOG.md#v1250-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/migrationhub`: [v1.30.0](service/migrationhub/CHANGELOG.md#v1300-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/migrationhubrefactorspaces`: [v1.25.0](service/migrationhubrefactorspaces/CHANGELOG.md#v1250-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/mq`: [v1.33.0](service/mq/CHANGELOG.md#v1330-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/neptunedata`: [v1.15.0](service/neptunedata/CHANGELOG.md#v1150-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/pcaconnectorscep`: [v1.9.0](service/pcaconnectorscep/CHANGELOG.md#v190-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/personalizeevents`: [v1.30.0](service/personalizeevents/CHANGELOG.md#v1300-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/pinpoint`: [v1.39.0](service/pinpoint/CHANGELOG.md#v1390-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.53.0](service/polly/CHANGELOG.md#v1530-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/ram`: [v1.34.0](service/ram/CHANGELOG.md#v1340-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/rbin`: [v1.26.0](service/rbin/CHANGELOG.md#v1260-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/rdsdata`: [v1.32.0](service/rdsdata/CHANGELOG.md#v1320-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/resourceexplorer2`: [v1.21.0](service/resourceexplorer2/CHANGELOG.md#v1210-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/route53`: [v1.57.0](service/route53/CHANGELOG.md#v1570-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/route53recoverycluster`: [v1.28.0](service/route53recoverycluster/CHANGELOG.md#v1280-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/sagemakergeospatial`: [v1.19.0](service/sagemakergeospatial/CHANGELOG.md#v1190-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/secretsmanager`: [v1.39.0](service/secretsmanager/CHANGELOG.md#v1390-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.63.0](service/securityhub/CHANGELOG.md#v1630-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/servicecatalogappregistry`: [v1.35.0](service/servicecatalogappregistry/CHANGELOG.md#v1350-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/signer`: [v1.31.0](service/signer/CHANGELOG.md#v1310-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/socialmessaging`: [v1.7.0](service/socialmessaging/CHANGELOG.md#v170-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/ssm`: [v1.64.0](service/ssm/CHANGELOG.md#v1640-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/ssmsap`: [v1.24.0](service/ssmsap/CHANGELOG.md#v1240-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/ssooidc`: [v1.34.0](service/ssooidc/CHANGELOG.md#v1340-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/tnb`: [v1.18.0](service/tnb/CHANGELOG.md#v1180-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.65.0](service/transfer/CHANGELOG.md#v1650-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/trustedadvisor`: [v1.13.0](service/trustedadvisor/CHANGELOG.md#v1130-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/wafregional`: [v1.30.0](service/wafregional/CHANGELOG.md#v1300-2025-08-26) - **Feature**: Remove incorrect endpoint tests - `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.63.0](service/workspaces/CHANGELOG.md#v1630-2025-08-26) - **Feature**: Remove incorrect endpoint tests ### [`v1.63.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2025-03-31) #### General Highlights - **Dependency Update**: Updated to the latest SDK module versions #### Module Highlights - `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.28.0](service/bedrockruntime/CHANGELOG.md#v1280-2025-03-31) - **Feature**: Add Prompt Caching support to Converse and ConverseStream APIs - `github.com/aws/aws-sdk-go-v2/service/deadline`: [v1.10.0](service/deadline/CHANGELOG.md#v1100-2025-03-31) - **Feature**: With this release you can use a new field to specify the search term match type. Search term match types currently support fuzzy and contains matching. - `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.211.0](service/ec2/CHANGELOG.md#v12110-2025-03-31) - **Feature**: Release VPC Route Server, a new feature allowing dynamic routing in VPCs. - `github.com/aws/aws-sdk-go-v2/service/eks`: [v1.63.0](service/eks/CHANGELOG.md#v1630-2025-03-31) - **Feature**: Add support for updating RemoteNetworkConfig for hybrid nodes on EKS UpdateClusterConfig API - `github.com/aws/aws-sdk-go-v2/service/marketplaceentitlementservice`: [v1.28.0](service/marketplaceentitlementservice/CHANGELOG.md#v1280-2025-03-31) - **Feature**: Add support for Marketplace Entitlement Service dual-stack endpoints. - `github.com/aws/aws-sdk-go-v2/service/outposts`: [v1.50.0](service/outposts/CHANGELOG.md#v1500-2025-03-31) - **Feature**: Enabling Asset Level Capacity Management feature, which allows customers to create a Capacity Task for a single Asset on their active Outpost. - `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.79.0](service/s3/CHANGELOG.md#v1790-2025-03-31) - **Feature**: Amazon S3 adds support for S3 Access Points for directory buckets in AWS Dedicated Local Zones - `github.com/aws/aws-sdk-go-v2/service/s3control`: [v1.56.0](service/s3control/CHANGELOG.md#v1560-2025-03-31) - **Feature**: Amazon S3 adds support for S3 Access Points for directory buckets in AWS Dedicated Local Zones - `github.com/aws/aws-sdk-go-v2/service/sesv2`: [v1.44.0](service/sesv2/CHANGELOG.md#v1440-2025-03-31) - **Feature**: Add dual-stack support to global endpoints. - `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.58.0](service/transfer/CHANGELOG.md#v1580-2025-03-31) - **Feature**: Add WebAppEndpointPolicy support for WebApps </details> <details> <summary>harness/harness-go-sdk (github.com/harness/harness-go-sdk)</summary> ### [`v0.7.2`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.7.1...v0.7.2) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.7.1...v0.7.2) </details> <details> <summary>miekg/dns (github.com/miekg/dns)</summary> ### [`v1.1.72`](https://redirect.github.com/miekg/dns/compare/v1.1.70...v1.1.72) [Compare Source](https://redirect.github.com/miekg/dns/compare/v1.1.70...v1.1.72) </details> <details> <summary>posthog/posthog-go (github.com/posthog/posthog-go)</summary> ### [`v1.9.1`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.9.1) [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.9.0...v1.9.1) #### 1.9.1 - 2026-01-21 - [Full Changelog](https://redirect.github.com/PostHog/posthog-go/compare/v1.9.0...v1.9.1) </details> <details> <summary>riverqueue/river (github.com/riverqueue/river)</summary> ### [`v0.30.1`](https://redirect.github.com/riverqueue/river/releases/tag/v0.30.1) [Compare Source](https://redirect.github.com/riverqueue/river/compare/v0.30.0...v0.30.1) ##### Fixed - Stuck job detection now accounts for worker-level timeouts as well as client-level timeouts. [PR #​1125](https://redirect.github.com/riverqueue/river/pull/1125). </details> <details> <summary>stripe/stripe-go (github.com/stripe/stripe-go/v84)</summary> ### [`v84.2.0`](https://redirect.github.com/stripe/stripe-go/releases/tag/v84.2.0) [Compare Source](https://redirect.github.com/stripe/stripe-go/compare/v84.1.0...v84.2.0) - [#​2255](https://redirect.github.com/stripe/stripe-go/pull/2255) Update generated code - Add support for event notifications `V2CoreAccountClosedEvent`, `V2CoreAccountCreatedEvent`, `V2CoreAccountIncludingConfigurationCustomerCapabilityStatusUpdatedEvent`, `V2CoreAccountIncludingConfigurationCustomerUpdatedEvent`, `V2CoreAccountIncludingConfigurationMerchantCapabilityStatusUpdatedEvent`, `V2CoreAccountIncludingConfigurationMerchantUpdatedEvent`, `V2CoreAccountIncludingConfigurationRecipientCapabilityStatusUpdatedEvent`, `V2CoreAccountIncludingConfigurationRecipientUpdatedEvent`, `V2CoreAccountIncludingDefaultsUpdatedEvent`, `V2CoreAccountIncludingFutureRequirementsUpdatedEvent`, `V2CoreAccountIncludingIdentityUpdatedEvent`, `V2CoreAccountIncludingRequirementsUpdatedEvent`, and `V2CoreAccountUpdatedEvent` with related object `V2CoreAccount` - Add support for event notification `V2CoreAccountLinkReturnedEvent` - Add support for event notifications `V2CoreAccountPersonCreatedEvent`, `V2CoreAccountPersonDeletedEvent`, and `V2CoreAccountPersonUpdatedEvent` with related object `V2CoreAccountPerson` - [#​2254](https://redirect.github.com/stripe/stripe-go/pull/2254) Remove golang.org/x/net/http2 dependency - Removes the dependency on `golang.org/x/net/http2` - [#​2111](https://redirect.github.com/stripe/stripe-go/pull/2111) Bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 - [#​2240](https://redirect.github.com/stripe/stripe-go/pull/2240) Add HTTP response code to V2 Error - Adds `HTTPStatusCode` and `RequestID` fields to `V2RawError` See [the changelog for more details](https://redirect.github.com/stripe/stripe-go/blob/v84.2.0/CHANGELOG.md). </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.262.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.262.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.261.0...v0.262.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3446](https://redirect.github.com/googleapis/google-api-go-client/issues/3446)) ([e7cf469](https://redirect.github.com/googleapis/google-api-go-client/commit/e7cf4692f3966b1a05b15d278e3ded70c230dc31)) - **all:** Auto-regenerate discovery clients ([#​3450](https://redirect.github.com/googleapis/google-api-go-client/issues/3450)) ([b32ced9](https://redirect.github.com/googleapis/google-api-go-client/commit/b32ced9c87cd59e284bcfa65b0d9205b57e54a16)) ##### Bug Fixes - **internaloption:** Add WithTelemetryAttributes ([#​3442](https://redirect.github.com/googleapis/google-api-go-client/issues/3442)) ([2a5c807](https://redirect.github.com/googleapis/google-api-go-client/commit/2a5c807a86d2712d685e06f59cd5d25740b46c71)) ### [`v0.261.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.261.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.260.0...v0.261.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3439](https://redirect.github.com/googleapis/google-api-go-client/issues/3439)) ([70a0e37](https://redirect.github.com/googleapis/google-api-go-client/commit/70a0e3729f51515adf5b66a62fca8537d5e7dacd)) - **all:** Auto-regenerate discovery clients ([#​3441](https://redirect.github.com/googleapis/google-api-go-client/issues/3441)) ([c32590d](https://redirect.github.com/googleapis/google-api-go-client/commit/c32590dc1edb84fce5a20cb1083d0c457cb02354)) - **all:** Auto-regenerate discovery clients ([#​3443](https://redirect.github.com/googleapis/google-api-go-client/issues/3443)) ([1c9ed9b](https://redirect.github.com/googleapis/google-api-go-client/commit/1c9ed9b363d7ab878f924abe90e3b88f2d08993f)) - **all:** Auto-regenerate discovery clients ([#​3444](https://redirect.github.com/googleapis/google-api-go-client/issues/3444)) ([9b31e6d](https://redirect.github.com/googleapis/google-api-go-client/commit/9b31e6d02bbd63a8e516c0ab90122bba39bacec9)) </details> <details> <summary>cznic/sqlite (modernc.org/sqlite)</summary> ### [`v1.44.3`](https://gitlab.com/cznic/sqlite/compare/v1.44.2...v1.44.3) [Compare Source](https://gitlab.com/cznic/sqlite/compare/v1.44.2...v1.44.3) ### [`v1.44.2`](https://gitlab.com/cznic/sqlite/compare/v1.44.1...v1.44.2) [Compare Source](https://gitlab.com/cznic/sqlite/compare/v1.44.1...v1.44.2) </details> <details> <summary>kubernetes-sigs/controller-runtime (sigs.k8s.io/controller-runtime)</summary> ### [`v0.23.0`](https://redirect.github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.23.0) [Compare Source](https://redirect.github.com/kubernetes-sigs/controller-runtime/compare/v0.22.5...v0.23.0) #### 🔆 Highlights - Client: Add subresource Apply support by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3321](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3321) - Conversion: Enable implementation of conversion outside of API packages by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3335](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3335) - Priorityqueue: Various improvements, bug fixes and now enabled per default - Webhooks: Generic Validator and Defaulter by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3360](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3360) ####⚠️ Breaking changes - Dependencies: Update to k8s.io/\* v1.35 by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) [@​dongjiang1989](https://redirect.github.com/dongjiang1989) [@​kannon92](https://redirect.github.com/kannon92) ([#​3316](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3316), [#​3349](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3349), [#​3386](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3386), [#​3391](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3391), [#​3401](https://redirect.github.com/kubernetes-sigs/controller-runtime/issues/3401)) - Client: Add subresource Apply support by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3321](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3321) - Events: Migration to the new events API by [@​clebs](https://redirect.github.com/clebs) in [#​3262](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3262) - Using the new `GetEventRecorderFor` requires updating your rbac for events to use the `events.k8s.io` apiGroup rather than the \`\` (core) apiGroup - Fakeclient: Set ResourceVersion for SSA Create by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3311](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3311) - Webhooks: Generic Validator and Defaulter by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3360](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3360) - Existing code of the form `builder.WebhookManagedBy(mgr).For(&corev1.Deployment{})` has to be changed to `builder.WebhookManagedBy(mgr, &appsv1.Deployment{})` - Existing webhook implementations have to be changed to take the concrete object rather than `runtime.Object`, for example from `ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error)` to `ValidateCreate(ctx context.Context, obj *appsv1.Deployment) (admission.Warnings, error)` #### ✨ Features - Cache: Allow fine-granular SyncPeriod configuration by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3376](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3376) - Client: Add FieldOwner option to client.Options by [@​aerfio](https://redirect.github.com/aerfio) in [#​3389](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3389) - Client: Add FieldValidation option to client.Options by [@​aerfio](https://redirect.github.com/aerfio) in [#​3393](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3393) - Conversion: Enable implementation of conversion outside of API packages by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3335](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3335) - Metrics: Add controller\_runtime\_reconcile\_timeouts\_total metric to track ReconciliationTimeout timeouts by [@​godwinpang](https://redirect.github.com/godwinpang) in [#​3382](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3382) - Priorityqueue: Add optional Priority field to reconcile.Result by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3333](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3333) - Priorityqueue: Enable per default by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3332](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3332) - Priorityqueue: Use a buffer to optimize priority queue AddWithOpts performance by [@​zach593](https://redirect.github.com/zach593) in [#​3415](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3415) - Source/Kind: Delay reconciliation until handlers sync by [@​GonzaloLuminary](https://redirect.github.com/GonzaloLuminary) in [#​3406](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3406) - Webhooks: Add WithContextFunc to WebhookBuilder by [@​dmvolod](https://redirect.github.com/dmvolod) in [#​3324](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3324) #### 🐛 Bugfixes - Client: Allow SSA after normal resource creation by [@​filipcirtog](https://redirect.github.com/filipcirtog) in [#​3346](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3346) - Client: Fix List in namespaced client to list objects that are cluster scoped by [@​troy0820](https://redirect.github.com/troy0820) in [#​3351](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3351) [#​3353](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3353) - Envtest: Respect pre-configured binary paths in ControlPlane by [@​mzhaom](https://redirect.github.com/mzhaom) in [#​3372](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3372) - Fakeclient: Fix a number of bugs when updating through apply by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3319](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3319) - FakeClient: Fix Apply with Unstructured ApplyConfiguration and resourceVersion unset by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3403](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3403) - Fakeclient: Fix SSA after List with non-list kind by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3364](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3364) - Fakeclient: Panic when trying to build more than one instance of fake.ClientBuilder by [@​troy0820](https://redirect.github.com/troy0820) in [#​3314](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3314) - Leaderelection: Copy all parent context values to leader elector's context by [@​msudheendra-cflt](https://redirect.github.com/msudheendra-cflt) in [#​3327](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3327) - Metrics: Adding missing exponential buckets on webhook native histogram by [@​brito-rafa](https://redirect.github.com/brito-rafa) in [#​3411](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3411) - Priorityqueue: Do FIFO ordering within priorities and not across by [@​zach593](https://redirect.github.com/zach593) in [#​3408](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3408) - Priorityqueue: Don't block on Get when queue is shutdown (2nd try) by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3337](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3337) - Priorityqueue: Ensure priority queue always returns high-priority items first by [@​moritzmoe](https://redirect.github.com/moritzmoe) in [#​3330](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3330) - Priorityqueue: Fix TestWhenAddingMultipleItemsWithRatelimitTrueTheyDontAffectEachOther by [@​zach593](https://redirect.github.com/zach593) in [#​3395](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3395) - Priorityqueue: Limit depthWithPriorityMetric cardinality to 25 by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) [#​3419](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3419) - Priorityqueue: Properly sync the `waiter` manipulation by [@​fossedihelm](https://redirect.github.com/fossedihelm) in [#​3368](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3368) - setup-envtest: Select the newest Kubernetes by default by [@​cbandy](https://redirect.github.com/cbandy) in [#​3380](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3380) - testing/addr: Prevent possible leak by avoiding defer in loop by [@​s-z-z](https://redirect.github.com/s-z-z) in [#​3367](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3367) #### 🌱 Other - Dependencies: Update controller-tools to 0.20.0 and fix lint by [@​dongjiang1989](https://redirect.github.com/dongjiang1989) in [#​3405](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3405) - Linter: Add depguard golangci-linter for forbid sort pkg by [@​dongjiang1989](https://redirect.github.com/dongjiang1989) in [#​3374](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3374) - Linter: Modernize finalizer utils by [@​tbavelier](https://redirect.github.com/tbavelier) in [#​3329](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3329) - Linter: Update golangci-lint version and modernize lint by [@​dongjiang1989](https://redirect.github.com/dongjiang1989) in [#​3384](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3384) - Linter: Update golangci-lint version to v2.4.0 by [@​dongjiang1989](https://redirect.github.com/dongjiang1989) in [#​3318](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3318) - Linter: Update golangci-lint version to v2.5.0 by [@​dongjiang1989](https://redirect.github.com/dongjiang1989) in [#​3323](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3323) - Linter: Update golangci-lint version to v2.7.2 by [@​dongjiang1989](https://redirect.github.com/dongjiang1989) in [#​3399](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3399) - Manager: Deflake should execute the Warmup function test when Warmup group is started by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3356](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3356) - Misc: Add CreateOrPatch function in alias.go by [@​tisonkun](https://redirect.github.com/tisonkun) in [#​3375](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3375) - Misc: Change `sort` to `slices` package by [@​dongjiang1989](https://redirect.github.com/dongjiang1989) in [#​3370](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3370) - Misc: Fix typo in unit test name by [@​s-z-z](https://redirect.github.com/s-z-z) in [#​3304](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3304) - Misc: Revert deprecation of client.Apply by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3307](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3307) - Priorityqueue: Add and use newQueueWithTimeForwarder by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3336](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3336) - Priorityqueue: Add some more tests to the priorityqueue by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3387](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3387) - Priorityqueue: Use separate b-trees for ready and non-ready items by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3416](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3416) - Priorityqueue: Use synctest by [@​alvaroaleman](https://redirect.github.com/alvaroaleman) in [#​3350](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3350) #### 📖 Documentation - Add a design for supporting warm replicas by [@​godwinpang](https://redirect.github.com/godwinpang) in [#​3121](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3121) - Remove latest from setupenvtest docs by [@​troy0820](https://redirect.github.com/troy0820) in [#​3359](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3359) - pkg/client/config: Remove outdated doc comments by [@​haoqixu](https://redirect.github.com/haoqixu) in [#​3306](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3306) - Update client.Apply example by [@​aerfio](https://redirect.github.com/aerfio) in [#​3390](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3390) - Update `README.md`'s compatibility matrix for `v0.22.x`. by [@​renormalize](https://redirect.github.com/renormalize) in [#​3392](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3392) #### Dependencies ##### Added - github.com/Masterminds/semver/v3: [v3.4.0](https://redirect.github.com/Masterminds/semver/tree/v3.4.0) - github.com/gkampitakis/ciinfo: [v0.3.2](https://redirect.github.com/gkampitakis/ciinfo/tree/v0.3.2) - github.com/gkampitakis/go-diff: [v1.3.2](https://redirect.github.com/gkampitakis/go-diff/tree/v1.3.2) - github.com/gkampitakis/go-snaps: [v0.5.15](https://redirect.github.com/gkampitakis/go-snaps/tree/v0.5.15) - github.com/goccy/go-yaml: [v1.18.0](https://redirect.github.com/goccy/go-yaml/tree/v1.18.0) - github.com/joshdk/go-junit: [v1.0.0](https://redirect.github.com/joshdk/go-junit/tree/v1.0.0) - github.com/maruel/natural: [v1.1.1](https://redirect.github.com/maruel/natural/tree/v1.1.1) - github.com/mfridman/tparse: [v0.18.0](https://redirect.github.com/mfridman/tparse/tree/v0.18.0) - github.com/tidwall/gjson: [v1.18.0](https://redirect.github.com/tidwall/gjson/tree/v1.18.0) - github.com/tidwall/match: [v1.1.1](https://redirect.github.com/tidwall/match/tree/v1.1.1) - github.com/tidwall/pretty: [v1.2.1](https://redirect.github.com/tidwall/pretty/tree/v1.2.1) - github.com/tidwall/sjson: [v1.2.5](https://redirect.github.com/tidwall/sjson/tree/v1.2.5) - go.uber.org/automaxprocs: v1.6.0 - golang.org/x/tools/go/expect: v0.1.0-deprecated - golang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated ##### Changed - github.com/go-logr/logr: [v1.4.2 → v1.4.3](https://redirect.github.com/go-logr/logr/compare/v1.4.2...v1.4.3) - github.com/google/pprof: [d1b30fe → 27863c8](https://redirect.github.com/google/pprof/compare/d1b30fe...27863c8) - github.com/onsi/ginkgo/v2: [v2.22.0 → v2.27.2](https://redirect.github.com/onsi/ginkgo/compare/v2.22.0...v2.27.2) - github.com/onsi/gomega: [v1.36.1 → v1.38.2](https://redirect.github.com/onsi/gomega/compare/v1.36.1...v1.38.2) - github.com/prometheus/client\_golang: [v1.22.0 → v1.23.2](https://redirect.github.com/prometheus/client_golang/compare/v1.22.0...v1.23.2) - github.com/prometheus/client\_model: [v0.6.1 → v0.6.2](https://redirect.github.com/prometheus/client_model/compare/v0.6.1...v0.6.2) - github.com/prometheus/common: [v0.62.0 → v0.66.1](https://redirect.github.com/prometheus/common/compare/v0.62.0...v0.66.1) - github.com/prometheus/procfs: [v0.15.1 → v0.16.1](https://redirect.github.com/prometheus/procfs/compare/v0.15.1...v0.16.1) - github.com/rogpeppe/go-internal: [v1.13.1 → v1.14.1](https://redirect.github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1) - github.com/spf13/cobra: [v1.9.1 → v1.10.0](https://redirect.github.com/spf13/cobra/compare/v1.9.1...v1.10.0) - github.com/spf13/pflag: [v1.0.6 → v1.0.9](https://redirect.github.com/spf13/pflag/compare/v1.0.6...v1.0.9) - github.com/stretchr/testify: [v1.10.0 → v1.11.1](https://redirect.github.com/stretchr/testify/compare/v1.10.0...v1.11.1) - go.etcd.io/bbolt: v1.4.2 → v1.4.3 - go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.58.0 → v0.61.0 - go.opentelemetry.io/otel/metric: v1.35.0 → v1.36.0 - go.opentelemetry.io/otel/sdk/metric: v1.34.0 → v1.36.0 - go.opentelemetry.io/otel/sdk: v1.34.0 → v1.36.0 - go.opentelemetry.io/otel/trace: v1.35.0 → v1.36.0 - go.opentelemetry.io/otel: v1.35.0 → v1.36.0 - go.yaml.in/yaml/v2: v2.4.2 → v2.4.3 - golang.org/x/crypto: v0.36.0 → v0.45.0 - golang.org/x/mod: v0.21.0 → v0.29.0 - golang.org/x/net: v0.38.0 → v0.47.0 - golang.org/x/oauth2: v0.27.0 → v0.30.0 - golang.org/x/sync: v0.12.0 → v0.18.0 - golang.org/x/sys: v0.31.0 → v0.38.0 - golang.org/x/telemetry: [`bda5523`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/bda5523) → [`078029d`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/078029d) - golang.org/x/term: v0.30.0 → v0.37.0 - golang.org/x/text: v0.23.0 → v0.31.0 - golang.org/x/tools: v0.26.0 → v0.38.0 - golang.org/x/xerrors: [`5ec99f8`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/5ec99f8) → [`9bdfabe`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/9bdfabe) - google.golang.org/genproto/googleapis/rpc: [`a0af3ef`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/a0af3ef) → [`200df99`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/200df99) - google.golang.org/grpc: v1.72.1 → v1.72.2 - google.golang.org/protobuf: v1.36.5 → v1.36.8 - gopkg.in/evanphx/json-patch.v4: v4.12.0 → v4.13.0 - k8s.io/api: v0.34.0 → v0.35.0 - k8s.io/apiextensions-apiserver: v0.34.0 → v0.35.0 - k8s.io/apimachinery: v0.34.0 → v0.35.0 - k8s.io/apiserver: v0.34.0 → v0.35.0 - k8s.io/client-go: v0.34.0 → v0.35.0 - k8s.io/code-generator: v0.34.0 → v0.35.0 - k8s.io/component-base: v0.34.0 → v0.35.0 - k8s.io/gengo/v2: [`85fd79d`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/85fd79d) → [`ec3ebc5`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/ec3ebc5) - k8s.io/kms: v0.34.0 → v0.35.0 - k8s.io/kube-openapi: [`f3f2b99`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/f3f2b99) → [`589584f`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/589584f) - k8s.io/utils: [`4c0f3b2`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/4c0f3b2) → [`bc988d5`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/bc988d5) - sigs.k8s.io/json: [`cfa47c3`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/cfa47c3) → [`2d32026`](https://redirect.github.com/kubernetes-sigs/controller-runtime/commit/2d32026) ##### Removed - github.com/kisielk/errcheck: [v1.5.0](https://redirect.github.com/kisielk/errcheck/tree/v1.5.0) - github.com/kisielk/gotool: [v1.0.0](https://redirect.github.com/kisielk/gotool/tree/v1.0.0) - gopkg.in/yaml.v2: v2.4.0 #### New Contributors - [@​haoqixu](https://redirect.github.com/haoqixu) made their first contribution in [#​3306](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3306) - [@​msudheendra-cflt](https://redirect.github.com/msudheendra-cflt) made their first contribution in [#​3327](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3327) - [@​tbavelier](https://redirect.github.com/tbavelier) made their first contribution in [#​3329](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3329) - [@​moritzmoe](https://redirect.github.com/moritzmoe) made their first contribution in [#​3330](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3330) - [@​filipcirtog](https://redirect.github.com/filipcirtog) made their first contribution in [#​3346](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3346) - [@​fossedihelm](https://redirect.github.com/fossedihelm) made their first contribution in [#​3368](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3368) - [@​mzhaom](https://redirect.github.com/mzhaom) made their first contribution in [#​3372](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3372) - [@​tisonkun](https://redirect.github.com/tisonkun) made their first contribution in [#​3375](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3375) - [@​renormalize](https://redirect.github.com/renormalize) made their first contribution in [#​3392](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3392) - [@​brito-rafa](https://redirect.github.com/brito-rafa) made their first contribution in [#​3411](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3411) - [@​GonzaloLuminary](https://redirect.github.com/GonzaloLuminary) made their first contribution in [#​3406](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3406) **Full Changelog**: <kubernetes-sigs/controller-runtime@v0.22.0...v0.23.0> *Thanks to all our contributors!* 😊 ### [`v0.22.5`](https://redirect.github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.22.5) [Compare Source](https://redirect.github.com/kubernetes-sigs/controller-runtime/compare/v0.22.4...v0.22.5) #### What's Changed - 🌱 Bump k8s.io/\* to v0.34.3 by [@​sbueringer](https://redirect.github.com/sbueringer) in [#​3420](https://redirect.github.com/kubernetes-sigs/controller-runtime/pull/3420) **Full Changelog**: <kubernetes-sigs/controller-runtime@v0.22.4...v0.22.5> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NS4xIiwidXBkYXRlZEluVmVyIjoiNDIuODUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Dependency updates only** > > - Upgrades key modules: `cloud.google.com/go/{aiplatform,auth,compute,run,kms}`, AWS SDK v2 services (`autoscaling`, `dynamodb`, `ec2`), `google.golang.org/api`, `github.com/stripe/stripe-go/v84`, `github.com/posthog/posthog-go`, `github.com/miekg/dns`, and `github.com/riverqueue/river` (+ drivers) > - Aligns Kubernetes-related deps: updates indirect `k8s.io/{apiextensions-apiserver,apiserver}` to `v0.35.0` > - Updates various transitive libs and regenerates `go.sum` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 9cb7ae0239b8cca19aad5179c39a0bb6cd597fff. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 9250d292f565053d909fb9de896ea776243e6a9a
… 8e98ce8 (#3633) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto/googleapis/rpc](https://redirect.github.com/googleapis/go-genproto) | require | digest | `409b4a9` → `8e98ce8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NS4xIiwidXBkYXRlZEluVmVyIjoiNDIuODUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> GitOrigin-RevId: 091977369cdb7267eb8ebb375c1da70dae142f5a
<!-- CURSOR_SUMMARY --> > [!NOTE] > Modernizes GCP adapters to use streaming and aggregated listings, reducing duplicated iteration logic and enabling wildcard scope support. > > - Introduces `gcpshared.CollectFromStream` and updates many `List`/`Search` methods to delegate to `*Stream` variants > - Adds concurrent `AggregatedList` handling (with partial success) for compute resources (addresses, autoscalers, disks, instances, instance groups/IGMs, forwarding rules, instant snapshots, node groups/templates, reservations) > - Implements `SupportsWildcardScope()` and `listAggregatedStream(...)` across affected adapters > - Extends compute client interfaces to include `AggregatedList` and new scoped iterator types; updates mocks and tests accordingly > - KMS `CryptoKey`/`KeyRing` search paths wrapped to stream-based collection > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ab71de3472326f758af86883e924fa318b68ac8c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: b9cf5dc19492049ed700bf1442c9946a357eca83
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto](https://redirect.github.com/googleapis/go-genproto) | require | digest | `ff82c1b` → `8e98ce8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NS4xIiwidXBkYXRlZEluVmVyIjoiNDIuODUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwiZ29sYW5nIl19--> GitOrigin-RevId: f9331ac347c838b1a6b820a26f0f08eb26083f2b
Fixes GKE Cloud Logging severity mismatch by introducing a `logging` package to output JSON logs with a GCP-compatible `severity` field. GKE Cloud Logging was incorrectly tagging all logs as `severity: "ERROR"` because `logrus` was outputting to `stderr` with a `level` field, not the expected `severity` field. This PR adds a shared `logging.ConfigureLogrusJSON` helper that injects a GCP-compatible `severity` field and switches logrus to JSON output, ensuring logs are parsed with the correct severity. --- Linear Issue: [ENG-2198](https://linear.app/overmind/issue/ENG-2198/fix-log-level-mismatch-in-gke-all-logs-showing-as-error) <a href="https://cursor.com/background-agent?bcId=bc-18e65a52-aa35-4a4e-b5c5-ac3543ceed3c"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-cursor-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-cursor-light.svg"><img alt="Open in Cursor" src="https://cursor.com/open-in-cursor.svg"></picture></a> <a href="https://cursor.com/agents?id=bc-18e65a52-aa35-4a4e-b5c5-ac3543ceed3c"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-web-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-web-light.svg"><img alt="Open in Web" src="https://cursor.com/open-in-web.svg"></picture></a> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Resolves GKE severity mismatch by standardizing structured logging with a shared helper and enabling per-service configuration. > > - New `logging` package with `ConfigureLogrusJSON` and `GCPSeverityHook` to add GCP-compatible `severity` to logrus JSON > - Apply helper across `api-server`, `gateway`, `revlink`, `stdlib-source`, `k8s-source`, `harness-source` (replacing direct `JSONFormatter` usage) > - Add `--json-log` flag and env bindings for `aws-source`, `azure-source`, and `gcp-source`; default to JSON logging > - Update `api-server` to use `log.StandardLogger()` for controller-runtime logging > - Add `docs/LOGGING.md` explaining GKE severity behavior and configuration > - Add unit tests validating severity mapping and helper behavior > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 12bfa6e0e4a8b2fe472a972145a863312fc2bc80. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: a0110c7e2f34e58730db509ba4ea1943d8a46397
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adds discoverability for `azure-compute-virtual-machine-extension` and ensures it’s part of Azure source initialization. > > - New `VirtualMachineExtensionsClient` wrapper and mock; new manual adapter `ComputeVirtualMachineExtension` with `Get` (vmName+extensionName) and `Search` (vmName) > - Extracts links to `ComputeVirtualMachine`, `KeyVaultVault`, and stdlib `network-http/dns/ip`; sets tags/uniqueAttr; exposes IAM (`Microsoft.Compute/virtualMachines/extensions/read`) and Terraform mapping > - Wires adapter into `manual.Adapters()` (runtime and metadata registration) > - Adds integration test that provisions VNet/NIC/VM, creates an extension, validates Get/Search/links, then tears down > - Adds comprehensive unit tests and gomock for VM extensions client; updates `shared/utils.GetResourceIDPathKeys()` to include VM extensions > - Tightens Search validation in `storage-blob-container` and `storage-table` (require exactly one non-empty account name) > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 7073ab11de061266090ebf6f673be59c1db41c99. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 3de98d327daa095778a51aa7f263bb7c6aeb0d97
<!-- CURSOR_SUMMARY --> > [!NOTE] > Modernizes GCP adapters to stream results and leverage aggregated listing for scalability and consistency. > > - Switches numerous `List` implementations to `CollectFromStream` and implements `ListStream`, often using aggregated `List*` with conc `pool` (10 goroutines) > - Adds `SupportsWildcardScope()` to adapters (e.g., `compute-*`, backend services, health checks) to enable cross-scope discovery via aggregated APIs > - Refactors location handling: remove per-base `GetProjectIDs`/`HasLocation`, add `Locations()`, `ParseAggregatedListScope` (handles `global`), `GetProjectIDsFromLocations(...)`, and `HasLocationInSlices(...)` > - Extends compute client interfaces to support `AggregatedList` for backend services and health checks; updates mocks accordingly > - Updates KMS KeyRing `List` to stream per-location in parallel; KMS CryptoKeyVersion `Search` now streams; several other adapters’ `List` now stream (images, snapshots, machine images, IAM service accounts, logging sinks) > - Adds tests for new shared helpers and adjusts existing tests to account for pooled contexts and parallelism > > Minor > - Adds dictionary term `unparseable` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit a84b5570a20e33a69def86b9deba4c3dfac9ff44. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: f2481ddd66d5e902fbeeb2cabf7f7269e2d53333
This just adds some more tracing because I haven't been able to work out what's actually causing this. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Adds observability to BoltCache and introduces comprehensive LIST-query benchmarks. > > - Adds span attributes in `Lookup` for initial search, pending wait, and recheck durations; in `Search` logs lock acquire/tx durations, items scanned/returned, and cache key > - Adds detailed trace logging for `BoltCache.Search` completion > - Introduces new benchmark helpers and benchmarks: LIST `Lookup` scalability, high-concurrency access (multi-bucket and same-key), pending-work contention, and concurrent multi-key writes > - Updates test helper `cacheImplementations` to accept `testing.TB` for reuse in benchmarks > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 8acf522506c2dead3f924d13d064544edc74a245. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: f78a49af3bf8fc9fa3cee153470721e25f6a4985
<!-- CURSOR_SUMMARY --> > [!NOTE] > Adds span-driven observability for cache operations and updates the `Search` API to accept `context.Context`. > > - Changes `Cache.Search` signature to `Search(ctx, ck)` and updates `BoltCache`, `MemoryCache`, and `NoOpCache` implementations plus all usages (tests/benchmarks) > - `BoltCache.Search` replaces log-based tracing with span attributes (lock acquire/tx duration, items scanned/returned) > - `BoltCache.Lookup` now records timing attributes for initial search, pending wait, and recheck search and passes ctx to `Search` > - `MemoryCache.Search` now accepts ctx (for tracing compatibility) without changing behavior > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit dc72da30a954cb566659c08a3ceba80e6cd02da7. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 0a685c4dd3d4fc3a858d3c97789f8d9ea314ff04
We found a bug where if you call a lookup on the cache but then you exit without storing anything, the cache thinks that it's still running and it holds this pending block so that nobody else can return anything. This, I think, is what was causing the lookups to time out and take ages. What we've done here is fixed all of the locations where this is happening to make sure we store something in every branch. Either an error or an item, it doesn't matter. It removes the pending block. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Strengthens cache coordination to avoid goroutine hangs and slow lookups. > > - Document and enforce cache contract: after `Lookup` miss, callers must `StoreItem`, `StoreError`, or `CancelPendingWork` > - Add safety timeout in `pending.Wait` to auto-release stuck entries after max age > - Ensure `StoreItem`/`StoreError` signal completion in both Bolt and Memory caches (comments clarified) > - AWS `GetListAdapter.List` now wraps errors, caches non-retryable errors via `StoreError` > - GCP dynamic adapters (`adapter.go`, `adapter-listable.go`, `adapter-searchable*.go`) now `StoreError` on construction/call failures and `CancelPendingWork` on stream-time failures > - Add concurrency tests (`sdpcache/cache_stuck_test.go`, `sources/transformer_test.go`) verifying no hangs and quick retries/cached errors > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 55b2c4660ea1f5643d5b17f4a5eeac22b7474567. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 1e2df784b78e4317ccc9e30d209668569d332bf6
<!-- CURSOR_SUMMARY --> > [!NOTE] > Improves resilience and prevents hanging by ensuring cache is updated on failures and pending work is released when no results are produced. > > - In `streamSDPItems` (GCP): track `itemsSent`, `StoreError` on failures, and `CancelPendingWork` when zero items are found > - In `terraformMappingViaSearch` (GCP): `StoreError` in cache for malformed queries, URL construction failures, GET errors, and conversion failures > - In `standardAdapterCore.Get` and `standardListableAdapterImpl.List`: `StoreError` in cache on underlying `Get`/`List` failures > - In `standardSearchableAdapterImpl.SearchStream`: `CancelPendingWork` before sending errors for invalid Terraform queries or failed `Get` (GCP `projects/...` and Azure `subscriptions/...`) > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 5156bd664e0d7f86edc34623c1a4dbdf59bdeb51. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 5bec4bd80e7e20e399c513f9f81c25c565d793b7
https://docs.cloud.google.com/kubernetes-engine/docs/concepts/autopilot-resource-requests#resource-limits GKE does not allow the requests and limits to be different for storage, and it operates on a guaranteed availability basis. So you need the request and the limit to be the same. We were setting the requests to only 100 MB, it was capping the limit at 100 MB, which was meaning that the sources for Box were constantly getting replaced because they would go over their 100 MB. What I've done here is I've set Bolt to compact at 1 GB, and we've given it 3 GB of space, so we should always have enough space. There is definitely an open question here as to whether we should be using PVCs at this point. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Aligns storage defaults with GKE Autopilot and reduces on-disk cache usage. > > - Default ephemeral storage for sources set to `3Gi` for both `requests` and `limits` in controller; replaces previous `100Mi`/`20Gi` defaults > - CRD and README updated to document new defaults and the requirement that requests=limits, with rationale (BoltDB 1Gi cache + compaction + overhead) > - BoltDB cache compaction threshold lowered from `2Gi` to `1Gi` in `sdpcache/cache.go` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ef49c2ad0e2b7605ef8b487335a862f09858055d. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 98577d838421a1510be29e7da997450c148bf664
The purpose of this work is to reduce the chance of the problem that we saw in production happening again; where pending calls were not cancelled. The logic is that if we rely on the user to remember to call `CancelPendingWork()` (Or store an item or error) each time they interact with the cache, we're just basically guaranteed that they're going to make a mistake at some point, and this is going to cause a really insidious bug because it's going to hang and it's going to take ages to track down. My solution is instead to use a "done function", this works in a very similar way to a `cancel()` func in a context. The idea is that we return a function that the user has to call when they're done doing the work that the cache would have protected. In every scenario in our codebase, this means all you have to do is defer that function, which is really easy and ensures that it is not possible for us to forget to do it. This needs to be rebased against `main` after https://github.com/overmindtech/workspace/pull/3657 is merged <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Major cache API and concurrency refactor to prevent pending-work leaks and simplify caller responsibilities. > > - **Cache API**: `Lookup` now returns a `done()` function; callers must `defer done()` on miss. Removed `CancelPendingWork`; internal `Search` made unexported (`search`). `NoOpCache` and interfaces adjusted. > - **Implementations**: BoltCache/MemoryCache now create per-key `done` via `createDoneFunc`; pending work completion is triggered by `done()` rather than implicit completes in `StoreItem/StoreError`. Added `noopDone` helper. Benchmarks/tests use `done()` and helper `testSearch`. > - **Adapters updated**: AWS, GCP, stdlib adapters now call `Lookup(..., done)` and `defer done()` across `Get/List/Search`/streaming paths; removed calls to `CancelPendingWork`. Some paths now `StoreError` on failures (e.g., GCP terraform mapping, transformer get/list). > - **Tests/benchmarks**: Wide updates to use new signature, concurrency cases adjusted to verify waiter behavior and timing. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ec40629ca67756d0fec1502c890e4390cd931cb0. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 72ace37568e7b516d98c84a6328f040c3a661bd4
<!-- CURSOR_SUMMARY --> > [!NOTE] > Strengthens cache concurrency semantics and cleans up permissions. > > - Introduces `done()` completion pattern for pending lookups across `MemoryCache`/`BoltCache`; refines waiter re-check logic, timeouts, and span metrics > - Removes explicit `CancelPendingWork` usage in sources and tests; adapters now rely on `done()` or stored results/errors to unblock waiters > - Adds comprehensive concurrency tests (`cache_stuck_test.go`, expanded Bolt/Memory cache tests) covering deduplication, timeouts, completion-without-store, and cached errors > - Standardizes file mode literals to `0o` octal and adds minor tracing/attribute tweaks > - Minor formatting/defers fixed in tests and small docstring comment corrections > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c25c452f5339fc6b465f196a44466e8a58533150. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 08e30c508e670ed11f0ee8564ef7f2a7fd5b5ba9
Implement separate `/healthz/startup` and `/healthz/ready` endpoints for all sources to align with Kubernetes healthcheck conventions and prevent unnecessary pod restarts. The existing single `/healthz` endpoint performed both engine and adapter health checks, leading to liveness probe failures and pod recycling even for transient adapter issues. This change ensures liveness probes are lightweight, checking only core engine health, while readiness probes provide a comprehensive view of adapter functionality. --- Linear Issue: [ENG-2206](https://linear.app/overmind/issue/ENG-2206/improve-sourceengine-healthchecks-to-match-kubernetes-conventions) <a href="https://cursor.com/background-agent?bcId=bc-1cd8e89e-17d8-49a9-aa8f-69207b61d5ca"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-cursor-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-cursor-light.svg"><img alt="Open in Cursor" src="https://cursor.com/open-in-cursor.svg"></picture></a> <a href="https://cursor.com/agents?id=bc-1cd8e89e-17d8-49a9-aa8f-69207b61d5ca"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-web-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-web-light.svg"><img alt="Open in Web" src="https://cursor.com/open-in-web.svg"></picture></a> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Introduces Kubernetes-style health probes and refactors engine health/heartbeat handling across all sources. > > - Add engine-level `LivenessHealthCheck`, `ReadinessHealthCheck`, `LivenessProbeHandlerFunc()`, `ReadinessProbeHandlerFunc()`, `SetReadinessCheck()`, and `AdaptersByType()`; remove old combined `HealthCheck` > - Heartbeats now include adapter readiness via `ReadinessCheck` with timeout; track last successful/error heartbeat to gate liveness; send heartbeats after adapters are added > - Update AWS, GCP, Azure, Harness, K8s, and stdlib sources to expose `/healthz/alive`, `/healthz/ready`, and legacy `/healthz` (mapped to liveness); implement adapter-based readiness checks per source > - Adjust tests to use liveness/readiness semantics and new error expectations; minor logging/flag text tweaks > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 70b35b768ba4be84038e4b712fa57a87bda69145. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 8b02021a440723e8f7f9e5b40edac9b780a0753a
With the recent changes to the probes, they should only error out on readiness, but continue to run. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Shifts Azure and GCP source initialization to be non-fatal on permission check failures, relying on readiness for surfacing issues. > > - **Azure:** Replace fatal return from `checkSubscriptionAccess` with contextual error/info logs (including `subscription_id`); proceed to add adapters > - **GCP:** On `healthChecker.Check`, stop returning an error on failures; add contextual error/info logs with success/failure counts; remove redundant success log > - Adapters are still added to the engine in both sources, allowing startup to continue > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e5cb016b2e522c82f9935a1c3735bb21045b2151. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: b7b64d15fb36728ca763683fbae7b9f7b8b05103
Kubernetes doesn't show the error from the healthcheck, so we need to put it into the log for inspection. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Improves health visibility and aligns readiness with streaming APIs. > > - **Log errors** in `LivenessProbeHandlerFunc` and `ReadinessProbeHandlerFunc` so failures are visible in logs > - **Update AWS readiness check**: use `ListStreamableAdapter` with `ListStream` and a `RecordingQueryResultStream` for `ec2-vpc` and fail if any streamed errors are recorded > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ee2891afc5700c9efcad957ea28f3da80cb5e576. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: d975c5beb89259be7c0101471e64d9161671b60c
See https://riverqueue.com/docs/open-telemetry for details <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Introduces native OpenTelemetry instrumentation for River queue processing. > > - Adds `otelriver` middleware in `server/main.go` (`river.Config.Middleware`) with `DurationUnit="ms"` and semantic metrics enabled > - Updates dependencies to include `github.com/riverqueue/rivercontrib/otelriver v0.7.0` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 6d07052a1e5471b3fa4b8b24142b4166bc9d884e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: deec8707e3da0e85b4819148e5b67e65b17a91ed
Rename `BoltCache.Close()` to `CloseAndDestroy()` and implement cache file deletion to make destructive behavior explicit and ensure cleanup of ephemeral test files. --- Linear Issue: [ENG-2193](https://linear.app/overmind/issue/ENG-2193/rename-boltcacheclose-to-closeanddestroy-and-delete-cache-file) <a href="https://cursor.com/background-agent?bcId=bc-9ce1f544-3902-46b4-a715-5895f7e6489b"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-cursor-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-cursor-light.svg"><img alt="Open in Cursor" src="https://cursor.com/open-in-cursor.svg"></picture></a> <a href="https://cursor.com/agents?id=bc-9ce1f544-3902-46b4-a715-5895f7e6489b"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/open-in-web-dark.svg"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/open-in-web-light.svg"><img alt="Open in Web" src="https://cursor.com/open-in-web.svg"></picture></a> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Makes destructive cache shutdown explicit and ensures on-close file cleanup. > > - Introduces `BoltCache.CloseAndDestroy()` that acquires the compaction lock, closes the DB, and `os.Remove`s the BoltDB file > - Replaces previous `Close()` usage in tests with `CloseAndDestroy()` via `t.Cleanup`/defers > - Adds `TestBoltCacheCloseAndDestroy` to verify file deletion and fresh cache creation at the same path > - Adjusts compaction test teardown to use `CloseAndDestroy()` > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 6b6d48487636cdad09245bdcbefa1e0ded200212. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Cursor Agent <[email protected]> GitOrigin-RevId: b7097a1b98a1f2430a5bd2d5873896e04244d829
See individual commits for details. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Improves logging and CI stability. > > - Replace `GCPSeverityHook` with `OtelSeverityHook` and standardize `severity` values to lowercase; update tests accordingly > - Add `utility` path filter and `utility-test` job in CI; reorder/expand workflow outputs; skip flaky/external `auth`, `nats`, and `retry` tests when `CI=true` > - Tweak OpenTelemetry collector: set `json_parser` `on_error` to `send_quiet` to avoid noisy errors on non‑JSON logs > - Minor tracing attribute formatting in `change_analysis.go` (no functional change) > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 158e010e3b85bc095b75bf34a6019b3a029fedb6. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: eecf72e90af6e38dfa90da1258507c43abd3413b
This fixes worker-level stuck job detection, which might have been affecting us <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Updates River dependencies to the latest patch release. > > - Bumps `github.com/riverqueue/river`, `river/riverdriver/riverpgxv5`, and `river/rivertype` to `v0.30.2` (and corresponding indirect `riverdriver`/`rivershared`) > - Refreshes `go.sum` accordingly > > This includes the upstream bugfix for worker-level stuck job detection (per PR description). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 13f95e4501ede203a34ce008c9e7307b2152eefa. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 81acef9e21cccd86eb199fd2cfd705ece6d510c2
<!-- CURSOR_SUMMARY --> > [!NOTE] > Improves resilience and reduces noise when connections close unexpectedly. > > - In `RunSourceQuery`, if the NATS connection is closed on `ctx.Done()`, skip publishing cancel messages, mark responders cancelled, and clean up > - In `cleanup`, only `Unsubscribe` when the subscription is valid to avoid errors > - In `gateway/service/tracing.go`, treat `"use of closed network connection"` as a common network error to avoid sending it to Sentry > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 6a7a87e8ef01cc239f9749db5873dc9a1fe5c58f. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: 5d8657c77028426e5d51194635630bf00f395202
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Copybara Sync - Release v1.14.2
This PR was automatically created by Copybara, syncing changes from the overmindtech/workspace monorepo.
Original author: David Schmitt ([email protected])
What happens when this PR is merged?
tag-on-mergeworkflow will automatically create thev1.14.2tag on mainReview Checklist