Merge branch 'master' into 702-feature-add-option-to-define-toleratio…

…n-on-k8s-jobs

.github/workflows/seqera_docs_changelog.yml

@@ -0,0 +1,61 @@
+name: Push changelog to Seqera Docs
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      release_name:
+        description: 'Release version (e.g. 1.0.0)'
+        required: true
+      release_body:
+        description: 'Release changelog content'
+        required: true
+
+jobs:
+  update-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Clone seqeralabs/docs
+        run: |
+          git clone https://github.com/seqeralabs/docs.git seqeralabs-docs
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create changelog file
+        run: |
+          mkdir -p seqeralabs-docs/changelog/wave
+          cat << EOF > seqeralabs-docs/changelog/wave/${{ github.event.release.name || inputs.release_name }}.mdx
+          ---
+          title: Wave ${{ github.event.release.name || inputs.release_name }}
+          date: $(date +%Y-%m-%d)
+          tags: [wave]
+          ---
+
+          ${{ github.event.release.body || inputs.release_body }}
+          EOF
+
+      - uses: actions/create-github-app-token@v1
+        id: generate-token
+        with:
+          app-id: ${{ secrets.DOCS_BOT_APP_ID }}
+          private-key: ${{ secrets.DOCS_BOT_APP_PRIVATE_KEY }}
+          owner: seqeralabs
+          repositories: docs
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          branch-token: ${{ steps.generate-token.outputs.token }}
+          path: seqeralabs-docs
+          commit-message: "Changelog: Wave ${{ github.event.release.name }}"
+          title: "Changelog: Wave ${{ github.event.release.name }}"
+          body: |
+            This PR adds the changelog for Wave ${{ github.event.release.name }} to the Seqera documentation.
+
+            This is an automated PR created from the Wave repository.
+          branch: changelog-wave-${{ github.event.release.name }}
+          base: master
+          delete-branch: true

.gitignore

@@ -37,3 +37,6 @@ deployment-url.txt
 tsp-output/
 node_modules/
 package-lock.json
+
+# Seqera Docs clone
+seqeralabs-docs

VERSION

@@ -1 +1 @@
-1.15.1
+1.15.4

build.gradle

@@ -35,9 +35,10 @@ dependencies {
     compileOnly 'io.micronaut:micronaut-inject-groovy'
     compileOnly 'io.micronaut:micronaut-http-validation'
     implementation 'jakarta.persistence:jakarta.persistence-api:3.0.0'
-    api 'io.seqera:lib-mail:1.2.0'
+    api 'io.seqera:lib-mail:1.2.1'
     api 'io.seqera:wave-api:0.14.0'
     api 'io.seqera:wave-utils:0.15.0'
+    implementation 'io.seqera:lib-crypto:1.0.0'
     implementation 'io.micronaut:micronaut-http-client'
     implementation 'io.micronaut:micronaut-jackson-databind'
     implementation 'io.micronaut.groovy:micronaut-runtime-groovy'
@@ -53,12 +54,11 @@ dependencies {
     implementation 'dev.failsafe:failsafe:3.1.0'
     implementation 'io.micronaut.reactor:micronaut-reactor'
     implementation 'io.micronaut.reactor:micronaut-reactor-http-client'
-    implementation('io.seqera:tower-crypto:22.4.0-watson') { transitive = false }  // to be replaced with 22.4.0 once released
     implementation 'org.apache.commons:commons-compress:1.27.1'
     implementation 'org.apache.commons:commons-lang3:3.17.0'
-    implementation 'io.kubernetes:client-java:19.0.0'
-    implementation 'io.kubernetes:client-java-api-fluent:18.0.1'
-    implementation 'com.google.code.gson:gson:2.9.0'
+    implementation 'io.kubernetes:client-java:21.0.1'
+    implementation 'io.kubernetes:client-java-api-fluent:21.0.1'
+    implementation 'com.google.code.gson:gson:2.10.1'
     implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310'
     implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml'
     implementation 'com.squareup.moshi:moshi:1.15.1'
@@ -104,6 +104,7 @@ dependencies {
     runtimeOnly 'org.bouncycastle:bcpkix-jdk18on:1.78'
     runtimeOnly 'org.bitbucket.b_c:jose4j:0.9.4'
     runtimeOnly 'io.netty:netty-bom:4.1.115.Final'
+    runtimeOnly 'com.google.protobuf:protobuf-java:4.27.5'
 }
 
 application {

buildSrc/src/main/groovy/io.seqera.wave.java-library-conventions.gradle

@@ -41,6 +41,7 @@ java {
 
 dependencies {
     implementation 'org.slf4j:slf4j-api:2.0.16'
+    implementation 'org.slf4j:slf4j-jdk-platform-logging:2.0.16'
 
     testImplementation 'ch.qos.logback:logback-core:1.5.12'
     testImplementation 'ch.qos.logback:logback-classic:1.5.12'

changelog.txt

@@ -1,4 +1,20 @@
 # Wave changelog
+1.15.4 - 27 Nov 2024 
+- Add blocking executor to async caches (#759) [86f7d3e3]
+- Add ExecutesOn annotation to error controller [a2db2b00]
+
+1.15.3 - 25 Nov 2024
+- Add Support Redis support for SSL and password (#717) [bf63599d]
+- Bump MN 4.7.1 (#741) [203e5dd0]
+- Remove double cache builder invocation [994b722c]
+- Bump lib-mail version 1.2.1 [4da98a23]
+- Bump io.seqera:lib-crypto [36f5b24d]
+- Bump gson 2.10.1 [117703b9]
+- Bump protobuf-java version 4.27.5 [3ea758b4]
+- Bump k8s client to version 21.0.1 (#553) [51788578]
+
+1.15.2 [skipped] 
+
 1.15.1 - 20 Nov 2024
 - Check block existence with object operation (#750) [86ef526c]
 - Add /v1alpha2/validate-creds (#752) [e24ec62c]

configuration.md

@@ -184,6 +184,16 @@ Rate limit configuration controls the limits of anonymous and authenticated user
 
 - **`redis.pool.enabled`**: whether to enable the Redis pool. It is set to `true` by default, enabling the use of a connection pool for efficient management of connections to the Redis server. *Optional*.
 
+- **`redis.pool.minIdle`**: Specifies the minimum number of idle connections to maintain in the Redis connection pool. The default value is `0`. This ensures that connections are readily available for use.  *Optional*.
+
+- **`redis.pool.maxIdle`**: Specifies the maximum number of idle connections to maintain in the Redis connection pool. The default value is `10`.  *Optional*.
+
+- **`redis.pool.maxTotal`**: Specifies the maximum number of connections that can be maintained in the Redis connection pool. The default value is `50`. This helps to manage resource usage efficiently while supporting high demand.  *Optional*.
+
+- **`redis.client.timeout`**: Defines the timeout duration (in milliseconds) for Redis client operations. The default value is `5000` (5 seconds).  *Optional*.
+
+- **`redis.password`**: Specifies the password used to authenticate with the Redis server. This is needed when redis authentication is enabled.  *Optional*.
+
 - **`surreal.default.ns`**: the namespace for the Surreal database. It can be set using `${SURREALDB_NS}` environment variable. *Mandatory*.
 
 - **`surreal.default.db`**: the name of the Surreal database. It can be set using`${SURREALDB_DB}` environment variable. This setting defines the target database within the Surreal database system that Wave should interact with. *Mandatory*.

gradle.properties

@@ -16,5 +16,5 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-micronautVersion=4.6.3
+micronautVersion=4.7.1
 micronautEnvs=dev,h2,mail,aws-ses

src/main/groovy/io/seqera/wave/ErrorHandler.groovy

@@ -24,6 +24,7 @@ import io.micronaut.http.HttpRequest
 import io.micronaut.http.HttpResponse
 import io.micronaut.http.HttpResponseFactory
 import io.micronaut.http.HttpStatus
+import io.micronaut.http.exceptions.HttpStatusException
 import io.micronaut.security.authentication.AuthorizationException
 import io.seqera.wave.exception.BuildTimeoutException
 import io.seqera.wave.exception.DockerRegistryException
@@ -55,8 +56,9 @@ class ErrorHandler {
     def <T> HttpResponse<T> handle(HttpRequest httpRequest, Throwable t, Mapper<T> responseFactory) {
         final errId = LongRndKey.rndHex()
         final request = httpRequest?.toString()
+        final knownException = t instanceof WaveException || t instanceof HttpStatusException
         def msg = t.message
-        if( t instanceof WaveException && msg ) {
+        if( knownException && msg ) {
             // the the error cause
             if( t.cause ) msg += " - Cause: ${t.cause.message ?: t.cause}".toString()
             // render the message for logging
@@ -81,6 +83,13 @@ class ErrorHandler {
             log.error(render, t)
         }
 
+        if( t instanceof HttpStatusException ) {
+            final body = (t.body.isPresent() ? t.body.get() : t.message) as T
+            return HttpResponse
+                    .status(t.status)
+                    .body(body)
+        }
+
         if( t instanceof RegistryForwardException ) {
             // report this error as it has been returned by the target registry
             return HttpResponse

src/main/groovy/io/seqera/wave/auth/RegistryAuthServiceImpl.groovy

@@ -22,6 +22,7 @@ import java.net.http.HttpRequest
 import java.net.http.HttpResponse
 import java.time.Duration
 import java.util.concurrent.CompletionException
+import java.util.concurrent.ExecutorService
 import java.util.concurrent.TimeUnit
 
 import com.github.benmanes.caffeine.cache.AsyncLoadingCache
@@ -33,14 +34,17 @@ import groovy.transform.CompileStatic
 import groovy.transform.PackageScope
 import groovy.transform.ToString
 import groovy.util.logging.Slf4j
+import io.micronaut.scheduling.TaskExecutors
 import io.seqera.wave.configuration.HttpClientConfig
 import io.seqera.wave.exception.RegistryForwardException
 import io.seqera.wave.exception.RegistryUnauthorizedAccessException
 import io.seqera.wave.http.HttpClientFactory
 import io.seqera.wave.util.RegHelper
 import io.seqera.wave.util.Retryable
 import io.seqera.wave.util.StringUtils
+import jakarta.annotation.PostConstruct
 import jakarta.inject.Inject
+import jakarta.inject.Named
 import jakarta.inject.Singleton
 import static io.seqera.wave.WaveDefault.DOCKER_IO
 import static io.seqera.wave.auth.RegistryUtils.isServerError
@@ -64,6 +68,10 @@ class RegistryAuthServiceImpl implements RegistryAuthService {
     @Inject
     private RegistryTokenStore tokenStore
 
+    @Inject
+    @Named(TaskExecutors.BLOCKING)
+    private ExecutorService ioExecutor
+
     @Canonical
     @ToString(includePackage = false, includeNames = true)
     static private class CacheKey {
@@ -101,16 +109,23 @@ class RegistryAuthServiceImpl implements RegistryAuthService {
     }
 
     // FIXME https://github.com/seqeralabs/wave/issues/747
-    private AsyncLoadingCache<CacheKey, String> cacheTokens = Caffeine.newBuilder()
-                    .newBuilder()
-                    .maximumSize(10_000)
-                    .expireAfterAccess(_1_HOUR.toMillis(), TimeUnit.MILLISECONDS)
-                    .buildAsync(loader)
+    private AsyncLoadingCache<CacheKey, String> cacheTokens
 
     @Inject
     private RegistryLookupService lookupService
 
-    @Inject RegistryCredentialsFactory credentialsFactory
+    @Inject
+    private RegistryCredentialsFactory credentialsFactory
+
+    @PostConstruct
+    private void init() {
+        cacheTokens = Caffeine
+                .newBuilder()
+                .maximumSize(10_000)
+                .expireAfterAccess(_1_HOUR.toMillis(), TimeUnit.MILLISECONDS)
+                .executor(ioExecutor)
+                .buildAsync(loader)
+    }
 
     /**
      * Implements container registry login

src/main/groovy/io/seqera/wave/auth/RegistryLookupServiceImpl.groovy

@@ -21,18 +21,22 @@ package io.seqera.wave.auth
 import java.net.http.HttpRequest
 import java.net.http.HttpResponse
 import java.util.concurrent.CompletionException
+import java.util.concurrent.ExecutorService
 import java.util.concurrent.TimeUnit
 
 import com.github.benmanes.caffeine.cache.AsyncLoadingCache
 import com.github.benmanes.caffeine.cache.CacheLoader
 import com.github.benmanes.caffeine.cache.Caffeine
 import groovy.transform.CompileStatic
 import groovy.util.logging.Slf4j
+import io.micronaut.scheduling.TaskExecutors
 import io.seqera.wave.configuration.HttpClientConfig
 import io.seqera.wave.exception.RegistryForwardException
 import io.seqera.wave.http.HttpClientFactory
 import io.seqera.wave.util.Retryable
+import jakarta.annotation.PostConstruct
 import jakarta.inject.Inject
+import jakarta.inject.Named
 import jakarta.inject.Singleton
 import static io.seqera.wave.WaveDefault.DOCKER_IO
 import static io.seqera.wave.WaveDefault.DOCKER_REGISTRY_1
@@ -55,6 +59,10 @@ class RegistryLookupServiceImpl implements RegistryLookupService {
     @Inject
     private RegistryAuthStore store
 
+    @Inject
+    @Named(TaskExecutors.BLOCKING)
+    private ExecutorService ioExecutor
+
     private CacheLoader<URI, RegistryAuth> loader = new CacheLoader<URI, RegistryAuth>() {
         @Override
         RegistryAuth load(URI endpoint) throws Exception {
@@ -74,11 +82,17 @@ class RegistryLookupServiceImpl implements RegistryLookupService {
     }
 
     // FIXME https://github.com/seqeralabs/wave/issues/747
-    private AsyncLoadingCache<URI, RegistryAuth> cache = Caffeine.newBuilder()
+    private AsyncLoadingCache<URI, RegistryAuth> cache
+
+    @PostConstruct
+    void init() {
+        cache = Caffeine
                 .newBuilder()
                 .maximumSize(10_000)
                 .expireAfterAccess(1, TimeUnit.HOURS)
+                .executor(ioExecutor)
                 .buildAsync(loader)
+    }
 
     protected RegistryAuth lookup0(URI endpoint) {
         final httpClient = HttpClientFactory.followRedirectsHttpClient()

src/main/groovy/io/seqera/wave/controller/ErrorController.groovy

@@ -25,6 +25,8 @@ import io.micronaut.http.HttpResponse
 import io.micronaut.http.annotation.Controller
 import io.micronaut.http.annotation.Error
 import io.micronaut.http.hateoas.JsonError
+import io.micronaut.scheduling.TaskExecutors
+import io.micronaut.scheduling.annotation.ExecuteOn
 import io.seqera.wave.ErrorHandler
 import jakarta.inject.Inject
 /**
@@ -35,9 +37,11 @@ import jakarta.inject.Inject
 @Slf4j
 @CompileStatic
 @Controller('/error')
+@ExecuteOn(TaskExecutors.BLOCKING)
 class ErrorController {
 
-    @Inject ErrorHandler handler
+    @Inject
+    private ErrorHandler handler
 
     @Error(global = true)
     HttpResponse<JsonError> handleException(HttpRequest request, Throwable exception) {

src/main/groovy/io/seqera/wave/model/ContainerCoordinates.groovy

@@ -53,7 +53,8 @@ class ContainerCoordinates implements ContainerPath {
     static ContainerCoordinates parse(String path) {
         if( !path )
             throw new IllegalArgumentException("Container image name is not provided")
-
+        if( path.contains(' ') )
+            throw new IllegalArgumentException("Invalid container name - offending image: '$path'")
         final scheme = StringUtils.getUrlProtocol(path)
         if( scheme ) {
             if( scheme!='oras') throw new IllegalArgumentException("Invalid container scheme: '$scheme' - offending image: '$path'")

src/main/groovy/io/seqera/wave/ratelimit/impl/SpillWayStorageFactory.groovy

@@ -26,6 +26,7 @@ import groovy.util.logging.Slf4j
 import io.micronaut.context.annotation.Factory
 import io.micronaut.context.annotation.Requires
 import io.seqera.wave.configuration.RedisConfig
+import jakarta.inject.Inject
 import jakarta.inject.Singleton
 import jakarta.validation.constraints.NotNull
 import redis.clients.jedis.JedisPool
@@ -51,9 +52,7 @@ class SpillWayStorageFactory {
 
     @Singleton
     @Requires(property = 'redis.uri')
-    LimitUsageStorage redisStorage(@NotNull RedisConfig redisConfig){
-        log.info "Using redis $redisConfig.uri as storage for rate limit"
-        def jedisPool = new JedisPool(redisConfig.uri)
-        return RedisStorage.builder().withJedisPool(jedisPool).build()
+    LimitUsageStorage redisStorage(JedisPool pool){
+        return RedisStorage.builder().withJedisPool(pool).build()
     }
 }