Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StackStorm v3.8.1 pre-release testing #128

Open
arm4b opened this issue Nov 30, 2023 · 3 comments
Open

StackStorm v3.8.1 pre-release testing #128

arm4b opened this issue Nov 30, 2023 · 3 comments
Labels
community help wanted Extra attention is needed
Milestone
3.8.1

Comments

@arm4b
Copy link
Member

arm4b commented Nov 30, 2023
edited
Loading

We're preparing the StackStorm v3.8.1 and starting pre-release testing.

StackStorm didn't have a release for a year! The focus in 3.8.1 was on updating the upstream dependencies and fixing bugs for stackstorm components like st2 core and orquesta workflow engine (pip), st2web Web UI and st2chatops (npm). Because lots of dependencies were updated during a long period of time, regressions are possible. Help us find them!

TL;DR

Install StackStorm v3.8.1 staging packages, try random things in different OS (CentOS/RedHat/RockyLinux 6 and 7, Ubuntu 18 and 20 LTS) and report any regressions found:

bash <(curl -sSL https://stackstorm.com/packages/install.sh) --user=st2admin --password=Ch@ngeMe --staging --stable

Release Process Preparation

Per Release Management Schedule @armab is the Release Manager and @nzlosh is the Release Assistant. We follow the StackStorm Release Process. Communication is happening in #releasemgmt and #development Slack channels.

Why Manual testing?

StackStorm has a lot of testing stages: Unit tests, Integration, Deployment/Integrity checks, Smoke tests and eventually end-2-end tests when automation spins up new AWS instance for each OS/flavor we support (see st2tests, st2ci, st2cd and st2cicd).

However it's not enough.
There are always unknowns to discover and edge cases. Hence, manual Exploratory Testing.

What to test?

  • st2 core testing:
    • updated pip dependencies to fix upstream CVEs
    • many other bugfixes (15+)
    • Recommendation: test overall system stability
  • st2chatops testing:
    • updated npm dependencies to fix upstream CVEs
    • Recommendation: test if update didn't broke anything with your chatops adapter
  • st2web testing:
    • updates npm dependencies to fix upstream CVEs
    • Recommendation: test for Web UI for regressions or quirks
  • Run st2-self-check
    https://docs.stackstorm.com/latest/troubleshooting/self_verification.html

Full Changelog

For reference, here is a full changelog. Recommended to explore, check and try in a random way.

st2

Fixed

  • Fix proxy auth mode in HA environments #5766 #6049
    Contributed by @floatingstatic

  • Fix issue with linux pack actions failed to run remotely due to incorrect python shebang. #5983 #6042
    Contributed by Ronnie Hoffmann (@ZoeLeah Schwarz IT KG)

  • Fix CI usses #6015
    Contributed by Amanda McGuinness (@amanda11 intive)

  • Bumped paramiko to 2.10.5 to fix an issue with SSH Certs - SHA2 support broke SHA1 support when server is OpenSSH <7.8 paramiko/paramiko#2017 (security)
    Contributed by @jk464

  • Avoid logging sensitive information in debug (fix #5977)

  • Fix codecov failures for stackstorm/st2 tests. #6035, #6046, #6048

  • Fix #4676, edge case where --inherit-env is skipped if the action has no parameters

  • Fix ST2 Client for Windows Clients. PWD is a Unix only Libary. #6071
    Contributed by (@philipphomberger Schwarz IT KG)

  • Fix Snyk Security Finding Cross-site Scripting (XSS) in contrib/examples/sensors/echo_flask_app.py #6070
    Contributed by (@philipphomberger Schwarz IT KG)

  • Update cryptography 3.4.7 -> 39.0.1, pyOpenSSL 21.0.0 -> 23.1.0, paramiko 2.10.5 -> 2.11.0 (security). #6055

  • Bumped eventlet to 0.33.3 and gunicorn to 21.2.0 to fix RecursionError bug in setting SSLContext minimum_version property. (security) #6061
    Contributed by @jk464

  • Update orquesta to v1.6.0 to fix outdated dependencies (security). #6050

  • Fix KV value lookup in actions when RBAC is enabled #5934

  • Update version 3.1.15 of gitpython to 3.1.18 for py3.6 and to 3.1.37 for py3.8 (security). #6063

  • Update importlib-metadata from 3.10.1 to 4.8.3 for py3.6 and to 4.10.1 for py3.8 (security). #6072
    Contributed by @jk464

  • For "local-shell-script" runner, on readonly filesystems, don't attempt to run chmod +x on script_action. Fixes #5591
    Contributed by @jk464

Added

  • Move git clone to user_home/.st2packs #5845

  • Error on st2ctl status when running in Kubernetes. #5851
    Contributed by @mamercad

  • Continue introducing pants <https://www.pantsbuild.org/docs>_ to improve DX (Developer Experience)
    working on StackStorm, improve our security posture, and improve CI reliability thanks in part
    to pants' use of PEX lockfiles. This is not a user-facing addition.
    #5778 #5789 #5817 #5795 #5830 #5833 #5834 #5841 #5840 #5838 #5842 #5837 #5849 #5850
    #5846 #5853 #5848 #5847 #5858 #5857 #5860 #5868 #5871 #5864 #5874 #5884 #5893 #5891
    #5890 #5898 #5901 #5906 #5899 #5907 #5909 #5922 #5926 #5927 #5925 #5928 #5929 #5930
    #5931 #5932 #5948 #5949 #5950
    Contributed by @cognifloyd

  • Added a joint index to solve the problem of slow mongo queries for scheduled executions. #5805

  • Added publisher to ActionAlias to enable streaming ActionAlias create/update/delete events. #5763
    Contributed by @ubaumann

  • Expose environment variable ST2_ACTION_DEBUG to all StackStorm actions.
    Contributed by @maxfactor1

  • Python 3.9 support. #5730
    Contributed by Amanda McGuinness (@amanda11 intive)

  • Run the st2 self-check in Github Actions and support the environment variable TESTS_TO_SKIP to skip tests when running st2-self-check. #5609
    Contributed by @winem

Changed

  • Remove distutils dependencies across the project. #5992
    Contributed by @AndroxxTraxxon

Full list of changes: https://github.com/StackStorm/st2/blob/v3.8/CHANGELOG.rst

orquesta

Changed

  • Update deprecated collections imports to collections.abc to be forward-compatible with Python3.10
    Contributed by @AndroxxTraxxon
  • Migrate from nosetest to pytest for Python test runner.
    Contributed by @AndroxxTraxxon
  • Add Python versions 3.9, 3.10, and 3.11 to the test matrix
    Contributed by @AndroxxTraxxon

Fixed

  • Update networkx >=2.6 for Python 3.8 to fix insecure deserialization #255 (security fix)
    Contributed by @Stealthii
  • Update jsonschema requirements to allow 3.2 (security fix)
    Contributed by @james-bellamy

Fore more info see https://github.com/StackStorm/orquesta/blob/master/CHANGELOG.rst#160

st2chatops

st2web

Changed

  • Updated various dependencies (security). #1009, #1020
    Contributed by @enykeev
  • Updated NodeJS to v20 current (security). #1010
    Contributed by @enykeev

Fixed

Please report if you did any testing and any share findings here.
Good luck!
@arm4b arm4b added help wanted Extra attention is needed community labels Nov 30, 2023
@arm4b arm4b added this to the 3.8.1 milestone Nov 30, 2023
@arm4b
Copy link
Member Author

arm4b commented Dec 1, 2023
edited
Loading

I've installed StackStorm staging packages on a fresh Ubuntu18 and Ubuntu20 VMs.
Verified the correct st2 v3.8.1 package version is present that includes correct pip dependencies that we updated (with no vulnerabilities under py3.8) and ran st2-self-check.

There were some leftower warnings about deprecated py3.6 coming from cryptography, which we didn't silence in full, but this is the latest release with py3.6 support so warnings shouldn't be that harmful, if they're not breaking any scripts/parsing.

TBD: need verifying if Web UI works as before as there were lots of dependency updates there.

@arm4b arm4b mentioned this issue Dec 8, 2023
Closed
@nzlosh
Copy link

nzlosh commented Dec 9, 2023

Installed 3.8.1 packages and ran self-tests on CentOS7 and Rocky8. Both working

centos 7

SELF CHECK SUCCEEDED!
st2-self-check succeeded.

#############################################################
###################################################   #######
###############################################   /~\   #####
############################################   _- `~~~', ####
##########################################  _-~       )  ####
#######################################  _-~          |  ####
####################################  _-~            ;  #####
##########################  __---___-~              |   #####
#######################   _~   ,,                  ;  `,,  ##
#####################  _-~    ;'                  |  ,'  ; ##
###################  _~      '                    `~'   ; ###
############   __---;                                 ,' ####
########   __~~  ___                                ,' ######
#####  _-~~   -~~ _                               ,' ########
##### `-_         _                              ; ##########
#######  ~~----~~~   ;                          ; ###########
#########  /          ;                        ; ############
#######  /             ;                      ; #############
#####  /                `                    ; ##############
###  /                                      ; ###############
#                                            ################

[root@centos7 ~]# st2 --version
st2 3.8.1, on Python 3.6.8
[root@centos7 ~]# egrep 'NAME|VERSION' /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"

Rocky8

SELF CHECK SUCCEEDED!
st2-self-check succeeded.

#############################################################
###################################################   #######
###############################################   /~\   #####
############################################   _- `~~~', ####
##########################################  _-~       )  ####
#######################################  _-~          |  ####
####################################  _-~            ;  #####
##########################  __---___-~              |   #####
#######################   _~   ,,                  ;  `,,  ##
#####################  _-~    ;'                  |  ,'  ; ##
###################  _~      '                    `~'   ; ###
############   __---;                                 ,' ####
########   __~~  ___                                ,' ######
#####  _-~~   -~~ _                               ,' ########
##### `-_         _                              ; ##########
#######  ~~----~~~   ;                          ; ###########
#########  /          ;                        ; ############
#######  /             ;                      ; #############
#####  /                `                    ; ##############
###  /                                      ; ###############
#                                            ################

[root@rocky8 ~]# st2 --version
st2 3.8.1, on Python 3.8.17
[root@rocky8 ~]# cat /etc/os-release 
NAME="Rocky Linux"
VERSION="8.9 (Green Obsidian)"

I'll look at doing some manual testing later

@winem
Copy link

winem commented Dec 12, 2023

st2-self-check as well as a bunch of manual tests went fine on Ubuntu 20.04.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community help wanted Extra attention is needed
Projects
None yet
Milestone
3.8.1
Development

No branches or pull requests
3 participants
@winem @arm4b @nzlosh