From e5479e84fec29beb0fca9c91bb68fe1fa188baaa Mon Sep 17 00:00:00 2001 From: Stefan Adelbert Date: Fri, 7 Jun 2024 15:04:48 +1000 Subject: [PATCH 01/14] nfpm: Modified zrok-share to cater for private temporary and reserved shares, controlled by ZROK_FRONTEND_MODE; Modified env file with additional variable ZROK_FRONTEND_MODE; --- nfpm/zrok-share.bash | 23 ++++++++++++++++------- nfpm/zrok-share.env | 4 ++++ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/nfpm/zrok-share.bash b/nfpm/zrok-share.bash index a0480d3d..ec7ed03e 100644 --- a/nfpm/zrok-share.bash +++ b/nfpm/zrok-share.bash @@ -54,9 +54,12 @@ fi exit 1 } -# default mode is reserved (public), override mode is temp-public, i.e., "share public" without a reserved subdomain +# default mode is 'temp-public' (unreserved), override modes are temp-private, reserver-public, reserved-private. +: "${ZROK_FRONTEND_MODE:-temp-public}" if [[ "${ZROK_FRONTEND_MODE:-}" == temp-public ]]; then ZROK_CMD="share public --headless ${ZROK_VERBOSE:-}" +elif [[ "${ZROK_FRONTEND_MODE:-}" == temp-private ]]; then + ZROK_CMD="share private --headless ${ZROK_VERBOSE:-}" elif [[ -s ~/.zrok/reserved.json ]]; then ZROK_RESERVED_TOKEN="$(jq -r '.token' ~/.zrok/reserved.json 2>/dev/null)" if [[ -z "${ZROK_RESERVED_TOKEN}" || "${ZROK_RESERVED_TOKEN}" == null ]]; then @@ -73,8 +76,13 @@ elif [[ -s ~/.zrok/reserved.json ]]; then exit 0 fi fi -else +elif [[ "${ZROK_FRONTEND_MODE:-}" == reserved-public ]]; then ZROK_CMD="reserve public --json-output ${ZROK_VERBOSE:-}" +elif [[ "${ZROK_FRONTEND_MODE:-}" == reserved-private ]]; then + ZROK_CMD="reserve private --json-output ${ZROK_VERBOSE:-}" +else + echo "ERROR: invalid value for ZROK_FRONTEND_MODE '${ZROK_FRONTEND_MODE}'" >&2 + exit 1 fi [[ -n "${ZROK_BACKEND_MODE:-}" ]] || { @@ -88,12 +96,12 @@ case "${ZROK_BACKEND_MODE}" in echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an HTTP URL" >&2 exit 1 else - echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}" + echo "INFO: validated backend mode '${ZROK_BACKEND_MODE}' and target '${ZROK_TARGET}'" fi ;; caddy) if ! [[ "${ZROK_TARGET}" =~ ^/ ]]; then - echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path." >&2 + echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path" >&2 exit 1 elif ! [[ -f "${ZROK_TARGET}" && -r "${ZROK_TARGET}" ]]; then echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not a readable regular file" >&2 @@ -104,7 +112,7 @@ case "${ZROK_BACKEND_MODE}" in ;; web|drive) if ! [[ "${ZROK_TARGET}" =~ ^/ ]]; then - echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path." >&2 + echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path" >&2 exit 1 elif ! [[ -d "${ZROK_TARGET}" && -r "${ZROK_TARGET}" ]]; then echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not a readable directory" >&2 @@ -142,8 +150,9 @@ fi echo "INFO: running: zrok ${ZROK_CMD}" -if [[ "${ZROK_FRONTEND_MODE:-}" == temp-public ]]; then - # share until exit +if [[ "${ZROK_FRONTEND_MODE:-}" =~ ^temp- ]]; then + # frontend mode starts with 'temp-', so is temporary. + # share without reserving until exit. exec zrok ${ZROK_CMD} else # reserve and continue diff --git a/nfpm/zrok-share.env b/nfpm/zrok-share.env index 323f5b8c..9bb31514 100644 --- a/nfpm/zrok-share.env +++ b/nfpm/zrok-share.env @@ -86,3 +86,7 @@ ZROK_SHARE_OPTS="" # set if self-hosting zrok and not using only the default frontend name 'public'; must be a space-separated list # WARNING: changes take effect the next time the frontend URL is reserved #ZROK_FRONTENDS="public" + +# you MAY set to change the frontend mode: temp-public (default), temp-private, reserved-public, reserved-private +# WARNING: changes take effect the next time the frontend URL is reserved +#ZROK_FRONTEND_MODE="temp-public" From 007701ad0b3d0b6255232c9ec04a356c3996ea5e Mon Sep 17 00:00:00 2001 From: Stefan Adelbert Date: Tue, 11 Jun 2024 10:41:21 +1000 Subject: [PATCH 02/14] nfpm: Made 'reserved-public' the default mode; Fixed some typos; --- nfpm/zrok-share.bash | 4 ++-- nfpm/zrok-share.env | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nfpm/zrok-share.bash b/nfpm/zrok-share.bash index ec7ed03e..d0ffbdfe 100644 --- a/nfpm/zrok-share.bash +++ b/nfpm/zrok-share.bash @@ -54,8 +54,8 @@ fi exit 1 } -# default mode is 'temp-public' (unreserved), override modes are temp-private, reserver-public, reserved-private. -: "${ZROK_FRONTEND_MODE:-temp-public}" +# default mode is 'reserved-public', override modes are reserved-private, temp-public, temp-private. +: "${ZROK_FRONTEND_MODE:-reserved-public}" if [[ "${ZROK_FRONTEND_MODE:-}" == temp-public ]]; then ZROK_CMD="share public --headless ${ZROK_VERBOSE:-}" elif [[ "${ZROK_FRONTEND_MODE:-}" == temp-private ]]; then diff --git a/nfpm/zrok-share.env b/nfpm/zrok-share.env index 9bb31514..3e7605b8 100644 --- a/nfpm/zrok-share.env +++ b/nfpm/zrok-share.env @@ -87,6 +87,6 @@ ZROK_SHARE_OPTS="" # WARNING: changes take effect the next time the frontend URL is reserved #ZROK_FRONTENDS="public" -# you MAY set to change the frontend mode: temp-public (default), temp-private, reserved-public, reserved-private +# you MAY set to change the frontend mode: reserved-public (default), reserved-private, temp-public, temp-private # WARNING: changes take effect the next time the frontend URL is reserved -#ZROK_FRONTEND_MODE="temp-public" +#ZROK_FRONTEND_MODE="reserved-public" From ae1cce618dd7c184e01e046d883e9097242d2d20 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 25 Jun 2024 15:40:28 -0400 Subject: [PATCH 03/14] support private share modes --- .goreleaser-linux-arm64.yml | 3 +++ .goreleaser-linux-armhf.yml | 3 +++ .goreleaser-linux.yml | 3 +++ nfpm/zrok-share.bash | 32 +++++++++++++++++++++++++-- nfpm/zrok-share.env | 27 ++++++++++++++++++++-- nfpm/zrok-share.service.override.conf | 10 +++++++++ 6 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 nfpm/zrok-share.service.override.conf diff --git a/.goreleaser-linux-arm64.yml b/.goreleaser-linux-arm64.yml index 23637caa..27bd3474 100644 --- a/.goreleaser-linux-arm64.yml +++ b/.goreleaser-linux-arm64.yml @@ -112,6 +112,9 @@ nfpms: - dst: /lib/systemd/system/ src: ./nfpm/zrok-share.service + - dst: /etc/systemd/system/zrok-share.service.d/override.conf + src: ./nfpm/zrok-share.service.override.conf + - dst: /opt/openziti/etc/zrok type: dir file_info: diff --git a/.goreleaser-linux-armhf.yml b/.goreleaser-linux-armhf.yml index afb4e052..829c85b8 100644 --- a/.goreleaser-linux-armhf.yml +++ b/.goreleaser-linux-armhf.yml @@ -112,6 +112,9 @@ nfpms: - dst: /lib/systemd/system/ src: ./nfpm/zrok-share.service + - dst: /etc/systemd/system/zrok-share.service.d/override.conf + src: ./nfpm/zrok-share.service.override.conf + - dst: /opt/openziti/etc/zrok type: dir file_info: diff --git a/.goreleaser-linux.yml b/.goreleaser-linux.yml index aa728c45..0e5ec9e8 100644 --- a/.goreleaser-linux.yml +++ b/.goreleaser-linux.yml @@ -108,6 +108,9 @@ nfpms: - dst: /lib/systemd/system/ src: ./nfpm/zrok-share.service + - dst: /etc/systemd/system/zrok-share.service.d/override.conf + src: ./nfpm/zrok-share.service.override.conf + - dst: /opt/openziti/etc/zrok type: dir file_info: diff --git a/nfpm/zrok-share.bash b/nfpm/zrok-share.bash index d0ffbdfe..6f1a1de0 100644 --- a/nfpm/zrok-share.bash +++ b/nfpm/zrok-share.bash @@ -55,7 +55,7 @@ fi } # default mode is 'reserved-public', override modes are reserved-private, temp-public, temp-private. -: "${ZROK_FRONTEND_MODE:-reserved-public}" +: "${ZROK_FRONTEND_MODE:=reserved-public}" if [[ "${ZROK_FRONTEND_MODE:-}" == temp-public ]]; then ZROK_CMD="share public --headless ${ZROK_VERBOSE:-}" elif [[ "${ZROK_FRONTEND_MODE:-}" == temp-private ]]; then @@ -121,13 +121,41 @@ case "${ZROK_BACKEND_MODE}" in echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}" fi ;; + tcpTunnel|udpTunnel|socks|vpn) + if ! [[ "${ZROK_FRONTEND_MODE}" =~ -private$ ]]; then + echo "ERROR: ZROK_BACKEND_MODE='${ZROK_BACKEND_MODE}' is a private share backend mode and cannot be used with ZROK_FRONTEND_MODE='${ZROK_FRONTEND_MODE}'" >&2 + exit 1 + else + case "${ZROK_BACKEND_MODE}" in + tcpTunnel|udpTunnel) + echo "INFO: ${ZROK_BACKEND_MODE} backend mode has target '${ZROK_TARGET}'" + ;; + vpn) + if [[ -n "${ZROK_TARGET}" ]]; then + ZROK_SVC_FILE=/etc/systemd/system/zrok-share.service.d/override.conf + if ! grep -qE '^AmbientCapabilities=CAP_NET_ADMIN' "${ZROK_SVC_FILE}"; then + echo "ERROR: you must uncomment 'AmbientCapabilities=CAP_NET_ADMIN' in '${ZROK_SVC_FILE}'"\ + "and run 'systemctl daemon-reload' to enable VPN mode" >&2 + exit 1 + fi + fi + ;; + socks) + if [[ -n "${ZROK_TARGET}" ]]; then + echo "WARNING: ZROK_TARGET='${ZROK_TARGET}' is ignored with ZROK_BACKEND_MODE='${ZROK_BACKEND_MODE}'" >&2 + unset ZROK_TARGET + fi + ;; + esac + fi + ;; *) echo "WARNING: ZROK_BACKEND_MODE='${ZROK_BACKEND_MODE}' is not a recognized mode for a zrok public share."\ " ZROK_TARGET value will not validated before running." >&2 ;; esac -[[ -n "${ZROK_UNIQUE_NAME:-}" ]] && { +[[ "${ZROK_FRONTEND_MODE:-}" =~ ^reserved- && -n "${ZROK_UNIQUE_NAME:-}" ]] && { ZROK_CMD+=" --unique-name ${ZROK_UNIQUE_NAME}" } diff --git a/nfpm/zrok-share.env b/nfpm/zrok-share.env index 3e7605b8..7d439682 100644 --- a/nfpm/zrok-share.env +++ b/nfpm/zrok-share.env @@ -21,13 +21,17 @@ ZROK_ENVIRONMENT_NAME="" #ZROK_API_ENDPOINT="https://api.zrok.io" # -## ZROK BACKEND TARGET +## ZROK BACKEND MODE AND TARGET # # You MUST define the backend target and mode. The frontend URL will be provisioned when the service starts. You MAY # change ZROK_TARGET and frontend URL will remain the same after a restart as long as the backend mode and frontend # authentication options are the same. Options that require provisioning a new frontend URL when changed are marked with # WARNING. You may delete /var/lib/zrok-share/.zrok/reserved.json and restart the service to provision a new frontend URL. + # +## BACKEND MODES THAT WORK WITH PUBLIC OR PRIVATE SHARES (HTTP) +# + # backend-mode "proxy" (default): share a backend web server URL that's reachable by this host; must begin with 'http://' or # 'https://'; must accept the HOST header of the proxy frontend. Check out backend mode "caddy" if you need more control. ZROK_TARGET="" # e.g., http://127.0.0.1:3000 @@ -60,6 +64,26 @@ ZROK_BACKEND_MODE="proxy" # NOTE: basic auth and oauth are mutually exclusive ZROK_SHARE_OPTS="" +# +## BACKEND MODES THAT ONLY WORK WITH PRIVATE SHARES +# + +#ZROK_BACKEND_MODE="tcpTunnel" +#ZROK_TARGET="127.0.0.1:25565" + +#ZROK_BACKEND_MODE="udpTunnel" +#ZROK_TARGET="127.0.0.1:53" + +# you must grant NET_ADMIN capability to the service to enable vpn mode, e.g., run these two commands: +# sed -Ei 's/.*AmbientCapabilities=CAP_NET_ADMIN/AmbientCapabilities=CAP_NET_ADMIN/' /etc/systemd/system/zrok-share.service.d/override.conf +# systemctl daemon-reload +#ZROK_BACKEND_MODE="vpn" +#ZROK_TARGET="172.16.0.1/12" + +# there is no target for socks mode because the share is only a dynamic exit for the proxy client +#ZROK_BACKEND_MODE="socks" +#ZROK_TARGET="" + # ## ZROK FRONTEND # @@ -88,5 +112,4 @@ ZROK_SHARE_OPTS="" #ZROK_FRONTENDS="public" # you MAY set to change the frontend mode: reserved-public (default), reserved-private, temp-public, temp-private -# WARNING: changes take effect the next time the frontend URL is reserved #ZROK_FRONTEND_MODE="reserved-public" diff --git a/nfpm/zrok-share.service.override.conf b/nfpm/zrok-share.service.override.conf new file mode 100644 index 00000000..57f4a796 --- /dev/null +++ b/nfpm/zrok-share.service.override.conf @@ -0,0 +1,10 @@ +[Service] + +# +## extra permissions +# + +# allow adding tun device and IP routes and iptables rules; required when ZROK_BACKEND_MODE=vpn +# AmbientCapabilities=CAP_NET_ADMIN + +# you must run 'systemctl daemon-reload' after modifying this file From 4fff1ad0717c16ec99980539816449630bdf920a Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Tue, 25 Jun 2024 15:46:41 -0400 Subject: [PATCH 04/14] clarify env --- nfpm/zrok-share.env | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/nfpm/zrok-share.env b/nfpm/zrok-share.env index 7d439682..546fd26f 100644 --- a/nfpm/zrok-share.env +++ b/nfpm/zrok-share.env @@ -17,7 +17,7 @@ ZROK_ENABLE_TOKEN="" # ZROK_ENVIRONMENT_NAME="" -# You MUST set this if not using the default zrok.io API endpoint +# You MUST set this if not using the default API endpoint #ZROK_API_ENDPOINT="https://api.zrok.io" # @@ -29,52 +29,45 @@ ZROK_ENVIRONMENT_NAME="" # WARNING. You may delete /var/lib/zrok-share/.zrok/reserved.json and restart the service to provision a new frontend URL. # -## BACKEND MODES THAT WORK WITH PUBLIC OR PRIVATE SHARES (HTTP) +## BACKEND MODES THAT WORK WITH PUBLIC AND PRIVATE HTTP SHARES # # backend-mode "proxy" (default): share a backend web server URL that's reachable by this host; must begin with 'http://' or # 'https://'; must accept the HOST header of the proxy frontend. Check out backend mode "caddy" if you need more control. -ZROK_TARGET="" # e.g., http://127.0.0.1:3000 ZROK_BACKEND_MODE="proxy" +ZROK_TARGET="" # e.g., http://127.0.0.1:3000 # if defined, an https share's backend server certificate will not be verified with backend-mode 'proxy' # NOTE: changing this value does not require provisioning a new frontend URL #ZROK_INSECURE="--insecure" # backend-mode "web": run a web server and share a static HTML directory that's present on this host. Must be an # absolute path to a directory that is readable by 'other' -#ZROK_TARGET="/var/www/html" #ZROK_BACKEND_MODE="web" +#ZROK_TARGET="/var/www/html" # backend-mode "drive": run a WebDAV file server sharing a directory that's present on this host. Must be an absolute # path to a directory that is readable by 'other' -#ZROK_TARGET="/usr/share/doc" #ZROK_BACKEND_MODE="drive" +#ZROK_TARGET="/usr/share/doc" # backend-mode "caddy": run an embedded Caddy server configured by the supplied Caddyfile. Must be an absolute path that # is readable by 'other'. -#ZROK_TARGET="/opt/openziti/etc/zrok/multiple_upstream.Caddyfile" #ZROK_BACKEND_MODE="caddy" - -# DEBUG log level -# NOTE: changing this value does not require provisioning a new frontend URL -#ZROK_VERBOSE="--verbose" - -# you MAY set additional command-line options for the share; see "zrok reserve public --help" for hints -# WARNING: changes take effect the next time the frontend URL is reserved -# NOTE: basic auth and oauth are mutually exclusive -ZROK_SHARE_OPTS="" +#ZROK_TARGET="/opt/openziti/etc/zrok/multiple_upstream.Caddyfile" # ## BACKEND MODES THAT ONLY WORK WITH PRIVATE SHARES # +# you MUST set ZROK_FRONTEND_MODE to 'reserved-private' or 'temp-private' to use private share backend modes + #ZROK_BACKEND_MODE="tcpTunnel" #ZROK_TARGET="127.0.0.1:25565" #ZROK_BACKEND_MODE="udpTunnel" #ZROK_TARGET="127.0.0.1:53" -# you must grant NET_ADMIN capability to the service to enable vpn mode, e.g., run these two commands: +# you MUST grant NET_ADMIN capability to the service to enable vpn mode, e.g., run these two commands: # sed -Ei 's/.*AmbientCapabilities=CAP_NET_ADMIN/AmbientCapabilities=CAP_NET_ADMIN/' /etc/systemd/system/zrok-share.service.d/override.conf # systemctl daemon-reload #ZROK_BACKEND_MODE="vpn" @@ -113,3 +106,14 @@ ZROK_SHARE_OPTS="" # you MAY set to change the frontend mode: reserved-public (default), reserved-private, temp-public, temp-private #ZROK_FRONTEND_MODE="reserved-public" + +# +## OPTIONS +# + +# DEBUG log level +# NOTE: changing this value does not require provisioning a new frontend URL +#ZROK_VERBOSE="--verbose" + +# you MAY set additional command-line options for the share; see "zrok reserve public --help" for hints +ZROK_SHARE_OPTS="" From b50cbe8939a3e023e61cc8945c3bcd0ef9053381 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 15:32:58 -0400 Subject: [PATCH 05/14] stop using old node actions; build with Go distribution version from go.mod --- .github/workflows/build-wheels.yml | 4 +- .github/workflows/ci-build.yml | 12 +-- .github/workflows/deploy-doc-site.yml | 4 +- .github/workflows/publish-docker-images.yml | 2 +- .github/workflows/release.yml | 93 +++++++++++---------- 5 files changed, 61 insertions(+), 54 deletions(-) diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index 1d5009cc..f17b2d81 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -20,7 +20,7 @@ jobs: runs-on: ${{ matrix.spec.runner }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -39,7 +39,7 @@ jobs: run: | python setup.py sdist - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: startsWith(matrix.spec.name, 'linux') with: name: zrok_sdk diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 18fe8e36..df317336 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -19,15 +19,15 @@ jobs: name: Build Linux AMD64 CLI runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: setup-go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: - go-version: '>=1.21.3' + go-version-file: ./go.mod - name: setup-node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 18.x @@ -72,7 +72,7 @@ jobs: echo go_bin="$(go env GOPATH)/bin" >> $GITHUB_OUTPUT - name: upload build artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: linux-amd64 path: ${{ steps.solve_go_bin.outputs.go_bin }}/zrok @@ -92,7 +92,7 @@ jobs: echo branch_tag=$(sed 's/[^a-z0-9_-]/__/gi' <<< "${GITHUB_REF#refs/heads/}") >> $GITHUB_OUTPUT - name: Checkout Workspace - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download Branch Build Artifact uses: actions/download-artifact@v3 diff --git a/.github/workflows/deploy-doc-site.yml b/.github/workflows/deploy-doc-site.yml index 7b0d81cd..a97d37c9 100644 --- a/.github/workflows/deploy-doc-site.yml +++ b/.github/workflows/deploy-doc-site.yml @@ -14,9 +14,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 name: setup npm with: node-version: 18 diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml index 4471dcf0..4966d7b8 100644 --- a/.github/workflows/publish-docker-images.yml +++ b/.github/workflows/publish-docker-images.yml @@ -27,7 +27,7 @@ jobs: echo "zrok_semver=${zrok_semver#v}" | tee -a $GITHUB_OUTPUT - name: Checkout Workspace - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Create the Release Arch Dirs run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6900a13b..7392ac97 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,18 +21,18 @@ jobs: - run: sudo apt update - run: sudo apt-get install gcc-multilib g++-multilib - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - run: git fetch --force --tags - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: '>=1.21.3' + go-version-file: ./go.mod cache: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 18.x @@ -52,13 +52,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: - name: release-builds + name: release-builds-linux-amd64 path: ./dist/*.gz - name: Configure jFrog CLI - uses: jfrog/setup-jfrog-cli@v3 + uses: jfrog/setup-jfrog-cli@v4 with: version: ${{ env.JFROG_CLI_VERSION }} env: @@ -91,18 +91,18 @@ jobs: - run: sudo apt update - run: sudo apt-get install gcc-aarch64-linux-gnu - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - run: git fetch --force --tags - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: '>=1.21.3' + go-version-file: ./go.mod cache: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 18.x @@ -114,7 +114,7 @@ jobs: env: CI: "true" - - uses: goreleaser/goreleaser-action@v2 + - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: latest @@ -122,13 +122,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: - name: release-builds + name: release-builds-linux-arm64 path: ./dist/*.gz - name: Configure jFrog CLI - uses: jfrog/setup-jfrog-cli@v3 + uses: jfrog/setup-jfrog-cli@v4 with: version: ${{ env.JFROG_CLI_VERSION }} env: @@ -161,18 +161,18 @@ jobs: - run: sudo apt update - run: sudo apt-get install gcc-arm-linux-gnueabi - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - run: git fetch --force --tags - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: '>=1.21.3' + go-version-file: ./go.mod cache: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 18.x @@ -184,7 +184,7 @@ jobs: env: CI: "true" - - uses: goreleaser/goreleaser-action@v2 + - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: latest @@ -192,13 +192,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: - name: release-builds + name: release-builds-linux-arm path: ./dist/*.gz - name: Configure jFrog CLI - uses: jfrog/setup-jfrog-cli@v3 + uses: jfrog/setup-jfrog-cli@v4 with: version: ${{ env.JFROG_CLI_VERSION }} env: @@ -235,18 +235,18 @@ jobs: p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - run: git fetch --force --tags - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: '>=1.21.3' + go-version-file: ./go.mod cache: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 18.x @@ -258,7 +258,7 @@ jobs: env: CI: "true" - - uses: goreleaser/goreleaser-action@v2 + - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: latest @@ -268,9 +268,9 @@ jobs: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: - name: release-builds + name: release-builds-darwin path: ./dist/*.gz build-windows: @@ -280,18 +280,18 @@ jobs: - run: sudo apt update - run: sudo apt-get install gcc-mingw-w64-x86-64 - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - run: git fetch --force --tags - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: '>=1.21.3' + go-version-file: ./go.mod cache: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: 18.x @@ -303,7 +303,7 @@ jobs: env: CI: "true" - - uses: goreleaser/goreleaser-action@v2 + - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: latest @@ -311,32 +311,39 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: - name: release-builds + name: release-builds-windows path: ./dist/*.gz publish-release: # allow skipped but not failed if: ${{ !cancelled() - && (needs.build-linux-amd64.result == 'success' || needs.build-linux-amd64.result == 'skipped') - && (needs.build-linux-arm.result == 'success' || needs.build-linux-amd.result == 'skipped') - && (needs.build-linux-arm64.result == 'success' || needs.build-linux-amd64.result == 'skipped') + && (needs.build-linux-amd64.result == 'success') + && (needs.build-linux-arm.result == 'success') + && (needs.build-linux-arm64.result == 'success') && (needs.build-darwin.result == 'success' || needs.build-darwin.result == 'skipped') && (needs.build-windows.result == 'success' || needs.build-windows.result == 'skipped') }} - needs: [build-linux-amd64, build-linux-arm, build-linux-arm64, build-darwin, build-windows] + needs: + - build-linux-amd64 + - build-linux-arm + - build-linux-arm64 + - build-darwin + - build-windows runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - run: | mkdir -p ./automated-release-build - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: path: ./automated-release-build + merge-multiple: true + pattern: release-builds-* - run: | mv ./automated-release-build/release-builds/* ./automated-release-build/ From 5403dcf8389e2caf8d5fd4625ed8f8ad4ffbeb50 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 16:13:40 -0400 Subject: [PATCH 06/14] correct download merge path --- .github/workflows/release.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7392ac97..16901caa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -346,8 +346,7 @@ jobs: pattern: release-builds-* - run: | - mv ./automated-release-build/release-builds/* ./automated-release-build/ - rm -rf ./automated-release-build/release-builds + ls -lAR ./automated-release-build/ shasum ./automated-release-build/* > ./automated-release-build/checksums.txt - uses: goreleaser/goreleaser-action@v3 From 43770b358f66bda83b623b2ace352cc46b6f52f4 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 16:16:57 -0400 Subject: [PATCH 07/14] stop using deprecated set-output directive --- .github/workflows/node-sdk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/node-sdk.yml b/.github/workflows/node-sdk.yml index 064063a7..0599c8a0 100644 --- a/.github/workflows/node-sdk.yml +++ b/.github/workflows/node-sdk.yml @@ -38,7 +38,7 @@ jobs: - name: Get current zrok repo tag id: tag - run: echo ::set-output name=TAG::$(git describe --tags --abbrev=0) + run: echo "TAG=$(git describe --tags --abbrev=0)" | tee -a $GITHUB_OUTPUT - name: Update zrok NodeJS-SDK's package.json version based on current zrok repo git tag if: github.ref_type == 'tag' From bac0eecb957d09542d65f553ec0c519d460f61ee Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 16:51:29 -0400 Subject: [PATCH 08/14] glob match goreleaser artifact name with prefix zrok* --- .github/workflows/publish-docker-images.yml | 14 +++++++------- .github/workflows/release.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml index 4966d7b8..0f3f0f3e 100644 --- a/.github/workflows/publish-docker-images.yml +++ b/.github/workflows/publish-docker-images.yml @@ -36,17 +36,17 @@ jobs: done - name: Download Linux AMD64 Release Artifact - uses: dsaltares/fetch-gh-release-asset@master + uses: dsaltares/fetch-gh-release-asset@1.1.2 with: version: tags/v${{ steps.semver.outputs.zrok_semver }} - file: zrok_${{ steps.semver.outputs.zrok_semver }}_linux_amd64.tar.gz + file: zrok*_${{ steps.semver.outputs.zrok_semver }}_linux_amd64.tar.gz target: dist/amd64/linux/zrok_${{ steps.semver.outputs.zrok_semver }}_linux_amd64.tar.gz - name: Download Linux ARM64 Release Artifact - uses: dsaltares/fetch-gh-release-asset@master + uses: dsaltares/fetch-gh-release-asset@1.1.2 with: version: tags/v${{ steps.semver.outputs.zrok_semver }} - file: zrok_${{ steps.semver.outputs.zrok_semver }}_linux_arm64.tar.gz + file: zrok*_${{ steps.semver.outputs.zrok_semver }}_linux_arm64.tar.gz target: dist/arm64/linux/zrok_${{ steps.semver.outputs.zrok_semver }}_linux_arm64.tar.gz - name: Unpack the Release Artifacts @@ -56,16 +56,16 @@ jobs: done - name: Set Up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: amd64,arm64 - name: Set Up Docker BuildKit id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }} password: ${{ secrets.DOCKER_HUB_API_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 16901caa..9fcf4cf2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -349,7 +349,7 @@ jobs: ls -lAR ./automated-release-build/ shasum ./automated-release-build/* > ./automated-release-build/checksums.txt - - uses: goreleaser/goreleaser-action@v3 + - uses: goreleaser/goreleaser-action@v6 with: args: release --config .goreleaser-release.yml env: From cf7f8d5e54f7ddd4d3391e59703ec194774cab7f Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 17:27:42 -0400 Subject: [PATCH 09/14] adopt upload/download breaking changes in Py wheel build on release publish --- .github/workflows/build-wheels.yml | 14 ++++++++------ .github/workflows/ci-build.yml | 8 ++++---- .github/workflows/node-sdk.yml | 2 +- .github/workflows/publish-docker-images.yml | 15 ++++++++------- 4 files changed, 21 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index f17b2d81..567f7046 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -25,7 +25,7 @@ jobs: fetch-depth: 0 - name: Setup Python - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: '3.x' @@ -42,7 +42,7 @@ jobs: - uses: actions/upload-artifact@v4 if: startsWith(matrix.spec.name, 'linux') with: - name: zrok_sdk + name: zrok_sdk_${{ matrix.spec.target }} path: ${{ github.workspace }}/sdk/python/sdk/zrok/dist/* publish: @@ -52,15 +52,17 @@ jobs: id-token: write steps: - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: - path: download + path: ./download + merge-multiple: true + pattern: zrok_sdk_* - name: check run: | - ls -lR download + ls -lR ./download/ mkdir dist - cp download/*/* dist + cp ./download/*/* ./dist/ - name: Publish wheels (TestPYPI) uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index df317336..9f1569a1 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -95,22 +95,22 @@ jobs: uses: actions/checkout@v4 - name: Download Branch Build Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: linux-amd64 path: ./dist/amd64/linux/ - name: Set Up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: amd64,arm64 - name: Set Up Docker BuildKit id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }} password: ${{ secrets.DOCKER_HUB_API_TOKEN }} diff --git a/.github/workflows/node-sdk.yml b/.github/workflows/node-sdk.yml index 0599c8a0..ae1b9254 100644 --- a/.github/workflows/node-sdk.yml +++ b/.github/workflows/node-sdk.yml @@ -49,7 +49,7 @@ jobs: - name: Setup .npmrc if: github.ref_type == 'tag' # Setup .npmrc file to prepare for possible publish to npm - uses: actions/setup-node@v1 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml index 0f3f0f3e..fdabfc14 100644 --- a/.github/workflows/publish-docker-images.yml +++ b/.github/workflows/publish-docker-images.yml @@ -39,20 +39,20 @@ jobs: uses: dsaltares/fetch-gh-release-asset@1.1.2 with: version: tags/v${{ steps.semver.outputs.zrok_semver }} - file: zrok*_${{ steps.semver.outputs.zrok_semver }}_linux_amd64.tar.gz - target: dist/amd64/linux/zrok_${{ steps.semver.outputs.zrok_semver }}_linux_amd64.tar.gz + file: zrok*_linux_amd64.tar.gz + target: dist/amd64/linux/zrok_linux_amd64.tar.gz - name: Download Linux ARM64 Release Artifact uses: dsaltares/fetch-gh-release-asset@1.1.2 with: version: tags/v${{ steps.semver.outputs.zrok_semver }} - file: zrok*_${{ steps.semver.outputs.zrok_semver }}_linux_arm64.tar.gz - target: dist/arm64/linux/zrok_${{ steps.semver.outputs.zrok_semver }}_linux_arm64.tar.gz + file: zrok*_linux_arm64.tar.gz + target: dist/arm64/linux/zrok_linux_arm64.tar.gz - name: Unpack the Release Artifacts run: | for TGZ in dist/{amd,arm}64/linux; do - tar -xvzf ${TGZ}/zrok_*.tar.gz -C ${TGZ} + tar -xvzf ${TGZ}/*.tar.gz -C ${TGZ} done - name: Set Up QEMU @@ -76,8 +76,9 @@ jobs: ZROK_CONTAINER_IMAGE_TAG: ${{ steps.semver.outputs.zrok_semver }} id: tagprep_cli run: | - echo DOCKER_TAGS="${ZROK_CONTAINER_IMAGE_REPO}:${ZROK_CONTAINER_IMAGE_TAG},${ZROK_CONTAINER_IMAGE_REPO}:latest" \ - | tee -a $GITHUB_OUTPUT + DOCKER_TAGS="${ZROK_CONTAINER_IMAGE_REPO}:${ZROK_CONTAINER_IMAGE_TAG}" + DOCKER_TAGS+=",${ZROK_CONTAINER_IMAGE_REPO}:latest" + echo "DOCKER_TAGS=${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT # this is the CLI image with the Linux binary for each # arch that was downloaded in ./dist/ From f2bf7ed2a20af039f3892b3761e1e856f4d9719c Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 17:44:20 -0400 Subject: [PATCH 10/14] fix Py wheel dir; fix regex; --- .github/workflows/build-wheels.yml | 2 +- .github/workflows/publish-docker-images.yml | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index 567f7046..c17248d2 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -62,7 +62,7 @@ jobs: run: | ls -lR ./download/ mkdir dist - cp ./download/*/* ./dist/ + cp ./download/* ./dist/ - name: Publish wheels (TestPYPI) uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml index fdabfc14..937c2884 100644 --- a/.github/workflows/publish-docker-images.yml +++ b/.github/workflows/publish-docker-images.yml @@ -39,14 +39,16 @@ jobs: uses: dsaltares/fetch-gh-release-asset@1.1.2 with: version: tags/v${{ steps.semver.outputs.zrok_semver }} - file: zrok*_linux_amd64.tar.gz + file: zrok.*_linux_amd64.tar.gz + regex: true target: dist/amd64/linux/zrok_linux_amd64.tar.gz - name: Download Linux ARM64 Release Artifact uses: dsaltares/fetch-gh-release-asset@1.1.2 with: version: tags/v${{ steps.semver.outputs.zrok_semver }} - file: zrok*_linux_arm64.tar.gz + file: zrok.*_linux_arm64.tar.gz + regex: true target: dist/arm64/linux/zrok_linux_arm64.tar.gz - name: Unpack the Release Artifacts From c8ae24eab99ad356f68a9f4f6857abbc7994300e Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 17:57:03 -0400 Subject: [PATCH 11/14] stop using deprecated macos-11 runner --- .github/workflows/build-wheels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml index c17248d2..b27d5e01 100644 --- a/.github/workflows/build-wheels.yml +++ b/.github/workflows/build-wheels.yml @@ -14,7 +14,7 @@ jobs: matrix: spec: - { name: 'linux x86_64', runner: ubuntu-20.04, target: manylinux_2_27_x86_64 } - - { name: 'macOS x86_64', runner: macos-11, target: macosx_10_14_x86_64 } + - { name: 'macOS x86_64', runner: macos-12, target: macosx_10_14_x86_64 } - { name: 'Windows x86_64', runner: windows-2019, target: win_amd64 } name: building ${{ matrix.spec.name }} runs-on: ${{ matrix.spec.runner }} From ca7a5049a120977546f57b3eafa7fd3d6938256b Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 26 Jun 2024 18:04:27 -0400 Subject: [PATCH 12/14] changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b46c554d..2d6cc2e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ FIX: Fix for mixing limited and unlimited (-1) resource counts in the limits system (https://github.com/openziti/zrok/issues/680) +CHANGE: bump many GitHub Actions that were using deprecated distributions of Node.js +CHANGE: bump macOS runner for Node SDK from macos-11 to macos-12 + ## v0.4.33 FIX: Fix for log message in `Agent.CanAccessShare` (`"account '#%d' over frontends per share limit '%d'"`), which was not returning the correct limit value. From a65ae0e7abbfbd8840f2c7d4866afda7cfa94bf1 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 27 Jun 2024 11:36:27 -0400 Subject: [PATCH 13/14] pin goreleaser major version --- .github/workflows/release.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9fcf4cf2..ba86e0b9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,10 +44,10 @@ jobs: env: CI: "true" - - uses: goreleaser/goreleaser-action@v5 + - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser - version: latest + version: '~> v2' args: release --skip=publish --config .goreleaser-linux.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -117,7 +117,7 @@ jobs: - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser - version: latest + version: '~> v2' args: release --skip=publish --config .goreleaser-linux-arm64.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -187,7 +187,7 @@ jobs: - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser - version: latest + version: '~> v2' args: release --skip=publish --config .goreleaser-linux-armhf.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -261,7 +261,7 @@ jobs: - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser - version: latest + version: '~> v2' args: release --skip=publish --config .goreleaser-darwin.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -306,7 +306,7 @@ jobs: - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser - version: latest + version: '~> v2' args: release --skip=publish --config .goreleaser-windows.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -351,6 +351,8 @@ jobs: - uses: goreleaser/goreleaser-action@v6 with: + distribution: goreleaser + version: '~> v2' args: release --config .goreleaser-release.yml env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 21253bad27575a8ad7e3a6b6130d0ed63c45e92a Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 27 Jun 2024 11:43:03 -0400 Subject: [PATCH 14/14] announce in changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b46c554d..c08e38ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ FIX: Fix for mixing limited and unlimited (-1) resource counts in the limits system (https://github.com/openziti/zrok/issues/680) +FEATURE: Linux service support for all private share modes (contribution from Stefan Adelbert @stefanadelbert) + ## v0.4.33 FIX: Fix for log message in `Agent.CanAccessShare` (`"account '#%d' over frontends per share limit '%d'"`), which was not returning the correct limit value.