1
0
mirror of https://github.com/google/nomulus synced 2026-06-09 16:33:02 +00:00

Compare commits

..

2 Commits

Author SHA1 Message Date
Weimin Yu 409a7ba66f Change language and bytecode levels to Java 25 (#3009)
Release/Build tested in alpha.

Deployed in crash.
2026-04-15 16:34:52 +00:00
Weimin Yu e85f48beba Fix urs command after DomainUpdateFlow change (#3008)
PR 2930 forbids adding statuses that already exist on a domain.
This PR updates the uniform_rapid_suspension command to conform.

PR 2930 also forbids removing non-existent statuses, but it does
not apply to this command.
2026-04-13 20:52:29 +00:00
10 changed files with 106 additions and 18 deletions
+1 -1
View File
@@ -20,6 +20,6 @@ jobs:
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
java-version: '25'
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v3
+6 -4
View File
@@ -359,11 +359,13 @@ subprojects {
// search for `flex-template-base-image` and update the parameter value.
// There are at least two instances, one in core/build.gradle, one in
// release/stage_beam_pipeline.sh
// Also need to change:
// - base images in Dockerfiles under core, jetty, and proxy.
// - Java installation command in the builder image under release.
// - cloudbuild-release.yaml under release.
java {
// TODO(b/457758757): change to V_25 once Java in all environments are
// upgraded.
sourceCompatibility = JavaVersion.VERSION_21
targetCompatibility = JavaVersion.VERSION_21
sourceCompatibility = JavaVersion.VERSION_25
targetCompatibility = JavaVersion.VERSION_25
}
project.tasks.test.dependsOn runPresubmits
+5 -1
View File
@@ -383,6 +383,7 @@ task soyToJava {
project.services.get(ExecOperations).javaexec {
mainClass = "com.google.template.soy.SoyParseInfoGenerator"
classpath = configurations.soy
jvmArgs = ["--sun-misc-unsafe-memory-access=allow", "--enable-native-access=ALL-UNNAMED"]
args = ["--javaPackage", "${javaPackage}",
"--outputDirectory", "${outputDirectory}",
"--javaClassNameSource", "filename",
@@ -438,7 +439,7 @@ artifacts {
task findGoldenImages(type: JavaExec) {
classpath = sourceSets.test.runtimeClasspath
mainClass = 'google.registry.webdriver.GoldenImageFinder'
jvmArgs "--sun-misc-unsafe-memory-access=allow"
def arguments = []
arguments << "--screenshots_for_goldens_dir=${screenshotsForGoldensDir}"
arguments << "--new_goldens_dir=${newGoldensDir}"
@@ -489,6 +490,7 @@ ext.createToolTask = {
project.tasks.create(taskName, JavaExec) {
classpath = sourceSet.runtimeClasspath
mainClass = mainClassName
jvmArgs "--sun-misc-unsafe-memory-access=allow", "--enable-native-access=ALL-UNNAMED"
doFirst {
getToolArgsList().ifPresent {
@@ -506,6 +508,7 @@ createToolTask(
project.tasks.create('generateSqlSchema', JavaExec) {
classpath = sourceSets.nonprod.runtimeClasspath
mainClass = 'google.registry.tools.DevTool'
jvmArgs "--sun-misc-unsafe-memory-access=allow"
args = [
'-e', 'alpha',
'generate_sql_schema', '--start_postgresql', '-o',
@@ -664,6 +667,7 @@ artifacts {
task runTestServer(type: JavaExec) {
mainClass = 'google.registry.server.RegistryTestServerMain'
classpath = sourceSets.test.runtimeClasspath
jvmArgs "--sun-misc-unsafe-memory-access=allow"
dependsOn(rootProject.project('console-webapp').tasks.named('buildConsoleWebapp'))
}
@@ -146,7 +146,7 @@ final class UniformRapidSuspensionCommand extends MutatingEppToolCommand {
? ImmutableSet.of(StatusValue.CLIENT_HOLD.getXmlName())
: ImmutableSet.of();
} else {
statusesToApply = URS_LOCKS;
statusesToApply = ImmutableSet.copyOf(difference(URS_LOCKS, existingLocks));
}
// trigger renew flow
@@ -94,6 +94,34 @@ class UniformRapidSuspensionCommandTest
assertNotInStdout("--restore_client_hold");
}
@Test
void testCommand_respectExistingStatuses() throws Exception {
persistDomainWithHosts(
defaultDomain
.asBuilder()
.addStatusValues(ImmutableSet.of(StatusValue.SERVER_DELETE_PROHIBITED))
.build(),
defaultDsData,
ns1,
ns2);
runCommandForced(
"--domain_name=evil.tld",
"--hosts=urs1.example.com,urs2.example.com",
"--dsdata=1 1 1 A94A8FE5CCB19BA61C4C0873D391E987982FBBD3",
"--renew_one_year=false");
eppVerifier
.expectRegistrarId("CharlestonRoad")
.expectSuperuser()
.verifySent("uniform_rapid_suspension_with_forbid_delete.xml")
.verifyNoMoreSent();
assertInStdout("uniform_rapid_suspension --undo");
assertInStdout("--domain_name evil.tld");
assertInStdout("--hosts ns1.example.com,ns2.example.com");
assertInStdout("--dsdata 1 2 3 DEAD,4 5 6 BEEF");
assertInStdout("--locks_to_preserve serverDeleteProhibited");
assertNotInStdout("--restore_client_hold");
}
@Test
void testCommand_respectsExistingHost() throws Exception {
persistDomainWithHosts(defaultDomain, defaultDsData, urs2, ns1);
@@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<update>
<domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>evil.tld</domain:name>
<domain:add>
<domain:ns>
<domain:hostObj>urs1.example.com</domain:hostObj>
<domain:hostObj>urs2.example.com</domain:hostObj>
</domain:ns>
<domain:status s="serverTransferProhibited" />
<domain:status s="serverUpdateProhibited" />
</domain:add>
<domain:rem>
<domain:ns>
<domain:hostObj>ns2.example.com</domain:hostObj>
<domain:hostObj>ns1.example.com</domain:hostObj>
</domain:ns>
</domain:rem>
</domain:update>
</update>
<extension>
<secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
<secDNS:rem>
<secDNS:all>true</secDNS:all>
</secDNS:rem>
<secDNS:add>
<secDNS:dsData>
<secDNS:keyTag>1</secDNS:keyTag>
<secDNS:alg>1</secDNS:alg>
<secDNS:digestType>1</secDNS:digestType>
<secDNS:digest>A94A8FE5CCB19BA61C4C0873D391E987982FBBD3</secDNS:digest>
</secDNS:dsData>
</secDNS:add>
</secDNS:update>
<superuser:domainUpdate xmlns:superuser="urn:google:params:xml:ns:superuser-1.0">
<superuser:autorenews>false</superuser:autorenews>
</superuser:domainUpdate>
<metadata:metadata xmlns:metadata="urn:google:params:xml:ns:metadata-1.0">
<metadata:reason>Uniform Rapid Suspension</metadata:reason>
<metadata:requestedByRegistrar>false</metadata:requestedByRegistrar>
</metadata:metadata>
</extension>
<clTRID>RegistryTool</clTRID>
</command>
</epp>
+1
View File
@@ -88,6 +88,7 @@ test {
// A typical use case is to run tests from desktop that accesses Cloud resources.
tasks.withType(Test).configureEach {
maxHeapSize = "4096m"
jvmArgs "--sun-misc-unsafe-memory-access=allow", "--enable-native-access=ALL-UNNAMED"
def gcp_integration_env_property = 'test.gcp_integration.env'
if (project.hasProperty(gcp_integration_env_property)) {
+7 -2
View File
@@ -1,10 +1,15 @@
FROM jetty:12-jdk21
FROM jetty:12-jdk25
ADD --chown=jetty:jetty build/jetty-base /jetty-base
ADD --chown=jetty:jetty start.sh /
ADD --chown=jetty:jetty logging.properties /
USER root
# wget is not installed by default in :12-jdk25
RUN apt-get update && \
apt-get install -y wget && \
rm -rf /var/lib/apt/lists/*
# Create a directory, download and extract the Cloud Profiler agent, version locked to "cloud-profiler-java-agent_20241028_RC00.tar.gz".
RUN mkdir -p /opt/cprof && \
wget -q -O- https://storage.googleapis.com/cloud-profiler/java/cloud-profiler-java-agent_20241028_RC00.tar.gz\
@@ -14,6 +19,6 @@ RUN mkdir -p /opt/cprof && \
USER jetty
EXPOSE 8080
# jetty:12-jdk21 has bash. We can afford the extra 200M in image size over
# jetty:12-jdk25 has bash. We can afford the extra 200M in image size over
# the -alpine flavor.
ENTRYPOINT ["/bin/bash", "/start.sh"]
+1
View File
@@ -85,6 +85,7 @@ tasks.register('run', JavaExec) {
}
def jetty_home = System.getenv('JETTY_HOME')
def environment = rootProject.environment
jvmArgs "--sun-misc-unsafe-memory-access=allow", "--enable-native-access=ALL-UNNAMED"
workingDir(layout.buildDirectory.dir('jetty-base'))
classpath = files(jetty_home + '/start.jar')
systemProperty('google.registry.environment', environment)
+9 -9
View File
@@ -67,14 +67,14 @@ steps:
docker tag gcr.io/${PROJECT_ID}/builder:${TAG_NAME} gcr.io/${PROJECT_ID}/builder:latest
docker push gcr.io/${PROJECT_ID}/builder:${TAG_NAME}
docker push gcr.io/${PROJECT_ID}/builder:latest
docker pull jetty:12-jdk21
docker tag jetty:12-jdk21 gcr.io/${PROJECT_ID}/jetty:${TAG_NAME}
docker tag jetty:12-jdk21 gcr.io/${PROJECT_ID}/jetty:latest
docker pull jetty:12-jdk25
docker tag jetty:12-jdk25 gcr.io/${PROJECT_ID}/jetty:${TAG_NAME}
docker tag jetty:12-jdk25 gcr.io/${PROJECT_ID}/jetty:latest
docker push gcr.io/${PROJECT_ID}/jetty:${TAG_NAME}
docker push gcr.io/${PROJECT_ID}/jetty:latest
docker pull eclipse-temurin:21
docker tag eclipse-temurin:21 gcr.io/${PROJECT_ID}/temurin:${TAG_NAME}
docker tag eclipse-temurin:21 gcr.io/${PROJECT_ID}/temurin:latest
docker pull eclipse-temurin:25
docker tag eclipse-temurin:25 gcr.io/${PROJECT_ID}/temurin:${TAG_NAME}
docker tag eclipse-temurin:25 gcr.io/${PROJECT_ID}/temurin:latest
docker push gcr.io/${PROJECT_ID}/temurin:${TAG_NAME}
docker push gcr.io/${PROJECT_ID}/temurin:latest
dir: 'release/builder/'
@@ -91,9 +91,9 @@ steps:
--format='get(digest)' --filter='tags = ${TAG_NAME}')
temurin_digest=$(gcloud container images list-tags gcr.io/${PROJECT_ID}/temurin \
--format='get(digest)' --filter='tags = ${TAG_NAME}')
sed -i s%eclipse-temurin:21%gcr.io/${PROJECT_ID}/temurin@$temurin_digest%g proxy/Dockerfile
sed -i s%eclipse-temurin:21%gcr.io/${PROJECT_ID}/temurin@$temurin_digest%g core/Dockerfile
sed -i s%jetty:12-jdk21%gcr.io/${PROJECT_ID}/jetty@$jetty_digest%g jetty/Dockerfile
sed -i s%eclipse-temurin:25%gcr.io/${PROJECT_ID}/temurin@$temurin_digest%g proxy/Dockerfile
sed -i s%eclipse-temurin:25%gcr.io/${PROJECT_ID}/temurin@$temurin_digest%g core/Dockerfile
sed -i s%jetty:12-jdk25%gcr.io/${PROJECT_ID}/jetty@$jetty_digest%g jetty/Dockerfile
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-proxy.yaml
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-nomulus.yaml
sed -i s/builder:latest/builder@$builder_digest/g release/cloudbuild-deploy-gke.yaml