Merge branch 'main' into pr/tustvold/601

.github/dependabot.yml

@@ -0,0 +1,41 @@
+version: 2
+updates:
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: daily
+
+  - package-ecosystem: cargo
+    directory: /linkerd/addr/fuzz
+    schedule:
+      interval: daily
+
+  - package-ecosystem: cargo
+    directory: /linkerd/app/inbound/fuzz
+    schedule:
+      interval: daily
+
+  - package-ecosystem: cargo
+    directory: /linkerd/dns/fuzz
+    schedule:
+      interval: daily
+
+  - package-ecosystem: cargo
+    directory: /linkerd/proxy/http/fuzz
+    schedule:
+      interval: daily
+
+  - package-ecosystem: cargo
+    directory: /linkerd/tls/fuzz
+    schedule:
+      interval: daily
+
+  - package-ecosystem: cargo
+    directory: /linkerd/transport-header/fuzz
+    schedule:
+      interval: daily
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily

.github/workflows/advisory.yml

@@ -42,8 +42,6 @@ jobs:
       - run: cargo install cargo-fuzz
       # Iterate through all fuzz crates to ensure each compiles independently.
       - run: cd linkerd/${{matrix.dir}}/fuzz && cargo +nightly fuzz build
-      # Error if the repo isn't clean (i.e. because lock files were modified).
-      - run: git status && git diff-index --quiet HEAD
 
   # It's easy to make changes that are innocuous in dev builds that end up ballooning resources
   # needed for release builds. This job builds the proxy in release-mode to ensure the build isn't

.github/workflows/coverage.yml

@@ -0,0 +1,22 @@
+name: Coverage
+
+on:
+  push:
+    branches: [main]
+  pull_request: {}
+
+jobs:
+  test:
+    if: |
+      !startsWith(github.event.pull_request.title, 'build(deps): ')
+    name: codecov
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    container:
+      image: docker://rust:1.52.1-buster
+      options: --security-opt seccomp=unconfined
+    steps:
+    - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+    - run: cargo install cargo-tarpaulin
+    - run: cargo tarpaulin --verbose --workspace --out Xml
+    - uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192

.github/workflows/release.yml

@@ -55,7 +55,7 @@ jobs:
           args: /linkerd/expected-checksec.json "target/${{ matrix.target }}/release/package/linkerd2-proxy-${{ steps.release-tag-meta.outputs.name }}-${{ matrix.architecture }}-checksec.json"
 
       - name: upload artifacts
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3
+        uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074
         with:
           name: ${{ matrix.architecture }}-artifacts
           path: target/${{ matrix.target }}/release/package/*
@@ -86,7 +86,7 @@ jobs:
         run: ls -R artifacts
 
       - name: release
-        uses: softprops/action-gh-release@b7e450da2a4b4cb4bfbae528f788167786cfcedf # v0.1.5
+        uses: softprops/action-gh-release@91409e712cf565ce9eff10c87a8d1b11b81757ae
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.gitignore

@@ -2,3 +2,4 @@ target
 **/target
 **/corpus
 **/artifacts
+**/fuzz/Cargo.lock