From f7fb19fcd00b98455497a6278f37c06cb61d63ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Oct 2023 14:06:34 +0100
Subject: [PATCH 1/3] build(deps): bump distroless/base-nossl-debian12 from
 `54f30b8` to `bad3646` in /ci (#30048)

build(deps): bump distroless/base-nossl-debian12 in /ci

Bumps distroless/base-nossl-debian12 from `54f30b8` to `bad3646`.

---
updated-dependencies:
- dependency-name: distroless/base-nossl-debian12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Ryan Northey <ryan@synca.io>
---
 ci/Dockerfile-envoy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci/Dockerfile-envoy b/ci/Dockerfile-envoy
index 22b7bd33d6..2c663aefa4 100644
--- a/ci/Dockerfile-envoy
+++ b/ci/Dockerfile-envoy
@@ -43,7 +43,7 @@ CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"]
 
 
 # STAGE: envoy-distroless
-FROM gcr.io/distroless/base-nossl-debian12:nonroot@sha256:54f30b80bb6a6b0185deff049fa35cc65d883b641ee655747db97ffd17432e00 AS envoy-distroless
+FROM gcr.io/distroless/base-nossl-debian12:nonroot@sha256:bad36468fcd4e6a96d961eab19ec794be3f86d97da4b75730673d63d8cad336d AS envoy-distroless
 
 COPY --from=binary /usr/local/bin/envoy* /usr/local/bin/
 COPY --from=binary /usr/local/bin/su-exec /usr/local/bin/

From 9b33aa633316b0bc1ec16f447202f0c156a17d67 Mon Sep 17 00:00:00 2001
From: Ryan Northey <ryan@synca.io>
Date: Wed, 11 Oct 2023 13:16:39 +0100
Subject: [PATCH 2/3] ci: Disable coverage

Signed-off-by: Ryan Northey <ryan@synca.io>
---
 .azure-pipelines/pipelines.yml | 39 ++++++++++++----------------------
 1 file changed, 13 insertions(+), 26 deletions(-)

diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml
index 6c03ec2016..58c4bc8486 100644
--- a/.azure-pipelines/pipelines.yml
+++ b/.azure-pipelines/pipelines.yml
@@ -256,34 +256,21 @@ stages:
         repoFetchDepth: $(REPO_FETCH_DEPTH)
         repoFetchTags: $(REPO_FETCH_TAGS)
 
-  - job: coverage
+  - job: complete
     displayName: "linux_x64"
-    dependsOn: []
-    timeoutInMinutes: 180
-    pool: "envoy-x64-large"
-    strategy:
-      maxParallel: 2
-      matrix:
-        coverage:
-          CI_TARGET: "coverage"
-        fuzz_coverage:
-          CI_TARGET: "fuzz_coverage"
+    dependsOn: ["bazel"]
+    pool:
+      vmImage: "ubuntu-20.04"
+    # This condition ensures that this (required) check passes if all of
+    # the preceding checks either pass or are skipped
+    # adapted from:
+    #   https://learn.microsoft.com/en-us/azure/devops/pipelines/process/expressions?view=azure-devops#job-to-job-dependencies-within-one-stage
+    condition: |
+      in(dependencies.bazel.result, 'Succeeded', 'SucceededWithIssues', 'Skipped')
     steps:
-    - template: bazel.yml
-      parameters:
-        managedAgent: false
-        ciTarget: bazel.$(CI_TARGET)
-        rbe: false
-        # /tmp/sandbox_base is a tmpfs in CI environment to optimize large I/O for coverage traces
-        bazelBuildExtraOptions: "--define=no_debug_info=1 --linkopt=-Wl,-s --test_env=ENVOY_IP_TEST_VERSIONS=v4only --sandbox_base=/tmp/sandbox_base"
-
-    - script: ci/run_envoy_docker.sh 'ci/upload_gcs_artifact.sh /source/generated/$(CI_TARGET) $(CI_TARGET)'
-      displayName: "Upload $(CI_TARGET) Report to GCS"
-      env:
-        ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
-        GCP_SERVICE_ACCOUNT_KEY: $(GcpServiceAccountKey)
-        GCS_ARTIFACT_BUCKET: $(GcsArtifactBucket)
-      condition: always()
+    - checkout: none
+    - bash: |
+        echo "checks complete"
 
 - stage: publish
   dependsOn: ["env", "linux_x64", "linux_arm64"]

From 251303c26bf3458915eda35204a4b10bc178c888 Mon Sep 17 00:00:00 2001
From: Ryan Northey <ryan@synca.io>
Date: Wed, 11 Oct 2023 19:05:50 +0100
Subject: [PATCH 3/3] docs/publishing: Remove postsubmit build

Signed-off-by: Ryan Northey <ryan@synca.io>
---
 .azure-pipelines/pipelines.yml | 52 ++++++++++------------------------
 1 file changed, 15 insertions(+), 37 deletions(-)

diff --git a/.azure-pipelines/pipelines.yml b/.azure-pipelines/pipelines.yml
index 58c4bc8486..0feaafc48d 100644
--- a/.azure-pipelines/pipelines.yml
+++ b/.azure-pipelines/pipelines.yml
@@ -366,50 +366,28 @@ stages:
         artifactSuffix: ".arm64"
         bazelBuildExtraOptions: "--sandbox_base=/tmp/sandbox_base"
 
-  - job: docs
-    displayName: Publish docs to netlify
+  - job: success
     dependsOn: ["docker", "package_x64", "package_arm64"]
-    condition: and(succeeded(), eq(variables['PostSubmit'], true), ne(variables['NoSync'], true))
+    displayName: Success (linux artefacts)
     pool:
       vmImage: "ubuntu-20.04"
+    # This condition ensures that this (required) check passes if all of
+    # the preceding checks either pass or are skipped
+    # adapted from:
+    #   https://learn.microsoft.com/en-us/azure/devops/pipelines/process/expressions?view=azure-devops#job-to-job-dependencies-within-one-stage
+    condition: |
+      and(
+        in(dependencies.docker.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'),
+        in(dependencies.package_x64.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'),
+        in(dependencies.package_arm64.result, 'Succeeded', 'SucceededWithIssues', 'Skipped'))
     steps:
-    - task: Cache@2
-      inputs:
-        key: "docs | ./WORKSPACE | **/*.bzl"
-        path: $(Build.StagingDirectory)/repository_cache
-      continueOnError: true
-
-    - script: ci/run_envoy_docker.sh 'ci/do_ci.sh docs'
-      workingDirectory: $(Build.SourcesDirectory)
-      env:
-        ENVOY_RBE: "true"
-        BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --jobs=$(RbeJobs)"
-        AZP_BRANCH: $(Build.SourceBranch)
-        ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
-        BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
-        BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
-        GCP_SERVICE_ACCOUNT_KEY: $(GcpServiceAccountKey)
-      displayName: "Generate docs"
-
-    - script: |
-        ci/run_envoy_docker.sh 'ci/upload_gcs_artifact.sh /source/generated/docs docs'
-      displayName: "Upload Docs to GCS"
-      env:
-        ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
-        GCP_SERVICE_ACCOUNT_KEY: $(GcpServiceAccountKey)
-        GCS_ARTIFACT_BUCKET: $(GcsArtifactBucket)
-      condition: eq(variables['isMain'], 'true')
-
-    - script: docs/publish.sh
-      displayName: "Publish to GitHub"
-      workingDirectory: $(Build.SourcesDirectory)
-      env:
-        AZP_BRANCH: $(Build.SourceBranch)
-        NETLIFY_TRIGGER_URL: $(NetlifyTriggerURL)
+    - checkout: none
+    - bash: |
+        echo "building publishable assets complete"
 
   - job: github
     displayName: Publish release tag
-    dependsOn: ["docs"]
+    dependsOn: ["success"]
     condition: and(succeeded(), eq(variables['PostSubmit'], true), ne(variables['NoSync'], true), eq(variables['isStableBranch'], 'true'), eq(stageDependencies.env.repo.outputs['state.isDev'], 'false'))
     pool:
       vmImage: "ubuntu-20.04"