Merge branch 'main' into ptodev/clarify-use-api

.drone/pipelines/build_images.jsonnet

@@ -32,7 +32,7 @@ local locals = {
         'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD',
         'docker run --rm --privileged multiarch/qemu-user-static --reset -p yes',
         'docker buildx create --name multiarch --driver docker-container --use',
-        'docker buildx build --build-arg="GO_RUNTIME=golang:1.22.1-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image',
+        'docker buildx build --build-arg="GO_RUNTIME=golang:1.22.5-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image',
       ],
     }],
     volumes: [{
@@ -55,7 +55,7 @@ local locals = {
         'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD',
         'docker run --rm --privileged multiarch/qemu-user-static --reset -p yes',
         'docker buildx create --name multiarch --driver docker-container --use',
-        'docker buildx build --build-arg="GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22.1-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image',
+        'docker buildx build --build-arg="GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22.5-bullseye" --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image',
       ],
     }],
     volumes: [{

.github/workflows/check-linux-build-image.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   check-linux-build-image:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -19,19 +19,19 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Create test Linux build image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./build-image
           push: false
           tags: grafana/agent-build-image:latest
           build-args: |
-            GO_RUNTIME=golang:1.22.1-bullseye
+            GO_RUNTIME=golang:1.22.5-bullseye
 
       - name: Create test Linux build image for boring crypto
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: ./build-image
           push: false
           tags: grafana/agent-build-image:latest
           build-args: |
-            GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22.1-bullseye
+            GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22.5-bullseye

.github/workflows/helm-release.yml

@@ -132,7 +132,7 @@ jobs:
       # The tag name in grafana/helm-charts is <package>-<version>, while the
       # tag name for grafana/agent is helm-chart/<version>.
       - name: Make github release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           name: ${{ steps.parse-chart.outputs.packagename }}
           repository: grafana/helm-charts

.github/workflows/helm-test.yml

@@ -71,7 +71,7 @@ jobs:
         run: ct lint --config ./operations/helm/ct.yaml
 
       - name: Create kind cluster
-        uses: helm/kind-action@v1.9.0
+        uses: helm/kind-action@v1.10.0
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Add dependency chart repos

.github/workflows/trivy.yml

@@ -21,12 +21,12 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Build
-    runs-on: "ubuntu-20.04"
+    runs-on: "ubuntu-latest"
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
         with:
           image-ref: 'grafana/agent:main'
           format: 'template'

CHANGELOG.md

@@ -10,6 +10,84 @@ internal API changes are not present.
 Main (unreleased)
 -----------------
 
+v0.43.3 (2024-09-26)
+-------------------------
+
+### Bugfixes
+
+- Windows installer: Don't quote Alloy's binary path in the Windows Registry. (@jkroepke)
+
+v0.43.2 (2024-09-25)
+-------------------------
+
+### Security fixes
+
+- Add quotes to windows service path to prevent path interception attack. [CVE-2024-8996](https://grafana.com/security/security-advisories/cve-2024-8996/) (@wildum)
+
+v0.43.0 (2024-09-11)
+-------------------------
+
+### Bugfixes
+
+- Fix a memory leak which would occur any time `loki.process` had its configuration reloaded. (@ptodev)
+
+- Fix a bug where custom components would not shadow the stdlib. If you have a module whose name conflicts with an stdlib function 
+  and if you use this exact function in your config, then you will need to rename your module. (@wildum)
+
+- Fix an issue where nested import.git config blocks could conflict if they had the same labels. (@wildum)
+
+- Fix an issue where `loki.source.docker` stops collecting logs after a container restart. (@wildum)
+
+### Other changes
+
+- Change the Docker base image for Linux containers to `ubuntu:noble`. (@amontalban)
+
+v0.42.0 (2024-07-24)
+-------------------------
+
+### Security fixes
+
+- Fixes following vulnerabilities (@ptodev)
+  * [GHSA-87m9-rv8p-rgmg](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v)
+  * [CVE-2024-35255](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255)
+  * [CVE-2024-6104](https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027)
+  * [GHSA-mh55-gqvf-xfwm](https://github.com/advisories/GHSA-mh55-gqvf-xfwm)
+  * [CVE-2024-24790](https://avd.aquasec.com/nvd/2024/cve-2024-24790/)
+  * [CVE-2023-45288](https://avd.aquasec.com/nvd/cve-2023-45288)
+  * [CVE-2024-24788](https://avd.aquasec.com/nvd/cve-2024-24788)
+  * [CVE-2024-24789](https://avd.aquasec.com/nvd/cve-2024-24789)
+  * [CVE-2024-24791](https://avd.aquasec.com/nvd/cve-2024-24791)
+
+### Features
+
+- A new `otelcol.exporter.debug` component for printing OTel telemetry from 
+  other `otelcol` components to the console. (@BarunKGP)
+
+### Bugfixes
+
+- Fix an issue which caused the config to be reloaded if a config reload was triggered but the config hasn't changed.
+  The bug only affected the "metrics" and "logs" subsystems in Static mode. (@ptodev)
+
+- Fix a bug in Static mode and Flow which prevented config reloads to work if a Loki `metrics` stage is in the pipeline.
+  This resulted in a "failed to unregister all metrics from previous promtail" message. (@ptodev)
+
+### Enhancements
+
+- Update to Go 1.22.5. (@ptodev)
+
+v0.41.1 (2024-06-07)
+--------------------
+
+### Breaking changes
+
+- Applied OpenTelemetry [CVE-2024-36129](https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v) fixes. (@mattdurham)
+  - Components `otelcol.receiver.otlp`,`otelcol.receiver.zipkin` and `otelcol.receiver.jaeger` setting `max_request_body_size`
+    default changed from unlimited size to `20MiB`.
+
+### Enhancements
+
+- Updated pyroscope to v0.4.6 introducing `symbols_map_size` and `pid_map_size` configuration. (@simonswine)
+
 v0.41.0 (2024-05-31)
 --------------------
 
@@ -41,6 +119,8 @@ v0.41.0 (2024-05-31)
 
 - Added support for `otelcol` configuration conversion in `grafana-agent convert` and `grafana-agent run` commands. (@rfratto, @erikbaranowski, @tpaschalis, @hainenber)
 
+- Prefix Faro measurement values with `value_` to align with the latest Faro cloud receiver updates. (@codecapitano)
+
 - Added support for `static` configuration conversion of the `traces` subsystem. (@erikbaranowski, @wildum)
 
 - Add automatic conversion for `legacy_positions_file` in component `loki.source.file`. (@mattdurham)
@@ -79,6 +159,9 @@ v0.41.0 (2024-05-31)
 
 - Fix a bug where a topic was claimed by the wrong consumer type in `otelcol.receiver.kafka`. (@wildum)
 
+- Update `prometheus.exporter.snowflake` with the [latest](https://github.com/grafana/snowflake-prometheus-exporter) version of the exporter as of May 28, 2024 (@StefanKurek)
+  - Fixes issue where returned `NULL` values from database could cause unexpected errors.
+
 ### Other changes
 
 - Clustering for Grafana Agent in Flow mode has graduated from beta to stable.

build-image/Dockerfile

@@ -4,7 +4,7 @@
 # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set
 # in environment variables.
 
-# NOTE: The GO_RUNTIME is used to switch between the default Google go runtime and mcr.microsoft.com/oss/go/microsoft/golang:1.22.1-bullseye which is a Microsoft
+# NOTE: The GO_RUNTIME is used to switch between the default Google go runtime and mcr.microsoft.com/oss/go/microsoft/golang:1.22.5-bullseye which is a Microsoft
 # fork of go that allows using windows crypto instead of boring crypto. Details at https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips
 ARG GO_RUNTIME=mustoverride
 

build-image/README.md

@@ -3,25 +3,51 @@
 The Grafana Agent build images are used for CI workflows to manage builds of
 Grafana Agent.
 
-There are two images:
+There are three [images][agent-build-image-dockerhub]:
 
-* `grafana/agent-build-image:X.Y.Z` (for building Linux containers)
-* `grafana/agent-build-image:X.Y.Z-windows` (for building Windows containers)
+* `grafana/agent-build-image:X.Y.Z` (for building targeting Linux, including Linux boringcrypto)
+* `grafana/agent-build-image:X.Y.Z-windows` (for builds targeting Windows)
+* `grafana/agent-build-image:X.Y.Z-boringcrypto` (for building targeting Windows boringcrypto)
 
 (Where `X.Y.Z` is replaced with some semantic version, like 0.14.0).
 
-## Pushing new images
+[agent-build-image-dockerhub]:https://hub.docker.com/repository/docker/grafana/agent-build-image/general
 
-Once a commit is merged to main which updates the build-image Dockerfiles, a
-maintainer must push a tag matching the pattern `build-image/vX.Y.Z` to the
-grafana/agent repo. For example, to create version v0.15.0 of the build images,
-a maintainer would push the tag `build-image/v0.15.0`.
+## Creating new images
+
+### Step 1: Update the main branch
+
+Open a PR to update the build images. 
+See [this][example-pr] pull request for an example.
+You need to change the following files:
+ * `build-image/Dockerfile`
+ * `build-image/windows/Dockerfile`
+ * `.drone/drone.yaml`
+ * `.drone/pipelines/build_images.jsonnet`
+ * `.github/workflows/check-linux-build-image.yml`
+
+[example-pr]:https://github.com/grafana/agent/pull/6650/files
+
+### Step 2: Create a Git tag
+
+After the PR is merged to `main`, a maintainer must push a tag matching the pattern 
+`build-image/vX.Y.Z` to the `grafana/agent` repo. 
+For example, to create version `0.41.0` of the build images,
+a maintainer would push the tag `build-image/v0.41.0`:
+
+```
+git checkout main
+git pull
+git tag -s build-image/v0.41.0
+git push origin build-image/v0.41.0
+```
 
 > **NOTE**: The tag name is expected to be prefixed with `v`, but the pushed
-> images have the v prefix removed.
+> images have the `v` prefix removed.
+
+> **NOTE**: The tag name doesn't have to correspond to an Agent version.
 
 Automation will trigger off of this tag being pushed, building and pushing the
 new build images to Docker Hub.
 
 A follow-up commit to use the newly pushed build images must be made.
-

build-image/windows/Dockerfile

@@ -1,4 +1,4 @@
-FROM library/golang:1.22.1-windowsservercore-1809
+FROM library/golang:1.22.5-windowsservercore-1809
 
 SHELL ["powershell", "-command"]
 

cmd/grafana-agent-operator/Dockerfile

@@ -4,7 +4,7 @@
 # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set
 # in environment variables.
 
-FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.40.2 as build
+FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.41.1 as build
 ARG BUILDPLATFORM
 ARG TARGETPLATFORM
 ARG TARGETOS
@@ -22,7 +22,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     RELEASE_BUILD=${RELEASE_BUILD} VERSION=${VERSION} \
     make operator
 
-FROM public.ecr.aws/ubuntu/ubuntu:mantic
+FROM public.ecr.aws/ubuntu/ubuntu:noble
 
 LABEL org.opencontainers.image.source="https://github.com/grafana/agent"
 

cmd/grafana-agent-service/service_test.go

@@ -9,7 +9,6 @@ import (
 	"os/exec"
 	"path/filepath"
 	"runtime"
-	"sync"
 	"testing"
 
 	"github.com/go-kit/log"
@@ -84,7 +83,7 @@ func Test_serviceManager(t *testing.T) {
 	t.Run("can forward to stdout", func(t *testing.T) {
 		listenHost := getListenHost(t)
 
-		var buf syncBuffer
+		var buf util.SyncBuffer
 
 		mgr := newServiceManager(l, serviceManagerConfig{
 			Path:   serviceBinary,
@@ -112,7 +111,7 @@ func Test_serviceManager(t *testing.T) {
 	t.Run("can forward to stderr", func(t *testing.T) {
 		listenHost := getListenHost(t)
 
-		var buf syncBuffer
+		var buf util.SyncBuffer
 
 		mgr := newServiceManager(l, serviceManagerConfig{
 			Path:   serviceBinary,
@@ -186,24 +185,3 @@ func makeServiceRequest(host string, path string, body []byte) ([]byte, error) {
 	}
 	return io.ReadAll(resp.Body)
 }
-
-// syncBuffer wraps around a bytes.Buffer and makes it safe to use from
-// multiple goroutines.
-type syncBuffer struct {
-	mut sync.RWMutex
-	buf bytes.Buffer
-}
-
-func (sb *syncBuffer) Bytes() []byte {
-	sb.mut.RLock()
-	defer sb.mut.RUnlock()
-
-	return sb.buf.Bytes()
-}
-
-func (sb *syncBuffer) Write(p []byte) (n int, err error) {
-	sb.mut.Lock()
-	defer sb.mut.Unlock()
-
-	return sb.buf.Write(p)
-}

cmd/grafana-agent/Dockerfile

@@ -4,7 +4,7 @@
 # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set
 # in environment variables.
 
-FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.40.2 as build
+FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.41.1 as build
 ARG BUILDPLATFORM
 ARG TARGETPLATFORM
 ARG TARGETOS
@@ -30,7 +30,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     GOEXPERIMENT=${GOEXPERIMENT} \
     make agent
 
-FROM public.ecr.aws/ubuntu/ubuntu:mantic
+FROM public.ecr.aws/ubuntu/ubuntu:noble
 
 #Username and uid for grafana-agent user
 ARG UID=473