create directive specs for context

svc-apollo-docs commented 1 month ago

✅ Docs Preview Ready

No new or changed pages found.

router-perf[bot] commented 1 month ago

CI performance tests

[ ] connectors-const - Connectors stress test that runs with a constant number of users
[x] const - Basic stress test that runs with a constant number of users
[ ] demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
[ ] demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
[ ] enhanced-signature - Enhanced signature enabled
[ ] events - Stress test for events with a lot of users and deduplication ENABLED
[ ] events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
[ ] events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
[ ] events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
[ ] events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
[ ] events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
[ ] extended-reference-mode - Extended reference mode enabled
[ ] large-request - Stress test with a 1 MB request payload
[ ] no-tracing - Basic stress test, no tracing
[ ] reload - Reload test over a long period of time at a constant rate of users
[ ] step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
[ ] step-local-metrics - Field stats that are generated from the router rather than FTV1
[ ] step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
[x] step - Basic stress test that steps up the number of users over time
[ ] xlarge-request - Stress test with 10 MB request payload
[ ] xxlarge-request - Stress test with 100 MB request payload

apollo-bot2 commented 1 month ago

Detected Secrets

:red_circle: Secrets Found

If you are seeing this message, it means that the secret scanning tool that Apollo uses to prevent secrets from entering our repositories has identified a secret in your branch. Information about what was detected and steps to move forward are below.

If the secret scanner detected a valid secret, please take immediate action to remove it from your branch. Apollo also recommends that you invalidate the secret in the system it grants access to. While there are additional steps to prepare the branch for merging, protecting the secret is the top priority.

If the scanner detected a value that is not actually secret or it detected a value that was a secret but has been invalidated, follow the steps in the "Resolution Process" section below to mark it as a false/benign positive. One common reason for benign positive detections is test values. For example, if you are committing a value (like a private key, JWT, etc.) that would usually be secret but is being used in a test case to validate functionality, a detection will be generated. This is safe to allowlist.

Values Detected

Signature	File	Commit	Start Line	Start Column	Link To Secret
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	109	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	212	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	303	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	438	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	538	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	543	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	664	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	669	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	756	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	837	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	983	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	1221	16	Link
generic-api-key	apollo-federation/tests/query_plan/build_query_plan_tests/context.rs	`cd020065cf9a602d744c08d69a0cd0f9a8e4433c`	1226	16	Link

Resolution Process

> [!NOTE] > Apollo does not use all of the native options provided by Gitleaks to perform allowlisting. We use Gitleaks' standard line comments but rely on a custom convention written in a `.gitleaks.toml` file at the root of each repository for allowlisting detections in Git history. To resolve the issue, you will need to: 1. Prevent new detections of the "secret": - Add a comment containing `gitleaks:allow` to the line containing the detected value. - Skip this step if it's not feasible. For example, the detection is in file types like JSON or Markdown, you've completely removed the value, etc. 2. Configure the scanner to ignore the "secret" in git history. - Follow the instructions below for _either_ "Allowlist by Commit Hash" _or_ "Allowlist by File Path" - You will need to ensure that a `.gitleaks.toml` file exists at the root of this repository in your branch. If not, create one!

Allowlist by Commit Hash

This is the preferred option. Update the `.gitleaks.toml` file with the following contents: ```toml [[ rules ]] id = "signature-from-table-above" [ rules.allowlist ] commits = [ "full-commit-hash-1", "full-commit-hash-2" ] ``` If a `[[rules]]` block already exists for the signature involved in your detection, simply append your list of commits. If a matching `[[rules]]` block is already present but has a `paths` attribute rather than `commits`, proceed to the next option. This configuration tells the scanner to ignore the specified signature in the list of commits provided.

Allowlist by File Path

This is a backup option to allowlist specific detections. Add/update the `.gitleaks.toml` file with the following contents: ```toml [[ rules ]] id = "signature-from-table-above" [ rules.allowlist ] paths = [ '''path/to/detected/file1.json$''', '''path/to/other/detected/file.md$''' ] ``` This configuration tells the scanner to ignore any detections with the specified signature generated for the list of files.

Getting Help

The Apollo Security team has been notified and is available to assist in resolving this issue. Please tag us on this PR using `@apollographql/security` if you need assistance!

How do I know I fixed this correctly?

Once you have resolved the issue completely, this message will disappear! If you're still seeing this message, there is more to do prior to merging.

apollographql / router