Merge v0.0.614 to fandom_master

.github/ISSUE_TEMPLATE/BUG-REPORT.yml

@@ -24,15 +24,21 @@ body:
             "I have read and am following this repository's [Contribution
             Guidelines](https://github.com/ory/x/blob/master/CONTRIBUTING.md)."
           required: true
-        - label:
-            "This issue affects my [Ory Network](https://www.ory.sh/) project."
         - label:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
             "I am signed up to the [Ory Security Patch
             Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
+  - attributes:
+      description:
+        "Enter the slug or API URL of the affected Ory Network project. Leave
+        empty when you are self-hosting."
+      label: "Ory Network Project"
+      placeholder: "https://<your-project-slug>.projects.oryapis.com"
+    id: ory-network-project
+    type: input
   - attributes:
       description: "A clear and concise description of what the bug is."
       label: "Describe the bug"

.github/ISSUE_TEMPLATE/DESIGN-DOC.yml

@@ -35,15 +35,21 @@ body:
             "I have read and am following this repository's [Contribution
             Guidelines](https://github.com/ory/x/blob/master/CONTRIBUTING.md)."
           required: true
-        - label:
-            "This issue affects my [Ory Network](https://www.ory.sh/) project."
         - label:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
             "I am signed up to the [Ory Security Patch
             Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
+  - attributes:
+      description:
+        "Enter the slug or API URL of the affected Ory Network project. Leave
+        empty when you are self-hosting."
+      label: "Ory Network Project"
+      placeholder: "https://<your-project-slug>.projects.oryapis.com"
+    id: ory-network-project
+    type: input
   - attributes:
       description: |
         This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts.

.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml

@@ -28,15 +28,21 @@ body:
             "I have read and am following this repository's [Contribution
             Guidelines](https://github.com/ory/x/blob/master/CONTRIBUTING.md)."
           required: true
-        - label:
-            "This issue affects my [Ory Network](https://www.ory.sh/) project."
         - label:
             "I have joined the [Ory Community Slack](https://slack.ory.sh)."
         - label:
             "I am signed up to the [Ory Security Patch
             Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
     id: checklist
     type: checkboxes
+  - attributes:
+      description:
+        "Enter the slug or API URL of the affected Ory Network project. Leave
+        empty when you are self-hosting."
+      label: "Ory Network Project"
+      placeholder: "https://<your-project-slug>.projects.oryapis.com"
+    id: ory-network-project
+    type: input
   - attributes:
       description:
         "Is your feature request related to a problem? Please describe."

.github/workflows/format.yml

@@ -11,7 +11,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - run: make format
       - name: Indicate formatting issues
         run: git diff HEAD --exit-code --color

.github/workflows/licenses.yml

@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - uses: actions/setup-node@v2
         with:
           node-version: "18"

.github/workflows/test.yml

@@ -19,7 +19,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - run: |
           go test -tags sqlite -failfast -short -timeout=20m $(go list ./... | grep -v sqlcon | grep -v watcherx | grep -v pkgerx | grep -v configx)
         shell: bash
@@ -55,12 +55,13 @@ jobs:
         uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.20"
+          go-version: "1.21"
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
+          version: v1.55.2
           skip-go-installation: true
-          args: --timeout 2m
+          args: --timeout 5m
       - name: Install cockroach DB
         run: |
           curl https://binaries.cockroachdb.com/cockroach-v22.2.5.linux-amd64.tgz | tar -xz

CODE_OF_CONDUCT.md

@@ -39,6 +39,16 @@ Examples of unacceptable behavior include:
 - Other conduct which could reasonably be considered inappropriate in a
   professional setting
 
+## Open Source Community Support
+
+Ory Open source software is collaborative and based on contributions by
+developers in the Ory community. There is no obligation from Ory to help with
+individual problems. If Ory open source software is used in production in a
+for-profit company or enterprise environment, we mandate a paid support contract
+where Ory is obligated under their service level agreements (SLAs) to offer a
+defined level of availability and responsibility. For more information about
+paid support please contact us at [email protected].
+
 ## Enforcement Responsibilities
 
 Community leaders are responsible for clarifying and enforcing our standards of

Makefile

@@ -16,7 +16,7 @@ $(foreach dep, $(GO_DEPENDENCIES), $(eval $(call make-go-dependency, $(dep))))
 $(call make-lint-dependency)
 
 .bin/ory: Makefile
-	curl https://raw.githubusercontent.com/ory/meta/master/install.sh | bash -s -- -b .bin ory v0.1.48
+	curl https://raw.githubusercontent.com/ory/meta/master/install.sh | bash -s -- -b .bin ory v0.2.2
 	touch .bin/ory
 
 .PHONY: format
@@ -32,7 +32,7 @@ licenses: .bin/licenses node_modules  # checks open-source licenses
 	GOBIN=$(shell pwd)/.bin go install golang.org/x/tools/cmd/goimports@latest
 
 .bin/golangci-lint: Makefile
-	bash <(curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh) -d -b .bin v1.46.2
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b .bin v1.55.2
 
 .bin/licenses: Makefile
 	curl https://raw.githubusercontent.com/ory/ci/master/licenses/install | sh
@@ -56,7 +56,7 @@ resetdb:
 
 .PHONY: lint
 lint: .bin/golangci-lint
-	GO111MODULE=on golangci-lint run -v ./...
+	GO111MODULE=on .bin/golangci-lint run -v ./...
 
 .PHONY: migrations-render
 migrations-render: .bin/ory

clidoc/generate_test.go

@@ -24,7 +24,7 @@ root
 child1
 
 <[some argument]>
-`}
+`, Example: "{{ .CommandPath }} --whatever"}
 	child2 = &cobra.Command{Use: "child2", Run: noopRun, Long: `A sample text
 child2
 

clidoc/md_docs.go

@@ -23,6 +23,8 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/ory/x/cmdx"
+
 	"github.com/spf13/cobra"
 )
 
@@ -62,7 +64,12 @@ func GenMarkdownCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string)
 	buf.WriteString(cmd.Short + "\n\n")
 	if len(cmd.Long) > 0 {
 		buf.WriteString("### Synopsis\n\n")
-		buf.WriteString(cmd.Long + "\n\n")
+		long, err := cmdx.TemplateCommandField(cmd, cmd.Long)
+		if err != nil {
+			buf.WriteString(fmt.Sprintf("<!-- Error rendering cmd.Long: %s -->\n\n", err.Error()))
+			long = cmd.Long
+		}
+		buf.WriteString(long + "\n\n")
 	}
 
 	if cmd.Runnable() {
@@ -71,7 +78,12 @@ func GenMarkdownCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string)
 
 	if len(cmd.Example) > 0 {
 		buf.WriteString("### Examples\n\n")
-		buf.WriteString(fmt.Sprintf("```\n%s\n```\n\n", cmd.Example))
+		example, err := cmdx.TemplateCommandField(cmd, cmd.Example)
+		if err != nil {
+			buf.WriteString(fmt.Sprintf("<!-- Error rendering cmd.Example: %s -->\n\n", err.Error()))
+			example = cmd.Example
+		}
+		buf.WriteString(fmt.Sprintf("```\n%s\n```\n\n", example))
 	}
 
 	if err := printOptions(buf, cmd, name); err != nil {

clidoc/testdata/root-child1.md

@@ -25,6 +25,12 @@ child1
 root child1 [flags]
 ```
 
+### Examples
+
+```
+root child1 --whatever
+```
+
 ### Options
 
 ```

cmdx/usage.go

@@ -54,25 +54,27 @@ Use "{{.CommandPath}} [command] --help" for more information about a command.{{e
 // The data for the template is the command itself. Especially useful are `.Root.Name` and `.CommandPath`.
 // This will be inherited by all subcommands, so enabling it on the root command is sufficient.
 func EnableUsageTemplating(cmds ...*cobra.Command) {
-	cobra.AddTemplateFunc("insertTemplate", func(cmd *cobra.Command, tmpl string) (string, error) {
-		t := template.New("")
-		t.Funcs(usageTemplateFuncs)
-		t, err := t.Parse(tmpl)
-		if err != nil {
-			return "", err
-		}
-		var out bytes.Buffer
-		if err := t.Execute(&out, cmd); err != nil {
-			return "", err
-		}
-		return out.String(), nil
-	})
+	cobra.AddTemplateFunc("insertTemplate", TemplateCommandField)
 	for _, cmd := range cmds {
 		cmd.SetHelpTemplate(helpTemplate)
 		cmd.SetUsageTemplate(usageTemplate)
 	}
 }
 
+func TemplateCommandField(cmd *cobra.Command, field string) (string, error) {
+	t := template.New("")
+	t.Funcs(usageTemplateFuncs)
+	t, err := t.Parse(field)
+	if err != nil {
+		return "", err
+	}
+	var out bytes.Buffer
+	if err := t.Execute(&out, cmd); err != nil {
+		return "", err
+	}
+	return out.String(), nil
+}
+
 // DisableUsageTemplating resets the commands usage template to the default.
 // This can be used to undo the effects of EnableUsageTemplating, specifically for a subcommand.
 func DisableUsageTemplating(cmds ...*cobra.Command) {

configx/options.go

@@ -44,6 +44,12 @@ func WithImmutables(immutables ...string) OptionModifier {
 	}
 }
 
+func WithExceptImmutables(exceptImmutables ...string) OptionModifier {
+	return func(p *Provider) {
+		p.exceptImmutables = append(p.exceptImmutables, exceptImmutables...)
+	}
+}
+
 func WithFlags(flags *pflag.FlagSet) OptionModifier {
 	return func(p *Provider) {
 		p.flags = flags

configx/provider.go

@@ -39,7 +39,7 @@ type tuple struct {
 type Provider struct {
 	l sync.RWMutex
 	*koanf.Koanf
-	immutables []string
+	immutables, exceptImmutables []string
 
 	schema                   []byte
 	flags                    *pflag.FlagSet
@@ -249,6 +249,18 @@ func (p *Provider) runOnChanges(e watcherx.Event, err error) {
 	}
 }
 
+func deleteOtherKeys(k *koanf.Koanf, keys []string) {
+outer:
+	for _, key := range k.Keys() {
+		for _, ik := range keys {
+			if key == ik {
+				continue outer
+			}
+		}
+		k.Delete(key)
+	}
+}
+
 func (p *Provider) reload(e watcherx.Event) {
 	p.l.Lock()
 
@@ -264,10 +276,20 @@ func (p *Provider) reload(e watcherx.Event) {
 		return // unlocks & runs changes in defer
 	}
 
-	for _, key := range p.immutables {
-		if !reflect.DeepEqual(p.Koanf.Get(key), nk.Get(key)) {
-			err = NewImmutableError(key, fmt.Sprintf("%v", p.Koanf.Get(key)), fmt.Sprintf("%v", nk.Get(key)))
-			return // unlocks & runs changes in defer
+	oldImmutables, newImmutables := p.Koanf.Copy(), nk.Copy()
+	deleteOtherKeys(oldImmutables, p.immutables)
+	deleteOtherKeys(newImmutables, p.immutables)
+
+	for _, key := range p.exceptImmutables {
+		oldImmutables.Delete(key)
+		newImmutables.Delete(key)
+	}
+	if !reflect.DeepEqual(oldImmutables.Raw(), newImmutables.Raw()) {
+		for _, key := range p.immutables {
+			if !reflect.DeepEqual(oldImmutables.Get(key), newImmutables.Get(key)) {
+				err = NewImmutableError(key, fmt.Sprintf("%v", p.Koanf.Get(key)), fmt.Sprintf("%v", nk.Get(key)))
+				return // unlocks & runs changes in defer
+			}
 		}
 	}
 
@@ -292,6 +314,33 @@ func (p *Provider) watchForFileChanges(ctx context.Context, c watcherx.EventChan
 	}
 }
 
+// DirtyPatch patches individual config keys without reloading the full config
+//
+// WARNING! This method is only useful to override existing keys in string or number
+// format. DO NOT use this method to override arrays, maps, or other complex types.
+//
+// This method DOES NOT validate the config against the config JSON schema. If you
+// need to validate the config, use the Set method instead.
+//
+// This method can not be used to remove keys from the config as that is not
+// possible without reloading the full config.
+func (p *Provider) DirtyPatch(key string, value any) error {
+	p.l.Lock()
+	defer p.l.Unlock()
+
+	t := tuple{Key: key, Value: value}
+	kc := NewKoanfConfmap([]tuple{t})
+
+	p.forcedValues = append(p.forcedValues, t)
+	p.providers = append(p.providers, kc)
+
+	if err := p.Koanf.Load(kc, nil, []koanf.Option{}...); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (p *Provider) Set(key string, value interface{}) error {
 	p.l.Lock()
 	defer p.l.Unlock()
@@ -432,8 +481,9 @@ func (p *Provider) CORS(prefix string, defaults cors.Options) (cors.Options, boo
 
 func (p *Provider) TracingConfig(serviceName string) *otelx.Config {
 	return &otelx.Config{
-		ServiceName: p.StringF("tracing.service_name", serviceName),
-		Provider:    p.String("tracing.provider"),
+		ServiceName:           p.StringF("tracing.service_name", serviceName),
+		DeploymentEnvironment: p.StringF("tracing.deployment_environment", ""),
+		Provider:              p.String("tracing.provider"),
 		Providers: otelx.ProvidersConfig{
 			Jaeger: otelx.JaegerConfig{
 				Sampling: otelx.JaegerSampling{
@@ -454,6 +504,7 @@ func (p *Provider) TracingConfig(serviceName string) *otelx.Config {
 				Sampling: otelx.OTLPSampling{
 					SamplingRatio: p.Float64("tracing.providers.otlp.sampling.sampling_ratio"),
 				},
+				AuthorizationHeader: p.String("tracing.providers.otlp.authorization_header"),
 			},
 		},
 	}