Release 3.9.0 (2024-06-25)

### Features

* [IsolateBuyerAndSellerCodeExecution] Add wrapper for buyer's reportWin() udf
* [reporting] Enable reportResult execution for topLevelSeller
* Add chaffing feature flags in SFE/BFE.
* add EventMessage to log context
* Add request creation timestamp to ProtectedAuctionInput
* Add request/response to ExecuteInternal on async clients
* Add tee-container-log-redirect option in terraform
* Bash script for ASG and Cloud Map Custom HealthChecks
* Consented request replace enable_adtech_code_logging in Bidding Server
* Create inference model store for model management
* Create logging library for inference consented logs
* Debug Reporting for Bid Currency
* decrease aws/build_and_test duration by ~75%
* Feature Flag for TLS in Service Mesh
* Force the ML model reset with the probability of 0.1%
* Forward per request consented debugging config to roma callback
* Implement AWS Cloud Un-Map
* Implement new SFE <> BFE request format for chaffing
* Implement the probabilistic model reset for PyTorch
* Implement the probabilistic model reset for TensorFlow.
* Load Test Flag for AWS
* Log consented debugging information in inference sidecar
* log EventMessage in servers
* log udf log in EventMessage for non_prod debug_info
* Remove enableAdtechCodeLogging flag value
* Remove Envoy Access Logging
* Route consented inference requests to a consented model store
* send chaff requests from SFE
* Service Mesh in AWS
* Support CPU isolation in the inference sidecar
* update code/cloud build to use tags
* Upgrade AWS Provider for Terraform from v3.xx to v4.xx
* Use gRPC for AWS Service Mesh Envoy HCs

### Bug Fixes

* [IsolateBuyerAndSellerCodeExecution] Add a new class for buyer's reporting code fetch and load
* [IsolateBuyerAndSellerCodeExecution] Add a new code wrapper with only scoreAd and reportResult
* [IsolateBuyerAndSellerCodeExecution] Add config flag to enable seller and buyer code isolation
* [IsolateBuyerAndSellerCodeExecution] Modify seller_udf_manager to fetch and load buyer udfs
* [IsolateBuyerAndSellerCodeExecution] Refactor the code fetch files.
* add check back in default grpc client
* Add DebugInfo pointer for debugging log into RomaRequestContext
* Add generation_id to chaff requests
* clean up log verbosity 3
* do not try to impersonate service accounts if TEST_MODE=true
* Eliminate Terraform Error Message about empty Authority Field
* Ensure instance id is set in logs on AWS when not using mesh.
* Execute Callback for empty HTTP request vector
* make num_chaff_requests not have a static lower bound
* scorecard.yaml version updates
* Upgrades google terraform plugin to 5.31.0 to fix crash

Bug: N/A
GitOrigin-RevId: faf77e5cbd6c2ae9f65761250ce95231c5f5ae08
Change-Id: I3e54553186f0ad82ffea0e43fa2ea3fbf22eb19f

.bazelrc

@@ -92,6 +92,7 @@ build:prod --@google_privacysandbox_servers_common//:build_flavor=prod
 
 build:inference_non_prod --//:build_flavor=non_prod
 build:inference_non_prod --//:inference_build=yes
+build:inference_non_prod --//:inference_runtime=all
 build:inference_non_prod --@google_privacysandbox_servers_common//:build_flavor=non_prod
 
 # Address sanitizer, set action_env to segregate cache entries

.github/workflows/scorecard.yaml

@@ -51,7 +51,7 @@ jobs:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -73,14 +73,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: Upload artifact
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@8662eabe0e9f338a07350b7fd050732745f93848 # v2.3.1
         with:
           sarif_file: results.sarif

BUILD

@@ -173,6 +173,14 @@ config_setting(
     visibility = ["//visibility:public"],
 )
 
+config_setting(
+    name = "prod_build",
+    flag_values = {
+        ":build_flavor": "prod",
+    },
+    visibility = ["//visibility:public"],
+)
+
 string_flag(
     name = "inference_build",
     build_setting_default = "no",
@@ -189,6 +197,7 @@ string_flag(
         "noop",
         "pytorch",
         "tensorflow",
+        "all",
     ],
 )
 
@@ -218,6 +227,15 @@ config_setting(
     visibility = ["//visibility:public"],
 )
 
+config_setting(
+    name = "include_all_inference_binaries",
+    flag_values = {
+        ":inference_build": "yes",
+        ":inference_runtime": "all",
+    },
+    visibility = ["//visibility:public"],
+)
+
 string_flag(
     name = "build_for_test",
     build_setting_default = "non_test",

CHANGELOG.md

@@ -2,6 +2,65 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## 3.9.0 (2024-06-25)
+
+
+### Features
+
+* [IsolateBuyerAndSellerCodeExecution] Add wrapper for buyer's reportWin() udf
+* [reporting] Enable reportResult execution for topLevelSeller
+* Add chaffing feature flags in SFE/BFE.
+* add EventMessage to log context
+* Add request creation timestamp to ProtectedAuctionInput
+* Add request/response to ExecuteInternal on async clients
+* Add tee-container-log-redirect option in terraform
+* Bash script for ASG and Cloud Map Custom HealthChecks
+* Consented request replace enable_adtech_code_logging in Bidding Server
+* Create inference model store for model management
+* Create logging library for inference consented logs
+* Debug Reporting for Bid Currency
+* decrease aws/build_and_test duration by ~75%
+* Feature Flag for TLS in Service Mesh
+* Force the ML model reset with the probability of 0.1%
+* Forward per request consented debugging config to roma callback
+* Implement AWS Cloud Un-Map
+* Implement new SFE <> BFE request format for chaffing
+* Implement the probabilistic model reset for PyTorch
+* Implement the probabilistic model reset for TensorFlow.
+* Load Test Flag for AWS
+* Log consented debugging information in inference sidecar
+* log EventMessage in servers
+* log udf log in EventMessage for non_prod debug_info
+* Remove enableAdtechCodeLogging flag value
+* Remove Envoy Access Logging
+* Route consented inference requests to a consented model store
+* send chaff requests from SFE
+* Service Mesh in AWS
+* Support CPU isolation in the inference sidecar
+* update code/cloud build to use tags
+* Upgrade AWS Provider for Terraform from v3.xx to v4.xx
+* Use gRPC for AWS Service Mesh Envoy HCs
+
+
+### Bug Fixes
+
+* [IsolateBuyerAndSellerCodeExecution] Add a new class for buyer's reporting code fetch and load
+* [IsolateBuyerAndSellerCodeExecution] Add a new code wrapper with only scoreAd and reportResult
+* [IsolateBuyerAndSellerCodeExecution] Add config flag to enable seller and buyer code isolation
+* [IsolateBuyerAndSellerCodeExecution] Modify seller_udf_manager to fetch and load buyer udfs
+* [IsolateBuyerAndSellerCodeExecution] Refactor the code fetch files.
+* add check back in default grpc client
+* Add DebugInfo pointer for debugging log into RomaRequestContext
+* Add generation_id to chaff requests
+* clean up log verbosity 3
+* do not try to impersonate service accounts if TEST_MODE=true
+* Eliminate Terraform Error Message about empty Authority Field
+* Ensure instance id is set in logs on AWS when not using mesh.
+* Execute Callback for empty HTTP request vector
+* make num_chaff_requests not have a static lower bound
+* scorecard.yaml version updates
+* Upgrades google terraform plugin to 5.31.0 to fix crash
+
 ## 3.8.0 (2024-05-24)
 
 

WORKSPACE

@@ -23,11 +23,11 @@ http_archive(
 
 http_archive(
     name = "google_privacysandbox_servers_common",
-    # 2024-05-24
-    sha256 = "444f76d69afba08dfe7424dae0ff8afb26bd3f4e3396d76b7bf55668d3afd7c6",
-    strip_prefix = "data-plane-shared-libraries-3e09f7993cf6e4ef0fd33360b778f993d3cfd9ef",
+    # 2024-05-28
+    sha256 = "a241ad3d8d897599a6acff89fc759d0e858f8466988f7c56c57b0a83b8cdab5d",
+    strip_prefix = "data-plane-shared-libraries-3e92e75fceb18694f1ce7177e7433824769a89a0",
     urls = [
-        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/3e09f7993cf6e4ef0fd33360b778f993d3cfd9ef.zip",
+        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/3e92e75fceb18694f1ce7177e7433824769a89a0.zip",
     ],
 )
 
@@ -138,3 +138,28 @@ http_archive(
     strip_prefix = "libevent-release-2.1.12-stable",
     urls = ["https://github.com/libevent/libevent/archive/refs/tags/release-2.1.12-stable.zip"],
 )
+
+load("@rules_rust//crate_universe:repositories.bzl", "crate_universe_dependencies")
+
+crate_universe_dependencies()
+
+load("//third_party:deps.bzl", cddl_deps = "deps")
+
+cddl_deps()
+
+load("@cddl_crate_index//:defs.bzl", cddl_crate_repositories = "crate_repositories")
+
+cddl_crate_repositories()
+
+http_archive(
+    name = "cddl_lib",
+    build_file = "//third_party/cddl:cddl.BUILD",
+    patch_args = ["-p1"],
+    patches = [
+        "//third_party:cddl/cddl.patch",
+    ],
+    sha256 = "01e04989c6482e851dc22f376f1c2e1cc493e1ae7b808ae78180d539e6939acb",
+    strip_prefix = "cddl-0.9.4",
+    urls = ["https://github.com/anweiss/cddl/archive/refs/tags/0.9.4.zip"],
+    workspace_file = "//third_party/cddl:WORKSPACE",
+)