deps: upgrade lua-resty-limit-traffic from 1.0.0 to 1.2.0

[jarvis9443]

Description

Upgrade lua-resty-limit-traffic from v1.0.0 to v1.2.0 in both build-apisix-runtime.sh and build-apisix-base.sh.

Why

This aligns the open-source apisix-runtime and apisix-base with the enterprise api7ee-runtime, which already uses v1.2.0.

Key library change in v1.2.0: incoming_new() counts UP from 0 (returns consumed count) instead of DOWN from limit (returns remaining count), and removes the assert(cost >= 1) restriction.

The companion APISIX PR (apache/apisix#13191) adapts limit-count-local.lua to handle the new return value semantics (consumed → remaining conversion).

Changes

• build-apisix-runtime.sh: limit_ver=1.0.0 → limit_ver=1.2.0
• build-apisix-base.sh: limit_ver=1.0.0 → limit_ver=1.2.0

Summary by CodeRabbit

• Chores
  • Updated the bundled traffic-limiting dependency from v1.0.0 to v1.2.0 so builds include the newer release.

[coderabbitai]

📝 Walkthrough

Walkthrough

The build scripts were modified to change which lua-resty-limit-traffic tag is downloaded and bundled: v1.2.0 is now fetched instead of v1.0.0 in the OpenResty-related bundle steps.

Changes

Cohort / File(s)	Summary
Runtime bundle update build-apisix-runtime.sh	When the or_limit_ver=0.09 bundle dir is missing, set limit_ver to 1.2.0 so the script downloads and bundles lua-resty-limit-traffic v1.2.0 instead of v1.0.0.
Base bundle replacement build-apisix-base.sh	If bundle/lua-resty-limit-traffic-$or_limit_ver exists, remove it and download/extract lua-resty-limit-traffic v1.2.0, then move the extracted dir into bundle/lua-resty-limit-traffic-$or_limit_ver (replacing previous v1.0.0 behavior).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
E2e Test Quality Review	⚠️ Warning	PR updates lua-resty-limit-traffic with breaking API changes but lacks E2E tests validating successful build, startup, and rate-limiting functionality.	Add E2E tests verifying build success, APISIX startup, rate-limiting with new semantics, and boundary cases in CI/CD pipeline.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: upgrading a specific dependency from version 1.0.0 to 1.2.0.
Security Check	✅ Passed	PR updates hardcoded version number in build scripts with secure HTTPS download using proper SSL validation, introducing no security vulnerabilities.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/upgrade-limit-traffic

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

build-apisix-runtime.sh (1)

148-158: Consolidate lua-resty-limit-traffic versions across build scripts.

Both build-apisix-runtime.sh and build-apisix-base.sh define or_limit_ver=0.09 as the target directory, but download different versions: runtime uses 1.2.0 (line 154) while base uses 1.0.0 (line 122). This version drift can cause inconsistent builds. Update both scripts to use the same version or centralize the version pin.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@build-apisix-runtime.sh` around lines 148 - 158, The build script uses
inconsistent versions for lua-resty-limit-traffic (or_limit_ver and limit_ver):
ensure both build-apisix-runtime.sh and build-apisix-base.sh use the same pinned
version by centralizing the version into a single variable (e.g.,
LIMIT_TRAFFIC_VERSION) and replacing the separate limit_ver/or_limit_ver usages;
update the download (wget), untar, and move logic to reference that single
variable so the bundle directory name and the downloaded tarball version remain
consistent across both scripts.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@build-apisix-runtime.sh`:
- Around line 154-157: The runtime script pins lua-resty-limit-traffic to v1.2.0
(with resty.limit.count.incoming() now returning consumed) while
build-apisix-base.sh still uses v1.0.0 and apisix-nginx-module 1.19.3 expects
remaining, causing incorrect limit decisions; reconcile by either (A) pin both
build-apisix-runtime.sh and build-apisix-base.sh to the same safe version (e.g.,
v1.0.0) by changing the limit_ver in build-apisix-runtime.sh to match
build-apisix-base.sh, or (B) update both scripts to the new version and then
update the caller code that invokes resty.limit.count.incoming() (search for
resty.limit.count.incoming(), apisix-nginx-module limit/count call sites) to
convert consumed -> remaining (remaining = limit - consumed) before making
allow/deny decisions, and also fix the obvious variable typo in the runtime
script mv command that uses $or_limit_ver to use the correct variable name so
the bundle directory is named consistently.

---

Nitpick comments:
In `@build-apisix-runtime.sh`:
- Around line 148-158: The build script uses inconsistent versions for
lua-resty-limit-traffic (or_limit_ver and limit_ver): ensure both
build-apisix-runtime.sh and build-apisix-base.sh use the same pinned version by
centralizing the version into a single variable (e.g., LIMIT_TRAFFIC_VERSION)
and replacing the separate limit_ver/or_limit_ver usages; update the download
(wget), untar, and move logic to reference that single variable so the bundle
directory name and the downloaded tarball version remain consistent across both
scripts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d84dbfe0-ef8e-41d8-ac14-fe1541561986

📥 Commits

Reviewing files that changed from the base of the PR and between c7d5ab1 and 62adc01.

📒 Files selected for processing (1)

• build-apisix-runtime.sh

[coderabbitai]

🧹 Nitpick comments (1)

build-apisix-base.sh (1)

116-126: Centralize the limit_ver declaration to prevent version skew between build scripts.

Both build-apisix-base.sh and build-apisix-runtime.sh independently declare limit_ver=1.2.0 (lines 122 and 154 respectively). Since upgrading lua-resty-limit-traffic requires both scripts to stay synchronized—especially for breaking changes like v1.0.0→v1.2.0 which alter the API return semantics—duplicating this value introduces maintenance risk. Define the version once in a shared configuration file or enforced wrapper script.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@build-apisix-base.sh` around lines 116 - 126, The scripts duplicate the
lua-resty-limit-traffic version (limit_ver=1.2.0) which risks skew; centralize
the version by moving the declaration into a single shared config or wrapper and
have both build-apisix-base.sh and build-apisix-runtime.sh read that variable
(e.g., source a file like common_build_vars.sh or read LIMIT_VER env var)
instead of defining limit_ver locally; update references to limit_ver and ensure
or_limit_ver usage remains consistent so both scripts use the same authoritative
version value.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@build-apisix-base.sh`:
- Around line 116-126: The scripts duplicate the lua-resty-limit-traffic version
(limit_ver=1.2.0) which risks skew; centralize the version by moving the
declaration into a single shared config or wrapper and have both
build-apisix-base.sh and build-apisix-runtime.sh read that variable (e.g.,
source a file like common_build_vars.sh or read LIMIT_VER env var) instead of
defining limit_ver locally; update references to limit_ver and ensure
or_limit_ver usage remains consistent so both scripts use the same authoritative
version value.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3f5ab3da-878a-4c90-bd59-46d5835654a1

📥 Commits

Reviewing files that changed from the base of the PR and between 62adc01 and 816e9e2.

📒 Files selected for processing (1)

• build-apisix-base.sh