saltstack/salt-bootstrap
1
0
Fork 0
mirror of https://github.com/saltstack/salt-bootstrap.git synced 2025-04-16 09:40:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[WIP] initial testing for CI/CD clean up

Browse source
This commit is contained in:
David Murphy 2024-11-07 15:17:51 -07:00
parent 8782a3b79a
commit a8b1804f18
No known key found for this signature in database
GPG key ID: 9D7724F37A7424D8
6 changed files with 15 additions and 269 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/ci.yml vendored
View file

@ -245,20 +245,6 @@ jobs:
instances: '["stable-3007", "onedir-3007", "stable-3007-1", "git-master", "latest", "default"]'
fedora-39:
name: Fedora 39
if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
uses: ./.github/workflows/test-linux.yml
needs:
- lint
- generate-actions-workflow
with:
distro-slug: fedora-39
display-name: Fedora 39
timeout: 20
instances: '["stable-3006", "onedir-3006", "stable-3006-8", "latest", "default"]'
fedora-40:
name: Fedora 40
if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
@ -430,7 +416,6 @@ jobs:
- centos-stream9
- debian-11
- debian-12
- fedora-39
- fedora-40
- opensuse-15
- oraclelinux-8

58
.github/workflows/nightly.yml vendored
View file

@ -41,61 +41,3 @@ jobs:
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "requirements-met=true" >> "${GITHUB_OUTPUT}"
fi
update-s3-bucket:
name: Update S3 Bucket
if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
runs-on:
- self-hosted
- linux
- repo-release
needs:
- workflow-requirements
environment: release
steps:
- uses: actions/checkout@v4
- name: Get Salt Project GitHub Actions Bot Environment
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Setup GnuPG
run: |
sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
GNUPGHOME="$(mktemp -d -p /run/gpg)"
echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
cat <<EOF > "${GNUPGHOME}/gpg.conf"
batch
no-tty
pinentry-mode loopback
EOF
- name: Get Secrets
id: get-secrets
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Install Requirements
run: |
python3 -m pip install -r requirements/release.txt
- name: Upload Develop to S3
run: |
tools release s3-publish --key-id 64CBBC8173D76B3F develop

181
.github/workflows/release.yml vendored
View file

@ -51,11 +51,7 @@ jobs:
update-develop:
name: Update CHANGELOG.md and bootstrap-salt.sh
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
## - repo-release
runs-on: ubuntu-latest
permissions:
contents: write # To be able to publish the release
environment: release
@ -75,36 +71,6 @@ jobs:
python3 -m pip install -r requirements/release.txt
pre-commit install --install-hooks
## - name: Setup GnuPG
## run: |
## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## batch
## no-tty
## pinentry-mode loopback
## EOF
## - name: Get Secrets
## id: get-secrets
## env:
## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## run: |
## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text | jq .default_key -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## | gpg --import -
## sync
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## sync
## rm "$SECRETS_KEY_FILE"
## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git
shell: bash
run: |
@ -112,8 +78,6 @@ jobs:
git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com
git config --global commit.gpgsign false
## git config --global user.signingkey 64CBBC8173D76B3F
## git config --global commit.gpgsign true
- name: Update Repository
id: update-repo
@ -151,11 +115,7 @@ jobs:
merge-develop-into-stable:
name: Merge develop into stable
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
## - repo-release
runs-on: ubuntu-latest
needs:
- update-develop
environment: release
@ -169,36 +129,6 @@ jobs:
ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }}
fetch-depth: 0
## - name: Setup GnuPG
## run: |
## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## batch
## no-tty
## pinentry-mode loopback
## EOF
## - name: Get Secrets
## id: get-secrets
## env:
## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## run: |
## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text | jq .default_key -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## | gpg --import -
## sync
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## sync
## rm "$SECRETS_KEY_FILE"
## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git
shell: bash
run: |
@ -206,8 +136,6 @@ jobs:
git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com
git config --global commit.gpgsign false
## git config --global user.signingkey 64CBBC8173D76B3F
## git config --global commit.gpgsign true
- name: Download Release Details
uses: actions/download-artifact@v4
@ -250,10 +178,7 @@ jobs:
publish-release:
name: Create GitHub Release
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
runs-on: ubuntu-latest
needs:
- merge-develop-into-stable
environment: release
@ -299,75 +224,9 @@ jobs:
name: release-details
failOnError: false
## update-s3-bucket:
## name: Update S3 Bucket
## runs-on:
## - ubuntu-latest
## ## - self-hosted
## ## - linux
## ## - repo-release
## needs:
## - publish-release
## environment: release
## steps:
## - uses: actions/checkout@v4
## with:
## ref: stable
## repository: ${{ github.repository }}
## ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }}
## - name: Get Salt Project GitHub Actions Bot Environment
## run: |
## TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
## SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
## echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
## ## - name: Setup GnuPG
## ## run: |
## ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## ## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## ## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## ## batch
## ## no-tty
## ## pinentry-mode loopback
## ## EOF
## ## - name: Get Secrets
## ## id: get-secrets
## ## env:
## ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## ## run: |
## ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## ## --query SecretString --output text | jq .default_key -r | base64 -d \
## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## ## | gpg --import -
## ## sync
## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## ## sync
## ## rm "$SECRETS_KEY_FILE"
## ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
## ## - name: Install Requirements
## ## run: |
## ## python3 -m pip install -r requirements/release.txt
## ## - name: Upload Stable Release to S3
## ## run: |
## ## tools release s3-publish --key-id 64CBBC8173D76B3F stable
update-develop-checksums:
name: Update Release Checksums on Develop
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
## - repo-release
runs-on: ubuntu-latest
needs:
- publish-release
environment: release
@ -393,36 +252,6 @@ jobs:
repository: ${{ github.repository }}
ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }}
## - name: Setup GnuPG
## run: |
## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## batch
## no-tty
## pinentry-mode loopback
## EOF
## - name: Get Secrets
## id: get-secrets
## env:
## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## run: |
## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text | jq .default_key -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## | gpg --import -
## sync
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## sync
## rm "$SECRETS_KEY_FILE"
## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git
shell: bash
run: |
@ -430,8 +259,6 @@ jobs:
git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com
git config --global commit.gpgsign false
## git config --global user.signingkey 64CBBC8173D76B3F
## git config --global commit.gpgsign true
- name: Update Latest Release on README
run: |

8
.github/workflows/templates/generate.py vendored
View file

@ -13,7 +13,6 @@ LINUX_DISTROS = [
"centos-stream9",
"debian-11",
"debian-12",
"fedora-39",
"fedora-40",
"opensuse-15",
"oraclelinux-8",
@ -43,7 +42,6 @@ STABLE_DISTROS = [
"centos-stream9",
"debian-11",
"debian-12",
"fedora-39",
"fedora-40",
"opensuse-15",
"oraclelinux-8",
@ -64,7 +62,6 @@ ONEDIR_DISTROS = [
"centos-stream9",
"debian-11",
"debian-12",
"fedora-39",
"fedora-40",
"oraclelinux-8",
"oraclelinux-9",
@ -97,7 +94,6 @@ BLACKLIST_3006 = [
]
BLACKLIST_3007 = [
"fedora-39",
"opensuse-15",
"photon-4",
"photon-5",
@ -126,7 +122,6 @@ BLACKLIST_GIT_3007 = [
"centos-stream9",
"debian-11",
"debian-12",
"fedora-39",
"fedora-40",
"opensuse-15",
"oraclelinux-9",
@ -140,7 +135,6 @@ BLACKLIST_GIT_3007 = [
BLACKLIST_GIT_MASTER = [
"amazon-2",
"fedora-39",
"photon-4",
"photon-5",
]
@ -200,7 +194,6 @@ GIT_VERSION_BLACKLIST = [
#
GIT_DISTRO_BLACKLIST = [
"almalinux-8",
"fedora-39",
"opensuse-15",
"oraclelinux-8",
"rockylinux-8",
@ -215,7 +208,6 @@ DISTRO_DISPLAY_NAMES = {
"centos-stream9": "CentOS Stream 9",
"debian-11": "Debian 11",
"debian-12": "Debian 12",
"fedora-39": "Fedora 39",
"fedora-40": "Fedora 40",
"opensuse-15": "Opensuse 15",
"oraclelinux-8": "Oracle Linux 8",

15
.github/workflows/test-linux.yml vendored
View file

@ -45,14 +45,15 @@ jobs:
run: |
pip install -U pytest
## TBD Disabled until CI/CD is functional
## - name: Bootstrap Salt
## run: |
## sh -x ./bootstrap-salt.sh
- name: Bootstrap Salt
run: |
echo "matrix instance ,${{ matrix.instance }},"
echo "inputs.distro-slug ,${{ inputs.distro-slug }},"
sh -x ./bootstrap-salt.sh
## - name: Test Bootstrap
## run: |
## pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/
- name: Test Bootstrap
run: |
pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/
- name: Set Exit Status
if: always()

7
.github/workflows/test-macos.yml vendored
View file

@ -50,10 +50,9 @@ jobs:
run: |
sudo sh -x ./bootstrap-salt.sh
## TBD Disabled until CI/CD is functional
## - name: Test Bootstrap
## run: |
## pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/
- name: Test Bootstrap
run: |
pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/
- name: Set Exit Status
if: always()