From a8b1804f18840d281d468f63cb019a67db552fac Mon Sep 17 00:00:00 2001 From: David Murphy Date: Thu, 7 Nov 2024 15:17:51 -0700 Subject: [PATCH] [WIP] initial testing for CI/CD clean up --- .github/workflows/ci.yml | 15 -- .github/workflows/nightly.yml | 58 -------- .github/workflows/release.yml | 181 +----------------------- .github/workflows/templates/generate.py | 8 -- .github/workflows/test-linux.yml | 15 +- .github/workflows/test-macos.yml | 7 +- 6 files changed, 15 insertions(+), 269 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eebfa51..91e8d2c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -245,20 +245,6 @@ jobs: instances: '["stable-3007", "onedir-3007", "stable-3007-1", "git-master", "latest", "default"]' - fedora-39: - name: Fedora 39 - if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' - uses: ./.github/workflows/test-linux.yml - needs: - - lint - - generate-actions-workflow - with: - distro-slug: fedora-39 - display-name: Fedora 39 - timeout: 20 - instances: '["stable-3006", "onedir-3006", "stable-3006-8", "latest", "default"]' - - fedora-40: name: Fedora 40 if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' @@ -430,7 +416,6 @@ jobs: - centos-stream9 - debian-11 - debian-12 - - fedora-39 - fedora-40 - opensuse-15 - oraclelinux-8 diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index bfdb47b..c776a44 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -41,61 +41,3 @@ jobs: echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" echo "requirements-met=true" >> "${GITHUB_OUTPUT}" fi - - update-s3-bucket: - name: Update S3 Bucket - if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }} - runs-on: - - self-hosted - - linux - - repo-release - needs: - - workflow-requirements - environment: release - - steps: - - uses: actions/checkout@v4 - - - name: Get Salt Project GitHub Actions Bot Environment - run: | - TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - id: get-secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Install Requirements - run: | - python3 -m pip install -r requirements/release.txt - - - name: Upload Develop to S3 - run: | - tools release s3-publish --key-id 64CBBC8173D76B3F develop diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 935b0f7..f31d6c4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -51,11 +51,7 @@ jobs: update-develop: name: Update CHANGELOG.md and bootstrap-salt.sh - runs-on: - - ubuntu-latest - ## - self-hosted - ## - linux - ## - repo-release + runs-on: ubuntu-latest permissions: contents: write # To be able to publish the release environment: release @@ -75,36 +71,6 @@ jobs: python3 -m pip install -r requirements/release.txt pre-commit install --install-hooks - ## - name: Setup GnuPG - ## run: | - ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - ## GNUPGHOME="$(mktemp -d -p /run/gpg)" - ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - ## cat < "${GNUPGHOME}/gpg.conf" - ## batch - ## no-tty - ## pinentry-mode loopback - ## EOF - - ## - name: Get Secrets - ## id: get-secrets - ## env: - ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - ## run: | - ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## --query SecretString --output text | jq .default_key -r | base64 -d \ - ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - ## | gpg --import - - ## sync - ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - ## sync - ## rm "$SECRETS_KEY_FILE" - ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - name: Configure Git shell: bash run: | @@ -112,8 +78,6 @@ jobs: git config --global user.name "Salt Project Packaging" git config --global user.email saltproject-packaging@vmware.com git config --global commit.gpgsign false - ## git config --global user.signingkey 64CBBC8173D76B3F - ## git config --global commit.gpgsign true - name: Update Repository id: update-repo @@ -151,11 +115,7 @@ jobs: merge-develop-into-stable: name: Merge develop into stable - runs-on: - - ubuntu-latest - ## - self-hosted - ## - linux - ## - repo-release + runs-on: ubuntu-latest needs: - update-develop environment: release @@ -169,36 +129,6 @@ jobs: ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }} fetch-depth: 0 - ## - name: Setup GnuPG - ## run: | - ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - ## GNUPGHOME="$(mktemp -d -p /run/gpg)" - ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - ## cat < "${GNUPGHOME}/gpg.conf" - ## batch - ## no-tty - ## pinentry-mode loopback - ## EOF - - ## - name: Get Secrets - ## id: get-secrets - ## env: - ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - ## run: | - ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## --query SecretString --output text | jq .default_key -r | base64 -d \ - ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - ## | gpg --import - - ## sync - ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - ## sync - ## rm "$SECRETS_KEY_FILE" - ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - name: Configure Git shell: bash run: | @@ -206,8 +136,6 @@ jobs: git config --global user.name "Salt Project Packaging" git config --global user.email saltproject-packaging@vmware.com git config --global commit.gpgsign false - ## git config --global user.signingkey 64CBBC8173D76B3F - ## git config --global commit.gpgsign true - name: Download Release Details uses: actions/download-artifact@v4 @@ -250,10 +178,7 @@ jobs: publish-release: name: Create GitHub Release - runs-on: - - ubuntu-latest - ## - self-hosted - ## - linux + runs-on: ubuntu-latest needs: - merge-develop-into-stable environment: release @@ -299,75 +224,9 @@ jobs: name: release-details failOnError: false - ## update-s3-bucket: - ## name: Update S3 Bucket - ## runs-on: - ## - ubuntu-latest - ## ## - self-hosted - ## ## - linux - ## ## - repo-release - ## needs: - ## - publish-release - ## environment: release - - ## steps: - ## - uses: actions/checkout@v4 - ## with: - ## ref: stable - ## repository: ${{ github.repository }} - ## ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }} - - ## - name: Get Salt Project GitHub Actions Bot Environment - ## run: | - ## TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - ## SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - ## echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - ## ## - name: Setup GnuPG - ## ## run: | - ## ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - ## ## GNUPGHOME="$(mktemp -d -p /run/gpg)" - ## ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - ## ## cat < "${GNUPGHOME}/gpg.conf" - ## ## batch - ## ## no-tty - ## ## pinentry-mode loopback - ## ## EOF - - ## ## - name: Get Secrets - ## ## id: get-secrets - ## ## env: - ## ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - ## ## run: | - ## ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - ## ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - ## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## ## --query SecretString --output text | jq .default_key -r | base64 -d \ - ## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - ## ## | gpg --import - - ## ## sync - ## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - ## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - ## ## sync - ## ## rm "$SECRETS_KEY_FILE" - ## ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - ## ## - name: Install Requirements - ## ## run: | - ## ## python3 -m pip install -r requirements/release.txt - - ## ## - name: Upload Stable Release to S3 - ## ## run: | - ## ## tools release s3-publish --key-id 64CBBC8173D76B3F stable - update-develop-checksums: name: Update Release Checksums on Develop - runs-on: - - ubuntu-latest - ## - self-hosted - ## - linux - ## - repo-release + runs-on: ubuntu-latest needs: - publish-release environment: release @@ -393,36 +252,6 @@ jobs: repository: ${{ github.repository }} ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }} - ## - name: Setup GnuPG - ## run: | - ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - ## GNUPGHOME="$(mktemp -d -p /run/gpg)" - ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - ## cat < "${GNUPGHOME}/gpg.conf" - ## batch - ## no-tty - ## pinentry-mode loopback - ## EOF - - ## - name: Get Secrets - ## id: get-secrets - ## env: - ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - ## run: | - ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## --query SecretString --output text | jq .default_key -r | base64 -d \ - ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - ## | gpg --import - - ## sync - ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - ## sync - ## rm "$SECRETS_KEY_FILE" - ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - name: Configure Git shell: bash run: | @@ -430,8 +259,6 @@ jobs: git config --global user.name "Salt Project Packaging" git config --global user.email saltproject-packaging@vmware.com git config --global commit.gpgsign false - ## git config --global user.signingkey 64CBBC8173D76B3F - ## git config --global commit.gpgsign true - name: Update Latest Release on README run: | diff --git a/.github/workflows/templates/generate.py b/.github/workflows/templates/generate.py index 537d1da..f1a5f39 100755 --- a/.github/workflows/templates/generate.py +++ b/.github/workflows/templates/generate.py @@ -13,7 +13,6 @@ LINUX_DISTROS = [ "centos-stream9", "debian-11", "debian-12", - "fedora-39", "fedora-40", "opensuse-15", "oraclelinux-8", @@ -43,7 +42,6 @@ STABLE_DISTROS = [ "centos-stream9", "debian-11", "debian-12", - "fedora-39", "fedora-40", "opensuse-15", "oraclelinux-8", @@ -64,7 +62,6 @@ ONEDIR_DISTROS = [ "centos-stream9", "debian-11", "debian-12", - "fedora-39", "fedora-40", "oraclelinux-8", "oraclelinux-9", @@ -97,7 +94,6 @@ BLACKLIST_3006 = [ ] BLACKLIST_3007 = [ - "fedora-39", "opensuse-15", "photon-4", "photon-5", @@ -126,7 +122,6 @@ BLACKLIST_GIT_3007 = [ "centos-stream9", "debian-11", "debian-12", - "fedora-39", "fedora-40", "opensuse-15", "oraclelinux-9", @@ -140,7 +135,6 @@ BLACKLIST_GIT_3007 = [ BLACKLIST_GIT_MASTER = [ "amazon-2", - "fedora-39", "photon-4", "photon-5", ] @@ -200,7 +194,6 @@ GIT_VERSION_BLACKLIST = [ # GIT_DISTRO_BLACKLIST = [ "almalinux-8", - "fedora-39", "opensuse-15", "oraclelinux-8", "rockylinux-8", @@ -215,7 +208,6 @@ DISTRO_DISPLAY_NAMES = { "centos-stream9": "CentOS Stream 9", "debian-11": "Debian 11", "debian-12": "Debian 12", - "fedora-39": "Fedora 39", "fedora-40": "Fedora 40", "opensuse-15": "Opensuse 15", "oraclelinux-8": "Oracle Linux 8", diff --git a/.github/workflows/test-linux.yml b/.github/workflows/test-linux.yml index d31ef75..cfba976 100644 --- a/.github/workflows/test-linux.yml +++ b/.github/workflows/test-linux.yml @@ -45,14 +45,15 @@ jobs: run: | pip install -U pytest - ## TBD Disabled until CI/CD is functional - ## - name: Bootstrap Salt - ## run: | - ## sh -x ./bootstrap-salt.sh + - name: Bootstrap Salt + run: | + echo "matrix instance ,${{ matrix.instance }}," + echo "inputs.distro-slug ,${{ inputs.distro-slug }}," + sh -x ./bootstrap-salt.sh - ## - name: Test Bootstrap - ## run: | - ## pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/ + - name: Test Bootstrap + run: | + pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/ - name: Set Exit Status if: always() diff --git a/.github/workflows/test-macos.yml b/.github/workflows/test-macos.yml index 504f8b3..f4ad541 100644 --- a/.github/workflows/test-macos.yml +++ b/.github/workflows/test-macos.yml @@ -50,10 +50,9 @@ jobs: run: | sudo sh -x ./bootstrap-salt.sh - ## TBD Disabled until CI/CD is functional - ## - name: Test Bootstrap - ## run: | - ## pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/ + - name: Test Bootstrap + run: | + pytest --cache-clear -v -s -ra --log-cli-level=debug tests/integration/ - name: Set Exit Status if: always()