diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 71d6220..91e8fe1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -114,22 +114,6 @@ jobs: - macos-12: - name: macOS 12 - if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' - uses: ./.github/workflows/test-macos.yml - needs: - - lint - - generate-actions-workflow - with: - distro-slug: macos-12 - display-name: macOS 12 - container-slug: macos-12 - timeout: 20 - runs-on: macos-12 - instances: '["stable-3006", "stable-3006-8", "stable-3007", "stable-3007-1", "latest"]' - - macos-13: name: macOS 13 if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true' @@ -293,7 +277,6 @@ jobs: needs: - lint - generate-actions-workflow - - macos-12 - macos-13 - macos-14 - windows-2022 diff --git a/.github/workflows/templates/generate.py b/.github/workflows/templates/generate.py index cb0e693..b45cbdf 100755 --- a/.github/workflows/templates/generate.py +++ b/.github/workflows/templates/generate.py @@ -27,7 +27,6 @@ WINDOWS = [ ] OSX = [ - "macos-12", "macos-13", "macos-14", ] @@ -203,7 +202,6 @@ DISTRO_DISPLAY_NAMES = { "ubuntu-2004": "Ubuntu 20.04", "ubuntu-2204": "Ubuntu 22.04", "ubuntu-2404": "Ubuntu 24.04", - "macos-12": "macOS 12", "macos-13": "macOS 13", "macos-14": "macOS 14", "windows-2022": "Windows 2022", @@ -223,7 +221,6 @@ CONTAINER_SLUG_NAMES = { "ubuntu-2004": "ubuntu-20.04", "ubuntu-2204": "ubuntu-22.04", "ubuntu-2404": "ubuntu-24.04", - "macos-12": "macos-12", "macos-13": "macos-13", "macos-14": "macOS 14", "windows-2022": "windows-2022", diff --git a/.github/workflows/test-macos.yml b/.github/workflows/test-macos.yml index 870fb59..7ffbc43 100644 --- a/.github/workflows/test-macos.yml +++ b/.github/workflows/test-macos.yml @@ -48,12 +48,12 @@ jobs: - uses: actions/checkout@v4 - name: Install Python Dependencies with pip breakage - if: ${{ ( inputs.distro-slug != 'macos-12' ) && ( inputs.distro-slug != 'macos-13' ) }} + if: ${{ inputs.distro-slug != 'macos-13' }} run: | python3 -m pip install --break-system-packages -r tests/requirements.txt - name: Install Python Dependencies without pip breakage - if: ${{ ( inputs.distro-slug == 'macos-12' ) || ( inputs.distro-slug == 'macos-13' ) }} + if: ${{ inputs.distro-slug == 'macos-13' }} run: | python3 -m pip install -r tests/requirements.txt diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 04a74c1..2235e19 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -30,7 +30,7 @@ repos: - actionlint - repo: https://github.com/jazzband/pip-tools - rev: 7.3.0 + rev: 7.4.1 hooks: - id: pip-compile files: ^requirements/release\.(in|txt)$ diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b87b2d..13b1b17 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# v2025.02.24 + +## What's Changed + +- Update requirements to address security issues by @twangboy in https://github.com/saltstack/salt-bootstrap/pull/2073 +- Use treeless clone to 'shallow' clone again. by @mrichar1 in https://github.com/saltstack/salt-bootstrap/pull/2022 +- Fix powershell instructions by @twangboy in https://github.com/saltstack/salt-bootstrap/pull/2074 +- Remove support for macos-12, as deprecated by github by @dmurphy18 in https://github.com/saltstack/salt-bootstrap/pull/2076 + +**Full Changelog**: https://github.com/saltstack/salt-bootstrap/compare/v2024.12.12...v2025.02.24 + # v2024.12.12 ## What's Changed diff --git a/README.rst b/README.rst index 233b3f6..ee036e7 100644 --- a/README.rst +++ b/README.rst @@ -37,6 +37,7 @@ sum** of the downloaded ``bootstrap-salt.sh`` file. The SHA256 sum of the ``bootstrap-salt.sh`` file, per release, is: +- 2024.12.12: ``7cc91adfa5a15ff57d203dc2b79608c773efc639d4e9bf03861198903e11becd`` - 2024.12.09: ``44f9405a6d9622ad8fa7c93e83a52e01ca328f27e4e9dea4a52268c6a22dbe6d`` - 2024.11.29: ``0ac87384dee051aceded69704485a5de0e4a308551a462b10c262111b57acff0`` - 2024.11.27: ``e972bd1ef01d09cd1d9294374ef974c9e3dd9a2aee37cf3859144585fd8bf1d0`` @@ -373,7 +374,7 @@ Using ``PowerShell`` to install latest stable version: [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls12' Invoke-WebRequest -Uri https://github.com/saltstack/salt-bootstrap/releases/latest/download/bootstrap-salt.ps1 -OutFile "$env:TEMP\bootstrap-salt.ps1" - Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser & "$env:TEMP\bootstrap-salt.ps1" + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force; & "$env:TEMP\bootstrap-salt.ps1" Display information about the install script parameters: diff --git a/bootstrap-salt.ps1 b/bootstrap-salt.ps1 index 8b1bb3a..afafb0a 100644 --- a/bootstrap-salt.ps1 +++ b/bootstrap-salt.ps1 @@ -108,7 +108,7 @@ if ($help) { exit 0 } -$__ScriptVersion = "2024.12.12" +$__ScriptVersion = "2025.02.24" $ScriptName = $myInvocation.MyCommand.Name # We'll check for the Version next, because it also has no requirements diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index bd29313..8f29566 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -26,7 +26,7 @@ #====================================================================================================================== set -o nounset # Treat unset variables as an error -__ScriptVersion="2024.12.12" +__ScriptVersion="2025.02.24" __ScriptName="bootstrap-salt.sh" __ScriptFullName="$0" @@ -2161,21 +2161,19 @@ __git_clone_and_checkout() { fi if [ "$__SHALLOW_CLONE" -eq $BS_TRUE ]; then - # Let's try shallow cloning to speed up. - # Test for "--single-branch" option introduced in git 1.7.10, the minimal version of git where the shallow + # Let's try 'treeless' cloning to speed up. Treeless cloning omits trees and blobs ('files') + # but includes metadata (commit history, tags, branches etc. + # Test for "--filter" option introduced in git 2.19, the minimal version of git where the treeless # cloning we need actually works - if [ "$(git clone 2>&1 | grep 'single-branch')" != "" ]; then - # The "--single-branch" option is supported, attempt shallow cloning + if [ "$(git clone 2>&1 | grep 'filter')" != "" ]; then + # The "--filter" option is supported: attempt treeless cloning echoinfo "Attempting to shallow clone $GIT_REV_ADJ from Salt's repository ${_SALT_REPO_URL}" - ## Shallow cloning is resulting in the wrong version of Salt, even with a depth of 5 - ## getting 3007.0+0na.246d066 when it should be 3007.1+410.g246d066457, disabling for now - ## if git clone --depth 1 --branch "$GIT_REV_ADJ" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then - echodebug "git command, git clone --branch $GIT_REV_ADJ $_SALT_REPO_URL $__SALT_CHECKOUT_REPONAME" - if git clone --branch "$GIT_REV_ADJ" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then + echodebug "git command, git clone --filter=tree:0 --branch $GIT_REV_ADJ $_SALT_REPO_URL $__SALT_CHECKOUT_REPONAME" + if git clone --filter=tree:0 --branch "$GIT_REV_ADJ" "$_SALT_REPO_URL" "$__SALT_CHECKOUT_REPONAME"; then # shellcheck disable=SC2164 cd "${_SALT_GIT_CHECKOUT_DIR}" __SHALLOW_CLONE=$BS_TRUE - echoinfo "shallow path (disabled shallow) git cloned $GIT_REV_ADJ, version $(python3 salt/version.py)" + echoinfo "shallow path git cloned $GIT_REV_ADJ, version $(python3 salt/version.py)" else # Shallow clone above failed(missing upstream tags???), let's resume the old behaviour. echowarn "Failed to shallow clone." diff --git a/requirements/release.txt b/requirements/release.txt index b009f47..78fa61c 100644 --- a/requirements/release.txt +++ b/requirements/release.txt @@ -4,27 +4,31 @@ # # pip-compile requirements/release.in # -attrs==23.1.0 +annotated-types==0.7.0 + # via pydantic +attrs==24.3.0 # via python-tools-scripts -boto3==1.28.79 +boto3==1.35.98 # via -r requirements/release.in -botocore==1.31.79 +botocore==1.35.98 # via # boto3 # s3transfer -certifi==2023.7.22 +certifi==2024.12.14 # via requests cfgv==3.4.0 # via pre-commit -charset-normalizer==3.3.2 +charset-normalizer==3.4.1 # via requests -distlib==0.3.7 +distlib==0.3.9 # via virtualenv -filelock==3.13.1 - # via virtualenv -identify==2.5.31 +filelock==3.16.1 + # via + # python-tools-scripts + # virtualenv +identify==2.6.5 # via pre-commit -idna==3.4 +idna==3.10 # via requests jmespath==1.0.1 # via @@ -34,36 +38,41 @@ markdown-it-py==3.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -nodeenv==1.8.0 +nodeenv==1.9.1 # via pre-commit -platformdirs==3.11.0 +platformdirs==4.3.6 # via virtualenv -pre-commit==3.5.0 +pre-commit==4.0.1 # via -r requirements/release.in -pygments==2.16.1 +pydantic==2.10.5 + # via python-tools-scripts +pydantic-core==2.27.2 + # via pydantic +pygments==2.19.1 # via rich -python-dateutil==2.8.2 +python-dateutil==2.9.0.post0 # via botocore -python-tools-scripts==0.18.6 +python-tools-scripts==0.20.5 # via -r requirements/release.in -pyyaml==6.0.1 +pyyaml==6.0.2 # via pre-commit -requests==2.31.0 +requests==2.32.3 # via python-tools-scripts -rich==13.6.0 +rich==13.9.4 # via python-tools-scripts -s3transfer==0.7.0 +s3transfer==0.10.4 # via boto3 -six==1.16.0 +six==1.17.0 # via python-dateutil -typing-extensions==4.8.0 - # via python-tools-scripts -urllib3==2.0.7 +typing-extensions==4.12.2 + # via + # pydantic + # pydantic-core + # python-tools-scripts + # rich +urllib3==2.3.0 # via # botocore # requests -virtualenv==20.24.6 +virtualenv==20.28.1 # via pre-commit - -# The following packages are considered to be unsafe in a requirements file: -# setuptools