Merge branch '3006.x' into 3006.x-wintask-fixes

2025-04-17 10:10:20 +00:00 · 2024-07-01 14:32:55 -06:00 · 2024-07-01 14:32:55 -06:00 · 43c32e62df
commit 43c32e62df
parent 3baaf79cec 7cbfcf027e
370 changed files with 11352 additions and 5203 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -9,55 +9,4 @@
 # This file uses an fnmatch-style matching pattern.

 # Team Core
-*                                   @saltstack/team-core
-
-# Team Boto
-salt/*/*boto*                       @saltstack/team-core
-
-# Team Cloud
-salt/cloud/*                        @saltstack/team-core
-salt/utils/openstack/*              @saltstack/team-core
-salt/utils/aws.py                   @saltstack/team-core
-salt/*/*cloud*                      @saltstack/team-core
-
-# Team NetAPI
-salt/cli/api.py                     @saltstack/team-core
-salt/client/netapi.py               @saltstack/team-core
-salt/netapi/*                       @saltstack/team-core
-
-# Team Network
-salt/proxy/*                        @saltstack/team-core
-
-# Team SPM
-salt/cli/spm.py                     @saltstack/team-core
-salt/spm/*                          @saltstack/team-core
-
-# Team SSH
-salt/cli/ssh.py                     @saltstack/team-core
-salt/client/ssh/*                   @saltstack/team-core
-salt/roster/*                       @saltstack/team-core
-salt/runners/ssh.py                 @saltstack/team-core
-salt/*/thin.py                      @saltstack/team-core
-
-# Team State
-salt/state.py                       @saltstack/team-core
-
-# Team SUSE
-salt/*/*btrfs*                      @saltstack/team-core
-salt/*/*kubernetes*                 @saltstack/team-core
-salt/*/*pkg*                        @saltstack/team-core
-salt/*/*snapper*                    @saltstack/team-core
-salt/*/*xfs*                        @saltstack/team-core
-salt/*/*zypper*                     @saltstack/team-core
-
-# Team Transport
-salt/transport/*                    @saltstack/team-core
-salt/utils/zeromq.py                @saltstack/team-core
-
-# Team Windows
-salt/*/*win*                        @saltstack/team-core
-salt/modules/reg.py                 @saltstack/team-core
-salt/states/reg.py                  @saltstack/team-core
-tests/*/*win*                       @saltstack/team-core
-tests/*/test_reg.py                 @saltstack/team-core
-tests/pytests/*                     @saltstack/team-core @s0undt3ch
+*                                   @saltstack/salt-core-maintainers
--- a/.github/actions/download-artifact/action.yml
+++ b/.github/actions/download-artifact/action.yml
@ -1,42 +0,0 @@
-# This actions was inspired by https://github.com/alehechka/download-tartifact
---
-name: Download Tar Artifact
-description: >
-  Download and extract a tar artifact that was previously uploaded in the
-  workflow by the upload-tartifact action
-
-inputs:
-  name:
-    description: Artifact name
-    required: false
-  path:
-    description: Destination path
-    required: false
-  archive-name:
-    description: >
-      By default `inputs.name`(last resort, `archive`) is what's used to name the archive.
-      This parameter allows a customizing that archive name. This will allow uploading multiple
-      archives under the same 'name', like the underlying official action does
-      without overriding the existing archives.
-    required: false
-
-
-runs:
-  using: composite
-  steps:
-    - uses: actions/download-artifact@v3
-      # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-      # under the same name something that actions/upload-artifact@v4 does not do.
-      with:
-        name: ${{ inputs.name }}
-        path: ${{ inputs.path }}
-
-    - shell: bash
-      working-directory: ${{ inputs.path }}
-      run: |
-        tar -xvf ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz
-
-    - shell: bash
-      working-directory: ${{ inputs.path }}
-      run: |
-        rm -f ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz
--- a/.github/actions/upload-artifact/action.yml
+++ b/.github/actions/upload-artifact/action.yml
@ -46,9 +46,7 @@ runs:
        shopt -s globstar || echo "'globstar' not available"
        tar -cavf ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz ${{ inputs.path }}

-    - uses: actions/upload-artifact@v3
-      # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-      # under the same name something that actions/upload-artifact@v4 does not do.
+    - uses: actions/upload-artifact@v4
      with:
        name: ${{ inputs.name }}
        path: ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz
--- a/.github/workflows/build-deps-ci-action.yml
+++ b/.github/workflows/build-deps-ci-action.yml
@ -40,15 +40,48 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

 jobs:

+  generate-matrix:
+    name: Generate Matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
+    steps:
+
+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Checkout Source Code
+        uses: actions/checkout@v4
+
+      - name: Setup Python Tools Scripts
+        uses: ./.github/actions/setup-python-tools-scripts
+        with:
+          cache-prefix: ${{ inputs.cache-prefix }}
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple
+
+      - name: Generate Test Matrix
+        id: generate-matrix
+        run: |
+          tools ci deps-matrix
+
+
  linux-dependencies:
    name: Linux
+    needs:
+      - generate-matrix
    runs-on:
      - self-hosted
      - linux
@ -59,11 +92,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        include:
-          - distro-slug: centos-7
-            arch: x86_64
-          - distro-slug: centos-7-arm64
-            arch: arm64
+        include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include)['linux'] }}
    steps:

      - name: "Throttle Builds"
@ -99,7 +128,7 @@ jobs:
      - name: PyPi Proxy
        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
        run: |
-          sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
+          sed -i '7s;^;--index-url=${{ vars.PIP_INDEX_URL }} --trusted-host ${{ vars.PIP_TRUSTED_HOST }} --extra-index-url=${{ vars.PIP_EXTRA_INDEX_URL }}\n;' requirements/static/ci/*/*.txt

      - name: Setup Python Tools Scripts
        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
@ -163,16 +192,16 @@ jobs:

  macos-dependencies:
    name: MacOS
+    needs:
+      - generate-matrix
    runs-on: ${{ matrix.distro-slug == 'macos-13-arm64' && 'macos-13-xlarge' || matrix.distro-slug }}
    timeout-minutes: 90
    strategy:
      fail-fast: false
      matrix:
-        include:
-          - distro-slug: macos-12
-            arch: x86_64
-          - distro-slug: macos-13-arm64
-            arch: arm64
+        include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include)['macos'] }}
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
    steps:

      - name: "Throttle Builds"
@ -250,6 +279,8 @@ jobs:
          path: nox.macos.${{ matrix.arch }}.tar.*

  windows-dependencies:
+    needs:
+      - generate-matrix
    name: Windows
    runs-on:
      - self-hosted
@ -261,9 +292,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        include:
-          - distro-slug: windows-2022
-            arch: amd64
+        include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include)['windows'] }}
    steps:

      - name: "Throttle Builds"
@ -299,7 +328,7 @@ jobs:
      - name: PyPi Proxy
        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
        run: |
-          sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
+          sed -i '7s;^;--index-url=${{ vars.PIP_INDEX_URL }} --trusted-host ${{ vars.PIP_TRUSTED_HOST }} --extra-index-url=${{ vars.PIP_EXTRA_INDEX_URL }}\n;' requirements/static/ci/*/*.txt

      - name: Setup Python Tools Scripts
        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
--- a/.github/workflows/build-deps-onedir.yml
+++ b/.github/workflows/build-deps-onedir.yml
@ -32,8 +32,9 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"

 jobs:
@ -92,13 +93,12 @@ jobs:
      fail-fast: false
      max-parallel: 2
      matrix:
-        arch:
-          - x86_64
-          - arm64
+        arch: ${{ github.event.repository.fork && fromJSON('["x86_64"]') || fromJSON('["x86_64", "arm64"]') }}
    runs-on:
      - ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
    env:
      USE_S3_CACHE: 'false'
+      PIP_INDEX_URL: https://pypi.org/simple
    steps:

      - name: "Throttle Builds"
@ -149,6 +149,7 @@ jobs:
    runs-on: windows-latest
    env:
      USE_S3_CACHE: 'false'
+      PIP_INDEX_URL: https://pypi.org/simple
    steps:

      - name: "Throttle Builds"
--- a/.github/workflows/build-docs.yml
+++ b/.github/workflows/build-docs.yml
@ -17,8 +17,7 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: https://pypi.org/simple
  PIP_DISABLE_PIP_VERSION_CHECK: "1"

 jobs:
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@ -39,8 +39,9 @@ on:

 env:
  COLUMNS: 190
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"

 jobs:
@ -51,12 +52,11 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        arch:
-          - x86_64
-          - arm64
+        arch: ${{ github.event.repository.fork && fromJSON('["x86_64"]') || fromJSON('["x86_64", "arm64"]') }}
        source:
          - ${{ inputs.source }}
-
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
    runs-on:
      - ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}

@ -276,7 +276,7 @@ jobs:
          - ${{ inputs.source }}

    container:
-      image: ghcr.io/saltstack/salt-ci-containers/packaging:centosstream-9
+      image: ghcr.io/saltstack/salt-ci-containers/packaging:rockylinux-9

    steps:
      - uses: actions/checkout@v4
@ -362,6 +362,7 @@ jobs:
      SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}"
      SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}"
      WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}"
+      PIP_INDEX_URL: https://pypi.org/simple

    steps:
      - name: Check Package Signing Enabled
--- a/.github/workflows/build-salt-onedir.yml
+++ b/.github/workflows/build-salt-onedir.yml
@ -32,8 +32,9 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"

 jobs:
@ -99,11 +100,11 @@ jobs:
      fail-fast: false
      max-parallel: 2
      matrix:
-        arch:
-          - x86_64
-          - arm64
+        arch: ${{ github.event.repository.fork && fromJSON('["x86_64"]') || fromJSON('["x86_64", "arm64"]') }}
    runs-on:
      - ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple

    steps:
      - name: "Throttle Builds"
@ -158,6 +159,9 @@ jobs:
          - x86
          - amd64
    runs-on: windows-latest
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
+
    steps:

      - name: "Throttle Builds"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -416,7 +416,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-salt-onedir:
@ -432,7 +432,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-pkgs-onedir:
@ -445,7 +445,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "onedir"

@ -459,7 +459,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "src"
  build-ci-deps:
@ -645,27 +645,6 @@ jobs:
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

-  centos-7-pkg-tests:
-    name: CentOS 7 Package Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'centos-7') }}
-    needs:
-      - prepare-workflow
-      - build-pkgs-onedir
-      - build-ci-deps
-    uses: ./.github/workflows/test-packages-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      pkg-type: rpm
-      nox-version: 2022.8.7
-      python-version: "3.10"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
-      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-
  debian-11-pkg-tests:
    name: Debian 11 Package Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'debian-11') }}
@ -770,7 +749,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-4-arm64-pkg-tests:
    name: Photon OS 4 Arm64 Package Test
@ -792,6 +770,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-4-pkg-tests-fips:
+    name: Photon OS 4 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'photonos-4') }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-4-arm64-pkg-tests-fips:
+    name: Photon OS 4 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'photonos-4-arm64') }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  photonos-5-pkg-tests:
@ -814,7 +835,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-5-arm64-pkg-tests:
    name: Photon OS 5 Arm64 Package Test
@ -836,6 +856,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-5-pkg-tests-fips:
+    name: Photon OS 5 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'photonos-5') }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-5-arm64-pkg-tests-fips:
+    name: Photon OS 5 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  ubuntu-2004-pkg-tests:
@ -903,7 +966,7 @@ jobs:

  ubuntu-2204-arm64-pkg-tests:
    name: Ubuntu 22.04 Arm64 Package Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'ubuntu-22.04-arm64') }}
    needs:
      - prepare-workflow
      - build-pkgs-onedir
@ -922,9 +985,51 @@ jobs:
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

+  ubuntu-2404-pkg-tests:
+    name: Ubuntu 24.04 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'ubuntu-24.04') }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  ubuntu-2404-arm64-pkg-tests:
+    name: Ubuntu 24.04 Arm64 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
  macos-12-pkg-tests:
    name: macOS 12 Package Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'macos-12') }}
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
    needs:
      - prepare-workflow
      - build-pkgs-onedir
@ -968,7 +1073,7 @@ jobs:

  macos-13-arm64-pkg-tests:
    name: macOS 13 Arm64 Package Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'macos-13-arm64') }}
    needs:
      - prepare-workflow
      - build-pkgs-onedir
@ -1179,7 +1284,7 @@ jobs:

  macos-12:
    name: macOS 12 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'macos-12') }}
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
    needs:
      - prepare-workflow
      - build-ci-deps
@ -1223,7 +1328,7 @@ jobs:

  macos-13-arm64:
    name: macOS 13 Arm64 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'macos-13-arm64') }}
    needs:
      - prepare-workflow
      - build-ci-deps
@ -1432,27 +1537,6 @@ jobs:
      workflow-slug: ci
      default-timeout: 180

-  centos-7:
-    name: CentOS 7 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'centos-7') }}
-    needs:
-      - prepare-workflow
-      - build-ci-deps
-    uses: ./.github/workflows/test-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      nox-version: 2022.8.7
-      gh-actions-python-version: "3.10"
-      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
-      workflow-slug: ci
-      default-timeout: 180
-
  debian-11:
    name: Debian 11 Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'debian-11') }}
@ -1537,15 +1621,15 @@ jobs:
      workflow-slug: ci
      default-timeout: 180

-  fedora-39:
-    name: Fedora 39 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'fedora-39') }}
+  fedora-40:
+    name: Fedora 40 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'fedora-40') }}
    needs:
      - prepare-workflow
      - build-ci-deps
    uses: ./.github/workflows/test-action-linux.yml
    with:
-      distro-slug: fedora-39
+      distro-slug: fedora-40
      nox-session: ci-test-onedir
      platform: linux
      arch: x86_64
@ -1599,7 +1683,6 @@ jobs:
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      workflow-slug: ci
      default-timeout: 180
-      fips: true

  photonos-4-arm64:
    name: Photon OS 4 Arm64 Test
@ -1621,6 +1704,49 @@ jobs:
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      workflow-slug: ci
      default-timeout: 180
+
+  photonos-4-fips:
+    name: Photon OS 4 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'photonos-4') }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      workflow-slug: ci
+      default-timeout: 180
+      fips: true
+
+  photonos-4-arm64-fips:
+    name: Photon OS 4 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'photonos-4-arm64') }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      workflow-slug: ci
+      default-timeout: 180
      fips: true

  photonos-5:
@ -1643,7 +1769,6 @@ jobs:
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      workflow-slug: ci
      default-timeout: 180
-      fips: true

  photonos-5-arm64:
    name: Photon OS 5 Arm64 Test
@ -1665,6 +1790,49 @@ jobs:
      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
      workflow-slug: ci
      default-timeout: 180
+
+  photonos-5-fips:
+    name: Photon OS 5 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'photonos-5') }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      workflow-slug: ci
+      default-timeout: 180
+      fips: true
+
+  photonos-5-arm64-fips:
+    name: Photon OS 5 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      workflow-slug: ci
+      default-timeout: 180
      fips: true

  ubuntu-2004:
@ -1732,7 +1900,7 @@ jobs:

  ubuntu-2204-arm64:
    name: Ubuntu 22.04 Arm64 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'ubuntu-22.04-arm64') }}
    needs:
      - prepare-workflow
      - build-ci-deps
@ -1751,10 +1919,54 @@ jobs:
      workflow-slug: ci
      default-timeout: 180

+  ubuntu-2404:
+    name: Ubuntu 24.04 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] && contains(fromJSON(needs.prepare-workflow.outputs.os-labels), 'ubuntu-24.04') }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      workflow-slug: ci
+      default-timeout: 180
+
+  ubuntu-2404-arm64:
+    name: Ubuntu 24.04 Arm64 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] }}
+      workflow-slug: ci
+      default-timeout: 180
+
  combine-all-code-coverage:
    name: Combine Code Coverage
    if: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] == false }}
    runs-on: ubuntu-latest
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
    needs:
      - prepare-workflow
      - build-ci-deps
@ -1773,21 +1985,26 @@ jobs:
      - amazonlinux-2023
      - amazonlinux-2023-arm64
      - archlinux-lts
-      - centos-7
      - debian-11
      - debian-11-arm64
      - debian-12
      - debian-12-arm64
-      - fedora-39
+      - fedora-40
      - opensuse-15
      - photonos-4
      - photonos-4-arm64
+      - photonos-4-fips
+      - photonos-4-arm64-fips
      - photonos-5
      - photonos-5-arm64
+      - photonos-5-fips
+      - photonos-5-arm64-fips
      - ubuntu-2004
      - ubuntu-2004-arm64
      - ubuntu-2204
      - ubuntu-2204-arm64
+      - ubuntu-2404
+      - ubuntu-2404-arm64
    steps:
      - uses: actions/checkout@v4

@ -1808,11 +2025,18 @@ jobs:



+      - name: Merge All Code Coverage Test Run Artifacts
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: all-testrun-coverage-artifacts
+          pattern: all-testrun-coverage-artifacts-*
+          separate-directories: false
+          delete-merged: true
+
      - name: Get coverage reports
        id: get-coverage-reports
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
          name: all-testrun-coverage-artifacts
          path: artifacts/coverage/
@ -1928,21 +2152,26 @@ jobs:
      - amazonlinux-2023
      - amazonlinux-2023-arm64
      - archlinux-lts
-      - centos-7
      - debian-11
      - debian-11-arm64
      - debian-12
      - debian-12-arm64
-      - fedora-39
+      - fedora-40
      - opensuse-15
      - photonos-4
      - photonos-4-arm64
+      - photonos-4-fips
+      - photonos-4-arm64-fips
      - photonos-5
      - photonos-5-arm64
+      - photonos-5-fips
+      - photonos-5-arm64-fips
      - ubuntu-2004
      - ubuntu-2004-arm64
      - ubuntu-2204
      - ubuntu-2204-arm64
+      - ubuntu-2404
+      - ubuntu-2404-arm64
      - rockylinux-8-pkg-tests
      - rockylinux-8-arm64-pkg-tests
      - rockylinux-9-pkg-tests
@ -1951,19 +2180,24 @@ jobs:
      - amazonlinux-2-arm64-pkg-tests
      - amazonlinux-2023-pkg-tests
      - amazonlinux-2023-arm64-pkg-tests
-      - centos-7-pkg-tests
      - debian-11-pkg-tests
      - debian-11-arm64-pkg-tests
      - debian-12-pkg-tests
      - debian-12-arm64-pkg-tests
      - photonos-4-pkg-tests
      - photonos-4-arm64-pkg-tests
+      - photonos-4-pkg-tests-fips
+      - photonos-4-arm64-pkg-tests-fips
      - photonos-5-pkg-tests
      - photonos-5-arm64-pkg-tests
+      - photonos-5-pkg-tests-fips
+      - photonos-5-arm64-pkg-tests-fips
      - ubuntu-2004-pkg-tests
      - ubuntu-2004-arm64-pkg-tests
      - ubuntu-2204-pkg-tests
      - ubuntu-2204-arm64-pkg-tests
+      - ubuntu-2404-pkg-tests
+      - ubuntu-2404-arm64-pkg-tests
      - macos-12-pkg-tests
      - macos-13-pkg-tests
      - macos-13-arm64-pkg-tests
@ -1976,12 +2210,12 @@ jobs:
    steps:
      - name: Get workflow information
        id: get-workflow-info
-        uses: technote-space/workflow-conclusion-action@v3
+        uses: im-open/workflow-conclusion@v2

      - name: Set Pipeline Exit Status
        shell: bash
        run: |
-          if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then
+          if [ "${{ steps.get-workflow-info.outputs.workflow_conclusion }}" != "success" ]; then
            exit 1
          else
            exit 0
--- a/.github/workflows/lint-action.yml
+++ b/.github/workflows/lint-action.yml
@ -11,8 +11,7 @@ on:


 env:
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: https://pypi.org/simple
  PIP_DISABLE_PIP_VERSION_CHECK: "1"


@ -23,7 +22,7 @@ jobs:
    if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['salt'] || fromJSON(inputs.changed-files)['lint'] }}

    container:
-      image: ghcr.io/saltstack/salt-ci-containers/python:3.9
+      image: ghcr.io/saltstack/salt-ci-containers/python:3.10

    steps:
      - name: Install System Deps
@ -67,7 +66,7 @@ jobs:
    if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['tests'] || fromJSON(inputs.changed-files)['lint'] }}

    container:
-      image: ghcr.io/saltstack/salt-ci-containers/python:3.8
+      image: ghcr.io/saltstack/salt-ci-containers/python:3.10

    steps:
      - name: Install System Deps
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@ -470,7 +470,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-salt-onedir:
@ -486,7 +486,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-pkgs-onedir:
@ -499,7 +499,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "onedir"
      environment: nightly
@ -517,7 +517,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "src"
      environment: nightly
@ -707,27 +707,6 @@ jobs:
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

-  centos-7-pkg-tests:
-    name: CentOS 7 Package Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
-    needs:
-      - prepare-workflow
-      - build-pkgs-onedir
-      - build-ci-deps
-    uses: ./.github/workflows/test-packages-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      pkg-type: rpm
-      nox-version: 2022.8.7
-      python-version: "3.10"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: false
-      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-
  debian-11-pkg-tests:
    name: Debian 11 Package Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -832,7 +811,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-4-arm64-pkg-tests:
    name: Photon OS 4 Arm64 Package Test
@ -854,6 +832,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-4-pkg-tests-fips:
+    name: Photon OS 4 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-4-arm64-pkg-tests-fips:
+    name: Photon OS 4 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  photonos-5-pkg-tests:
@ -876,7 +897,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-5-arm64-pkg-tests:
    name: Photon OS 5 Arm64 Package Test
@ -898,6 +918,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-5-pkg-tests-fips:
+    name: Photon OS 5 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-5-arm64-pkg-tests-fips:
+    name: Photon OS 5 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  ubuntu-2004-pkg-tests:
@ -984,6 +1047,48 @@ jobs:
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

+  ubuntu-2404-pkg-tests:
+    name: Ubuntu 24.04 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  ubuntu-2404-arm64-pkg-tests:
+    name: Ubuntu 24.04 Arm64 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
  macos-12-pkg-tests:
    name: macOS 12 Package Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
@ -1494,27 +1599,6 @@ jobs:
      workflow-slug: nightly
      default-timeout: 360

-  centos-7:
-    name: CentOS 7 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
-    needs:
-      - prepare-workflow
-      - build-ci-deps
-    uses: ./.github/workflows/test-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      nox-version: 2022.8.7
-      gh-actions-python-version: "3.10"
-      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: false
-      workflow-slug: nightly
-      default-timeout: 360
-
  debian-11:
    name: Debian 11 Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -1599,15 +1683,15 @@ jobs:
      workflow-slug: nightly
      default-timeout: 360

-  fedora-39:
-    name: Fedora 39 Test
+  fedora-40:
+    name: Fedora 40 Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
    needs:
      - prepare-workflow
      - build-ci-deps
    uses: ./.github/workflows/test-action-linux.yml
    with:
-      distro-slug: fedora-39
+      distro-slug: fedora-40
      nox-session: ci-test-onedir
      platform: linux
      arch: x86_64
@ -1661,7 +1745,6 @@ jobs:
      skip-code-coverage: false
      workflow-slug: nightly
      default-timeout: 360
-      fips: true

  photonos-4-arm64:
    name: Photon OS 4 Arm64 Test
@ -1683,6 +1766,49 @@ jobs:
      skip-code-coverage: false
      workflow-slug: nightly
      default-timeout: 360
+
+  photonos-4-fips:
+    name: Photon OS 4 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: nightly
+      default-timeout: 360
+      fips: true
+
+  photonos-4-arm64-fips:
+    name: Photon OS 4 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: nightly
+      default-timeout: 360
      fips: true

  photonos-5:
@ -1705,7 +1831,6 @@ jobs:
      skip-code-coverage: false
      workflow-slug: nightly
      default-timeout: 360
-      fips: true

  photonos-5-arm64:
    name: Photon OS 5 Arm64 Test
@ -1727,6 +1852,49 @@ jobs:
      skip-code-coverage: false
      workflow-slug: nightly
      default-timeout: 360
+
+  photonos-5-fips:
+    name: Photon OS 5 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: nightly
+      default-timeout: 360
+      fips: true
+
+  photonos-5-arm64-fips:
+    name: Photon OS 5 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: nightly
+      default-timeout: 360
      fips: true

  ubuntu-2004:
@ -1813,10 +1981,54 @@ jobs:
      workflow-slug: nightly
      default-timeout: 360

+  ubuntu-2404:
+    name: Ubuntu 24.04 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: nightly
+      default-timeout: 360
+
+  ubuntu-2404-arm64:
+    name: Ubuntu 24.04 Arm64 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: nightly
+      default-timeout: 360
+
  combine-all-code-coverage:
    name: Combine Code Coverage
    if: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] == false }}
    runs-on: ubuntu-latest
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
    needs:
      - prepare-workflow
      - build-ci-deps
@ -1835,21 +2047,26 @@ jobs:
      - amazonlinux-2023
      - amazonlinux-2023-arm64
      - archlinux-lts
-      - centos-7
      - debian-11
      - debian-11-arm64
      - debian-12
      - debian-12-arm64
-      - fedora-39
+      - fedora-40
      - opensuse-15
      - photonos-4
      - photonos-4-arm64
+      - photonos-4-fips
+      - photonos-4-arm64-fips
      - photonos-5
      - photonos-5-arm64
+      - photonos-5-fips
+      - photonos-5-arm64-fips
      - ubuntu-2004
      - ubuntu-2004-arm64
      - ubuntu-2204
      - ubuntu-2204-arm64
+      - ubuntu-2404
+      - ubuntu-2404-arm64
    steps:
      - uses: actions/checkout@v4

@ -1870,11 +2087,18 @@ jobs:



+      - name: Merge All Code Coverage Test Run Artifacts
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: all-testrun-coverage-artifacts
+          pattern: all-testrun-coverage-artifacts-*
+          separate-directories: false
+          delete-merged: true
+
      - name: Get coverage reports
        id: get-coverage-reports
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
          name: all-testrun-coverage-artifacts
          path: artifacts/coverage/
@ -2056,7 +2280,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-src
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2112,11 +2336,11 @@ jobs:
            arch: arm64
          - pkg-type: deb
            distro: ubuntu
-            version: "23.04"
+            version: "24.04"
            arch: x86_64
          - pkg-type: deb
            distro: ubuntu
-            version: "23.04"
+            version: "24.04"
            arch: arm64

    steps:
@ -2187,7 +2411,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2235,15 +2459,15 @@ jobs:
            arch: aarch64
          - pkg-type: rpm
            distro: fedora
-            version: "39"
+            version: "40"
            arch: x86_64
          - pkg-type: rpm
            distro: fedora
-            version: "39"
+            version: "40"
            arch: arm64
          - pkg-type: rpm
            distro: fedora
-            version: "39"
+            version: "40"
            arch: aarch64
          - pkg-type: rpm
            distro: photon
@ -2269,18 +2493,6 @@ jobs:
            distro: photon
            version: "5"
            arch: aarch64
-          - pkg-type: rpm
-            distro: redhat
-            version: "7"
-            arch: x86_64
-          - pkg-type: rpm
-            distro: redhat
-            version: "7"
-            arch: arm64
-          - pkg-type: rpm
-            distro: redhat
-            version: "7"
-            arch: aarch64
          - pkg-type: rpm
            distro: redhat
            version: "8"
@ -2377,7 +2589,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2481,7 +2693,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-windows
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2526,6 +2738,7 @@ jobs:
          path: artifacts/pkgs/incoming

      - name: Download macOS Arch64 Packages
+        if: ${{ ! github.event.repository.fork }}
        uses: actions/download-artifact@v4
        with:
          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-arm64-macos
@ -2573,7 +2786,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-macos
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2630,6 +2843,7 @@ jobs:
          path: artifacts/pkgs/incoming

      - name: Download macOS arm64 Onedir Archive
+        if: ${{ ! github.event.repository.fork }}
        uses: actions/download-artifact@v4
        with:
          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-arm64.tar.xz
@ -2701,7 +2915,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-onedir
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2740,21 +2954,26 @@ jobs:
      - amazonlinux-2023
      - amazonlinux-2023-arm64
      - archlinux-lts
-      - centos-7
      - debian-11
      - debian-11-arm64
      - debian-12
      - debian-12-arm64
-      - fedora-39
+      - fedora-40
      - opensuse-15
      - photonos-4
      - photonos-4-arm64
+      - photonos-4-fips
+      - photonos-4-arm64-fips
      - photonos-5
      - photonos-5-arm64
+      - photonos-5-fips
+      - photonos-5-arm64-fips
      - ubuntu-2004
      - ubuntu-2004-arm64
      - ubuntu-2204
      - ubuntu-2204-arm64
+      - ubuntu-2404
+      - ubuntu-2404-arm64

    steps:

@ -2772,11 +2991,10 @@ jobs:
          cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}

      - name: Download Repository Artifact
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo
+          pattern: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-*
+          merge-multiple: true
          path: repo/

      - name: Decompress Repository Artifacts
@ -2822,19 +3040,24 @@ jobs:
      - amazonlinux-2-arm64-pkg-tests
      - amazonlinux-2023-pkg-tests
      - amazonlinux-2023-arm64-pkg-tests
-      - centos-7-pkg-tests
      - debian-11-pkg-tests
      - debian-11-arm64-pkg-tests
      - debian-12-pkg-tests
      - debian-12-arm64-pkg-tests
      - photonos-4-pkg-tests
      - photonos-4-arm64-pkg-tests
+      - photonos-4-pkg-tests-fips
+      - photonos-4-arm64-pkg-tests-fips
      - photonos-5-pkg-tests
      - photonos-5-arm64-pkg-tests
+      - photonos-5-pkg-tests-fips
+      - photonos-5-arm64-pkg-tests-fips
      - ubuntu-2004-pkg-tests
      - ubuntu-2004-arm64-pkg-tests
      - ubuntu-2204-pkg-tests
      - ubuntu-2204-arm64-pkg-tests
+      - ubuntu-2404-pkg-tests
+      - ubuntu-2404-arm64-pkg-tests
      - macos-12-pkg-tests
      - macos-13-pkg-tests
      - macos-13-arm64-pkg-tests
@ -2847,7 +3070,7 @@ jobs:
    steps:
      - name: Get workflow information
        id: get-workflow-info
-        uses: technote-space/workflow-conclusion-action@v3
+        uses: im-open/workflow-conclusion@v2

      - name: Notify Slack
        id: slack
@ -2911,7 +3134,7 @@ jobs:
      - name: Set Pipeline Exit Status
        shell: bash
        run: |
-          if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then
+          if [ "${{ steps.get-workflow-info.outputs.workflow_conclusion }}" != "success" ]; then
            exit 1
          else
            exit 0
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@ -19,8 +19,9 @@ on:


 env:
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}


 permissions:
--- a/.github/workflows/release-upload-virustotal.yml
+++ b/.github/workflows/release-upload-virustotal.yml
@ -20,8 +20,9 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}

 jobs:
  upload-virustotal:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -363,7 +363,7 @@ jobs:
          branch: ${{ github.ref }}

      - name: Create Github Release
-        uses: ncipollo/release-action@v1.12.0
+        uses: ncipollo/release-action@v1
        with:
          artifactErrorsFailBuild: true
          artifacts: ${{ steps.prepare-release.outputs.release-artifacts }}
@ -461,7 +461,7 @@ jobs:
    steps:
      - name: Get workflow information
        id: get-workflow-info
-        uses: technote-space/workflow-conclusion-action@v3
+        uses: im-open/workflow-conclusion@v2

      - run: |
          # shellcheck disable=SC2129
@ -475,7 +475,7 @@ jobs:
      - name: Set Pipeline Exit Status
        shell: bash
        run: |
-          if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then
+          if [ "${{ steps.get-workflow-info.outputs.workflow_conclusion }}" != "success" ]; then
            exit 1
          else
            exit 0
--- a/.github/workflows/scheduled.yml
+++ b/.github/workflows/scheduled.yml
@ -455,7 +455,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-salt-onedir:
@ -471,7 +471,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-pkgs-onedir:
@ -484,7 +484,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "onedir"

@ -498,7 +498,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "src"
  build-ci-deps:
@ -684,27 +684,6 @@ jobs:
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

-  centos-7-pkg-tests:
-    name: CentOS 7 Package Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
-    needs:
-      - prepare-workflow
-      - build-pkgs-onedir
-      - build-ci-deps
-    uses: ./.github/workflows/test-packages-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      pkg-type: rpm
-      nox-version: 2022.8.7
-      python-version: "3.10"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: false
-      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-
  debian-11-pkg-tests:
    name: Debian 11 Package Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -809,7 +788,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-4-arm64-pkg-tests:
    name: Photon OS 4 Arm64 Package Test
@ -831,6 +809,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-4-pkg-tests-fips:
+    name: Photon OS 4 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-4-arm64-pkg-tests-fips:
+    name: Photon OS 4 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  photonos-5-pkg-tests:
@ -853,7 +874,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-5-arm64-pkg-tests:
    name: Photon OS 5 Arm64 Package Test
@ -875,6 +895,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-5-pkg-tests-fips:
+    name: Photon OS 5 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-5-arm64-pkg-tests-fips:
+    name: Photon OS 5 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  ubuntu-2004-pkg-tests:
@ -961,6 +1024,48 @@ jobs:
      skip-code-coverage: false
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

+  ubuntu-2404-pkg-tests:
+    name: Ubuntu 24.04 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  ubuntu-2404-arm64-pkg-tests:
+    name: Ubuntu 24.04 Arm64 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
  macos-12-pkg-tests:
    name: macOS 12 Package Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
@ -1471,27 +1576,6 @@ jobs:
      workflow-slug: scheduled
      default-timeout: 360

-  centos-7:
-    name: CentOS 7 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
-    needs:
-      - prepare-workflow
-      - build-ci-deps
-    uses: ./.github/workflows/test-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      nox-version: 2022.8.7
-      gh-actions-python-version: "3.10"
-      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: false
-      workflow-slug: scheduled
-      default-timeout: 360
-
  debian-11:
    name: Debian 11 Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -1576,15 +1660,15 @@ jobs:
      workflow-slug: scheduled
      default-timeout: 360

-  fedora-39:
-    name: Fedora 39 Test
+  fedora-40:
+    name: Fedora 40 Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
    needs:
      - prepare-workflow
      - build-ci-deps
    uses: ./.github/workflows/test-action-linux.yml
    with:
-      distro-slug: fedora-39
+      distro-slug: fedora-40
      nox-session: ci-test-onedir
      platform: linux
      arch: x86_64
@ -1638,7 +1722,6 @@ jobs:
      skip-code-coverage: false
      workflow-slug: scheduled
      default-timeout: 360
-      fips: true

  photonos-4-arm64:
    name: Photon OS 4 Arm64 Test
@ -1660,6 +1743,49 @@ jobs:
      skip-code-coverage: false
      workflow-slug: scheduled
      default-timeout: 360
+
+  photonos-4-fips:
+    name: Photon OS 4 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: scheduled
+      default-timeout: 360
+      fips: true
+
+  photonos-4-arm64-fips:
+    name: Photon OS 4 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: scheduled
+      default-timeout: 360
      fips: true

  photonos-5:
@ -1682,7 +1808,6 @@ jobs:
      skip-code-coverage: false
      workflow-slug: scheduled
      default-timeout: 360
-      fips: true

  photonos-5-arm64:
    name: Photon OS 5 Arm64 Test
@ -1704,6 +1829,49 @@ jobs:
      skip-code-coverage: false
      workflow-slug: scheduled
      default-timeout: 360
+
+  photonos-5-fips:
+    name: Photon OS 5 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: scheduled
+      default-timeout: 360
+      fips: true
+
+  photonos-5-arm64-fips:
+    name: Photon OS 5 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: scheduled
+      default-timeout: 360
      fips: true

  ubuntu-2004:
@ -1790,10 +1958,54 @@ jobs:
      workflow-slug: scheduled
      default-timeout: 360

+  ubuntu-2404:
+    name: Ubuntu 24.04 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: scheduled
+      default-timeout: 360
+
+  ubuntu-2404-arm64:
+    name: Ubuntu 24.04 Arm64 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: false
+      workflow-slug: scheduled
+      default-timeout: 360
+
  combine-all-code-coverage:
    name: Combine Code Coverage
    if: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] == false }}
    runs-on: ubuntu-latest
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
    needs:
      - prepare-workflow
      - build-ci-deps
@ -1812,21 +2024,26 @@ jobs:
      - amazonlinux-2023
      - amazonlinux-2023-arm64
      - archlinux-lts
-      - centos-7
      - debian-11
      - debian-11-arm64
      - debian-12
      - debian-12-arm64
-      - fedora-39
+      - fedora-40
      - opensuse-15
      - photonos-4
      - photonos-4-arm64
+      - photonos-4-fips
+      - photonos-4-arm64-fips
      - photonos-5
      - photonos-5-arm64
+      - photonos-5-fips
+      - photonos-5-arm64-fips
      - ubuntu-2004
      - ubuntu-2004-arm64
      - ubuntu-2204
      - ubuntu-2204-arm64
+      - ubuntu-2404
+      - ubuntu-2404-arm64
    steps:
      - uses: actions/checkout@v4

@ -1847,11 +2064,18 @@ jobs:



+      - name: Merge All Code Coverage Test Run Artifacts
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: all-testrun-coverage-artifacts
+          pattern: all-testrun-coverage-artifacts-*
+          separate-directories: false
+          delete-merged: true
+
      - name: Get coverage reports
        id: get-coverage-reports
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
          name: all-testrun-coverage-artifacts
          path: artifacts/coverage/
@ -1969,21 +2193,26 @@ jobs:
      - amazonlinux-2023
      - amazonlinux-2023-arm64
      - archlinux-lts
-      - centos-7
      - debian-11
      - debian-11-arm64
      - debian-12
      - debian-12-arm64
-      - fedora-39
+      - fedora-40
      - opensuse-15
      - photonos-4
      - photonos-4-arm64
+      - photonos-4-fips
+      - photonos-4-arm64-fips
      - photonos-5
      - photonos-5-arm64
+      - photonos-5-fips
+      - photonos-5-arm64-fips
      - ubuntu-2004
      - ubuntu-2004-arm64
      - ubuntu-2204
      - ubuntu-2204-arm64
+      - ubuntu-2404
+      - ubuntu-2404-arm64
      - rockylinux-8-pkg-tests
      - rockylinux-8-arm64-pkg-tests
      - rockylinux-9-pkg-tests
@ -1992,19 +2221,24 @@ jobs:
      - amazonlinux-2-arm64-pkg-tests
      - amazonlinux-2023-pkg-tests
      - amazonlinux-2023-arm64-pkg-tests
-      - centos-7-pkg-tests
      - debian-11-pkg-tests
      - debian-11-arm64-pkg-tests
      - debian-12-pkg-tests
      - debian-12-arm64-pkg-tests
      - photonos-4-pkg-tests
      - photonos-4-arm64-pkg-tests
+      - photonos-4-pkg-tests-fips
+      - photonos-4-arm64-pkg-tests-fips
      - photonos-5-pkg-tests
      - photonos-5-arm64-pkg-tests
+      - photonos-5-pkg-tests-fips
+      - photonos-5-arm64-pkg-tests-fips
      - ubuntu-2004-pkg-tests
      - ubuntu-2004-arm64-pkg-tests
      - ubuntu-2204-pkg-tests
      - ubuntu-2204-arm64-pkg-tests
+      - ubuntu-2404-pkg-tests
+      - ubuntu-2404-arm64-pkg-tests
      - macos-12-pkg-tests
      - macos-13-pkg-tests
      - macos-13-arm64-pkg-tests
@ -2017,12 +2251,12 @@ jobs:
    steps:
      - name: Get workflow information
        id: get-workflow-info
-        uses: technote-space/workflow-conclusion-action@v3
+        uses: im-open/workflow-conclusion@v2

      - name: Set Pipeline Exit Status
        shell: bash
        run: |
-          if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then
+          if [ "${{ steps.get-workflow-info.outputs.workflow_conclusion }}" != "success" ]; then
            exit 1
          else
            exit 0
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@ -455,7 +455,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-salt-onedir:
@ -471,7 +471,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"

  build-pkgs-onedir:
@ -484,7 +484,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "onedir"
      environment: staging
@ -502,7 +502,7 @@ jobs:
    with:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
-      relenv-version: "0.16.0"
+      relenv-version: "0.17.0"
      python-version: "3.10.14"
      source: "src"
      environment: staging
@ -692,27 +692,6 @@ jobs:
      skip-code-coverage: true
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

-  centos-7-pkg-tests:
-    name: CentOS 7 Package Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
-    needs:
-      - prepare-workflow
-      - build-pkgs-onedir
-      - build-ci-deps
-    uses: ./.github/workflows/test-packages-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      pkg-type: rpm
-      nox-version: 2022.8.7
-      python-version: "3.10"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: true
-      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-
  debian-11-pkg-tests:
    name: Debian 11 Package Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -817,7 +796,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: true
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-4-arm64-pkg-tests:
    name: Photon OS 4 Arm64 Package Test
@ -839,6 +817,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: true
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-4-pkg-tests-fips:
+    name: Photon OS 4 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-4-arm64-pkg-tests-fips:
+    name: Photon OS 4 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  photonos-5-pkg-tests:
@ -861,7 +882,6 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: true
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
-      fips: true

  photonos-5-arm64-pkg-tests:
    name: Photon OS 5 Arm64 Package Test
@ -883,6 +903,49 @@ jobs:
      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
      skip-code-coverage: true
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  photonos-5-pkg-tests-fips:
+    name: Photon OS 5 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+      fips: true
+
+  photonos-5-arm64-pkg-tests-fips:
+    name: Photon OS 5 Arm64 Package Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: rpm
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
      fips: true

  ubuntu-2004-pkg-tests:
@ -969,6 +1032,48 @@ jobs:
      skip-code-coverage: true
      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}

+  ubuntu-2404-pkg-tests:
+    name: Ubuntu 24.04 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
+  ubuntu-2404-arm64-pkg-tests:
+    name: Ubuntu 24.04 Arm64 Package Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-pkgs-onedir
+      - build-ci-deps
+    uses: ./.github/workflows/test-packages-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      pkg-type: deb
+      nox-version: 2022.8.7
+      python-version: "3.10"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
+
  macos-12-pkg-tests:
    name: macOS 12 Package Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
@ -1479,27 +1584,6 @@ jobs:
      workflow-slug: staging
      default-timeout: 180

-  centos-7:
-    name: CentOS 7 Test
-    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
-    needs:
-      - prepare-workflow
-      - build-ci-deps
-    uses: ./.github/workflows/test-action-linux.yml
-    with:
-      distro-slug: centos-7
-      nox-session: ci-test-onedir
-      platform: linux
-      arch: x86_64
-      nox-version: 2022.8.7
-      gh-actions-python-version: "3.10"
-      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
-      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
-      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
-      skip-code-coverage: true
-      workflow-slug: staging
-      default-timeout: 180
-
  debian-11:
    name: Debian 11 Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
@ -1584,15 +1668,15 @@ jobs:
      workflow-slug: staging
      default-timeout: 180

-  fedora-39:
-    name: Fedora 39 Test
+  fedora-40:
+    name: Fedora 40 Test
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
    needs:
      - prepare-workflow
      - build-ci-deps
    uses: ./.github/workflows/test-action-linux.yml
    with:
-      distro-slug: fedora-39
+      distro-slug: fedora-40
      nox-session: ci-test-onedir
      platform: linux
      arch: x86_64
@ -1646,7 +1730,6 @@ jobs:
      skip-code-coverage: true
      workflow-slug: staging
      default-timeout: 180
-      fips: true

  photonos-4-arm64:
    name: Photon OS 4 Arm64 Test
@ -1668,6 +1751,49 @@ jobs:
      skip-code-coverage: true
      workflow-slug: staging
      default-timeout: 180
+
+  photonos-4-fips:
+    name: Photon OS 4 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      workflow-slug: staging
+      default-timeout: 180
+      fips: true
+
+  photonos-4-arm64-fips:
+    name: Photon OS 4 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-4-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      workflow-slug: staging
+      default-timeout: 180
      fips: true

  photonos-5:
@ -1690,7 +1816,6 @@ jobs:
      skip-code-coverage: true
      workflow-slug: staging
      default-timeout: 180
-      fips: true

  photonos-5-arm64:
    name: Photon OS 5 Arm64 Test
@ -1712,6 +1837,49 @@ jobs:
      skip-code-coverage: true
      workflow-slug: staging
      default-timeout: 180
+
+  photonos-5-fips:
+    name: Photon OS 5 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      workflow-slug: staging
+      default-timeout: 180
+      fips: true
+
+  photonos-5-arm64-fips:
+    name: Photon OS 5 Arm64 Test (fips)
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: photonos-5-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      workflow-slug: staging
+      default-timeout: 180
      fips: true

  ubuntu-2004:
@ -1798,6 +1966,48 @@ jobs:
      workflow-slug: staging
      default-timeout: 180

+  ubuntu-2404:
+    name: Ubuntu 24.04 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: x86_64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      workflow-slug: staging
+      default-timeout: 180
+
+  ubuntu-2404-arm64:
+    name: Ubuntu 24.04 Arm64 Test
+    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
+    needs:
+      - prepare-workflow
+      - build-ci-deps
+    uses: ./.github/workflows/test-action-linux.yml
+    with:
+      distro-slug: ubuntu-24.04-arm64
+      nox-session: ci-test-onedir
+      platform: linux
+      arch: arm64
+      nox-version: 2022.8.7
+      gh-actions-python-version: "3.10"
+      testrun: ${{ needs.prepare-workflow.outputs.testrun }}
+      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
+      cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.14
+      skip-code-coverage: true
+      workflow-slug: staging
+      default-timeout: 180
+
  build-src-repo:
    name: Build Repository
    environment: staging
@ -1895,7 +2105,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-src
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -1951,11 +2161,11 @@ jobs:
            arch: arm64
          - pkg-type: deb
            distro: ubuntu
-            version: "23.04"
+            version: "24.04"
            arch: x86_64
          - pkg-type: deb
            distro: ubuntu
-            version: "23.04"
+            version: "24.04"
            arch: arm64

    steps:
@ -2026,7 +2236,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2074,15 +2284,15 @@ jobs:
            arch: aarch64
          - pkg-type: rpm
            distro: fedora
-            version: "39"
+            version: "40"
            arch: x86_64
          - pkg-type: rpm
            distro: fedora
-            version: "39"
+            version: "40"
            arch: arm64
          - pkg-type: rpm
            distro: fedora
-            version: "39"
+            version: "40"
            arch: aarch64
          - pkg-type: rpm
            distro: photon
@ -2108,18 +2318,6 @@ jobs:
            distro: photon
            version: "5"
            arch: aarch64
-          - pkg-type: rpm
-            distro: redhat
-            version: "7"
-            arch: x86_64
-          - pkg-type: rpm
-            distro: redhat
-            version: "7"
-            arch: arm64
-          - pkg-type: rpm
-            distro: redhat
-            version: "7"
-            arch: aarch64
          - pkg-type: rpm
            distro: redhat
            version: "8"
@ -2218,7 +2416,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2322,7 +2520,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-windows
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2367,6 +2565,7 @@ jobs:
          path: artifacts/pkgs/incoming

      - name: Download macOS Arch64 Packages
+        if: ${{ ! github.event.repository.fork }}
        uses: actions/download-artifact@v4
        with:
          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-arm64-macos
@ -2414,7 +2613,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-macos
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2471,6 +2670,7 @@ jobs:
          path: artifacts/pkgs/incoming

      - name: Download macOS arm64 Onedir Archive
+        if: ${{ ! github.event.repository.fork }}
        uses: actions/download-artifact@v4
        with:
          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-arm64.tar.xz
@ -2542,7 +2742,7 @@ jobs:
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-onedir
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
@ -2582,11 +2782,10 @@ jobs:
          cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}

      - name: Download Repository Artifact
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo
+          pattern: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-*
+          merge-multiple: true
          path: repo/

      - name: Decompress Repository Artifacts
@ -2714,21 +2913,26 @@ jobs:
      - amazonlinux-2023
      - amazonlinux-2023-arm64
      - archlinux-lts
-      - centos-7
      - debian-11
      - debian-11-arm64
      - debian-12
      - debian-12-arm64
-      - fedora-39
+      - fedora-40
      - opensuse-15
      - photonos-4
      - photonos-4-arm64
+      - photonos-4-fips
+      - photonos-4-arm64-fips
      - photonos-5
      - photonos-5-arm64
+      - photonos-5-fips
+      - photonos-5-arm64-fips
      - ubuntu-2004
      - ubuntu-2004-arm64
      - ubuntu-2204
      - ubuntu-2204-arm64
+      - ubuntu-2404
+      - ubuntu-2404-arm64
      - rockylinux-8-pkg-tests
      - rockylinux-8-arm64-pkg-tests
      - rockylinux-9-pkg-tests
@ -2737,19 +2941,24 @@ jobs:
      - amazonlinux-2-arm64-pkg-tests
      - amazonlinux-2023-pkg-tests
      - amazonlinux-2023-arm64-pkg-tests
-      - centos-7-pkg-tests
      - debian-11-pkg-tests
      - debian-11-arm64-pkg-tests
      - debian-12-pkg-tests
      - debian-12-arm64-pkg-tests
      - photonos-4-pkg-tests
      - photonos-4-arm64-pkg-tests
+      - photonos-4-pkg-tests-fips
+      - photonos-4-arm64-pkg-tests-fips
      - photonos-5-pkg-tests
      - photonos-5-arm64-pkg-tests
+      - photonos-5-pkg-tests-fips
+      - photonos-5-arm64-pkg-tests-fips
      - ubuntu-2004-pkg-tests
      - ubuntu-2004-arm64-pkg-tests
      - ubuntu-2204-pkg-tests
      - ubuntu-2204-arm64-pkg-tests
+      - ubuntu-2404-pkg-tests
+      - ubuntu-2404-arm64-pkg-tests
      - macos-12-pkg-tests
      - macos-13-pkg-tests
      - macos-13-arm64-pkg-tests
@ -2831,12 +3040,12 @@ jobs:
    steps:
      - name: Get workflow information
        id: get-workflow-info
-        uses: technote-space/workflow-conclusion-action@v3
+        uses: im-open/workflow-conclusion@v2

      - name: Set Pipeline Exit Status
        shell: bash
        run: |
-          if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then
+          if [ "${{ steps.get-workflow-info.outputs.workflow_conclusion }}" != "success" ]; then
            exit 1
          else
            exit 0
--- a/.github/workflows/templates/build-deb-repo.yml.jinja
+++ b/.github/workflows/templates/build-deb-repo.yml.jinja
@ -78,7 +78,7 @@
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
--- a/.github/workflows/templates/build-deps-ci-action.yml.jinja
+++ b/.github/workflows/templates/build-deps-ci-action.yml.jinja
@ -1,364 +0,0 @@
---
-name: Install Test Dependencies
-
-on:
-  workflow_call:
-    inputs:
-      nox-session:
-        required: true
-        type: string
-        description: The nox session to run
-      salt-version:
-        type: string
-        required: true
-        description: The Salt version to set prior to running tests.
-      cache-prefix:
-        required: true
-        type: string
-        description: Seed used to invalidate caches
-      nox-version:
-        required: true
-        type: string
-        description: The nox version to install
-      nox-archive-hash:
-        required: true
-        type: string
-        description: Nox Tarball Cache Hash
-      python-version:
-        required: false
-        type: string
-        description: The python version to run tests with
-        default: "3.10"
-      package-name:
-        required: false
-        type: string
-        description: The onedir package name to use
-        default: salt
-
-
-env:
-  COLUMNS: 190
-  AWS_MAX_ATTEMPTS: "10"
-  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
-  PIP_DISABLE_PIP_VERSION_CHECK: "1"
-  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"
-
-jobs:
-
-  linux-dependencies:
-    name: Linux
-    runs-on:
-      - self-hosted
-      - linux
-      - bastion
-    env:
-      USE_S3_CACHE: 'true'
-    timeout-minutes: 90
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        <%- for arch, build_distro_slug in build_ci_deps_listing["linux"] %>
-          - distro-slug: <{ build_distro_slug }>
-            arch: <{ arch }>
-        <%- endfor %>
-    steps:
-
-      - name: "Throttle Builds"
-        shell: bash
-        run: |
-          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
-
-      - name: Checkout Source Code
-        uses: actions/checkout@v4
-
-      - name: Cache nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
-        id: nox-dependencies-cache
-        uses: ./.github/actions/cache
-        with:
-          path: nox.linux.${{ matrix.arch }}.tar.*
-          key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
-
-      - name: Download Onedir Tarball as an Artifact
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
-          path: artifacts/
-
-      - name: Decompress Onedir Tarball
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        shell: bash
-        run: |
-          python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
-          cd artifacts
-          tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
-
-      - name: PyPi Proxy
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
-
-      - name: Setup Python Tools Scripts
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        uses: ./.github/actions/setup-python-tools-scripts
-        with:
-          cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
-
-      - name: Get Salt Project GitHub Actions Bot Environment
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
-          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
-          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
-
-      - name: Start VM
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        id: spin-up-vm
-        run: |
-          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
-
-      - name: List Free Space
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
-
-      - name: Upload Checkout To VM
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm rsync ${{ matrix.distro-slug }}
-
-      - name: Install Dependencies
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
-
-      - name: Cleanup .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
-
-      - name: Compress .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
-
-      - name: Download Compressed .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
-
-      - name: Destroy VM
-        if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
-
-      - name: Upload Nox Requirements Tarball
-        uses: actions/upload-artifact@v4
-        with:
-          name: nox-linux-${{ matrix.arch }}-${{ inputs.nox-session }}
-          path: nox.linux.${{ matrix.arch }}.tar.*
-
-  macos-dependencies:
-    name: MacOS
-    runs-on: ${{ matrix.distro-slug == 'macos-13-arm64' && 'macos-13-xlarge' || matrix.distro-slug }}
-    timeout-minutes: 90
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        <%- for arch, build_distro_slug in build_ci_deps_listing["macos"] %>
-          - distro-slug: <{ build_distro_slug }>
-            arch: <{ arch }>
-        <%- endfor %>
-    steps:
-
-      - name: "Throttle Builds"
-        shell: bash
-        run: |
-          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
-
-      - name: Checkout Source Code
-        uses: actions/checkout@v4
-
-      - name: Cache nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
-        id: nox-dependencies-cache
-        uses: ./.github/actions/cache
-        with:
-          path: nox.macos.${{ matrix.arch }}.tar.*
-          key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
-
-      - name: Download Onedir Tarball as an Artifact
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
-          path: artifacts/
-
-      - name: Decompress Onedir Tarball
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        shell: bash
-        run: |
-          python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
-          cd artifacts
-          tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
-
-      - name: Set up Python ${{ inputs.python-version }}
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        uses: actions/setup-python@v5
-        with:
-          python-version: "${{ inputs.python-version }}"
-
-      - name: Install System Dependencies
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          brew install openssl@3
-
-      - name: Install Nox
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          python3 -m pip install 'nox==${{ inputs.nox-version }}'
-
-      - name: Install Dependencies
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        env:
-          PRINT_TEST_SELECTION: "0"
-          PRINT_SYSTEM_INFO: "0"
-        run: |
-          export PYCURL_SSL_LIBRARY=openssl
-          export LDFLAGS="-L/usr/local/opt/openssl@3/lib"
-          export CPPFLAGS="-I/usr/local/opt/openssl@3/include"
-          export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig"
-          nox --install-only -e ${{ inputs.nox-session }}
-
-      - name: Cleanup .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          nox --force-color -e "pre-archive-cleanup(pkg=False)"
-
-      - name: Compress .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          nox --force-color -e compress-dependencies -- macos ${{ matrix.arch }}
-
-      - name: Upload Nox Requirements Tarball
-        uses: actions/upload-artifact@v4
-        with:
-          name: nox-macos-${{ matrix.arch }}-${{ inputs.nox-session }}
-          path: nox.macos.${{ matrix.arch }}.tar.*
-
-  windows-dependencies:
-    name: Windows
-    runs-on:
-      - self-hosted
-      - linux
-      - bastion
-    env:
-      USE_S3_CACHE: 'true'
-    timeout-minutes: 90
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        <%- for arch, build_distro_slug in build_ci_deps_listing["windows"] %>
-          - distro-slug: <{ build_distro_slug }>
-            arch: <{ arch }>
-        <%- endfor %>
-    steps:
-
-      - name: "Throttle Builds"
-        shell: bash
-        run: |
-          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
-
-      - name: Checkout Source Code
-        uses: actions/checkout@v4
-
-      - name: Cache nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
-        id: nox-dependencies-cache
-        uses: ./.github/actions/cache
-        with:
-          path: nox.windows.${{ matrix.arch }}.tar.*
-          key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
-
-      - name: Download Onedir Tarball as an Artifact
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
-          path: artifacts/
-
-      - name: Decompress Onedir Tarball
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        shell: bash
-        run: |
-          python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
-          cd artifacts
-          tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
-
-      - name: PyPi Proxy
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
-
-      - name: Setup Python Tools Scripts
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        uses: ./.github/actions/setup-python-tools-scripts
-        with:
-          cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
-
-      - name: Get Salt Project GitHub Actions Bot Environment
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
-          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
-          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
-
-      - name: Start VM
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        id: spin-up-vm
-        run: |
-          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
-
-      - name: List Free Space
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
-
-      - name: Upload Checkout To VM
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm rsync ${{ matrix.distro-slug }}
-
-      - name: Install Dependencies
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
-
-      - name: Cleanup .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
-
-      - name: Compress .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
-
-      - name: Download Compressed .nox Directory
-        if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
-
-      - name: Destroy VM
-        if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
-        run: |
-          tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
-
-      - name: Upload Nox Requirements Tarball
-        uses: actions/upload-artifact@v4
-        with:
-          name: nox-windows-${{ matrix.arch }}-${{ inputs.nox-session }}
-          path: nox.windows.${{ matrix.arch }}.tar.*
--- a/.github/workflows/templates/build-macos-repo.yml.jinja
+++ b/.github/workflows/templates/build-macos-repo.yml.jinja
@ -26,6 +26,7 @@
          path: artifacts/pkgs/incoming

      - name: Download macOS Arch64 Packages
+        if: ${{ ! github.event.repository.fork }}
        uses: actions/download-artifact@v4
        with:
          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-arm64-macos
@ -73,7 +74,7 @@
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-macos
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
--- a/.github/workflows/templates/build-onedir-repo.yml.jinja
+++ b/.github/workflows/templates/build-onedir-repo.yml.jinja
@ -38,6 +38,7 @@
          path: artifacts/pkgs/incoming

      - name: Download macOS arm64 Onedir Archive
+        if: ${{ ! github.event.repository.fork }}
        uses: actions/download-artifact@v4
        with:
          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-arm64.tar.xz
@ -109,7 +110,7 @@
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-onedir
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
--- a/.github/workflows/templates/build-rpm-repo.yml.jinja
+++ b/.github/workflows/templates/build-rpm-repo.yml.jinja
@ -85,7 +85,7 @@
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
--- a/.github/workflows/templates/build-src-repo.yml.jinja
+++ b/.github/workflows/templates/build-src-repo.yml.jinja
@ -83,7 +83,7 @@
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-src
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
--- a/.github/workflows/templates/build-windows-repo.yml.jinja
+++ b/.github/workflows/templates/build-windows-repo.yml.jinja
@ -85,7 +85,7 @@
      - name: Upload Repository As An Artifact
        uses: ./.github/actions/upload-artifact
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo
+          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-windows
          path: artifacts/pkgs/repo/*
          retention-days: 7
          if-no-files-found: error
--- a/.github/workflows/templates/ci.yml.jinja
+++ b/.github/workflows/templates/ci.yml.jinja
@ -306,6 +306,8 @@
    name: Combine Code Coverage
    if: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] == false }}
    runs-on: ubuntu-latest
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple
    needs:
      - prepare-workflow
      <%- for need in test_salt_needs.iter(consume=False) %>
@ -342,11 +344,18 @@

 #}

+      - name: Merge All Code Coverage Test Run Artifacts
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: all-testrun-coverage-artifacts
+          pattern: all-testrun-coverage-artifacts-*
+          separate-directories: false
+          delete-merged: true
+
      - name: Get coverage reports
        id: get-coverage-reports
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
          name: all-testrun-coverage-artifacts
          path: artifacts/coverage/
--- a/.github/workflows/templates/layout.yml.jinja
+++ b/.github/workflows/templates/layout.yml.jinja
@ -352,7 +352,7 @@ jobs:
    steps:
      - name: Get workflow information
        id: get-workflow-info
-        uses: technote-space/workflow-conclusion-action@v3
+        uses: im-open/workflow-conclusion@v2

      <%- block set_pipeline_exit_status_extra_steps %>
      <%- endblock set_pipeline_exit_status_extra_steps %>
@ -360,7 +360,7 @@ jobs:
      - name: Set Pipeline Exit Status
        shell: bash
        run: |
-          if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then
+          if [ "${{ steps.get-workflow-info.outputs.workflow_conclusion }}" != "success" ]; then
            exit 1
          else
            exit 0
--- a/.github/workflows/templates/nightly.yml.jinja
+++ b/.github/workflows/templates/nightly.yml.jinja
@ -172,11 +172,10 @@ concurrency:
          cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}

      - name: Download Repository Artifact
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
-          name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo
+          pattern: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-*
+          merge-multiple: true
          path: repo/

      - name: Decompress Repository Artifacts
--- a/.github/workflows/templates/release.yml.jinja
+++ b/.github/workflows/templates/release.yml.jinja
@ -372,7 +372,7 @@ permissions:
          branch: ${{ github.ref }}

      - name: Create Github Release
-        uses: ncipollo/release-action@v1.12.0
+        uses: ncipollo/release-action@v1
        with:
          artifactErrorsFailBuild: true
          artifacts: ${{ steps.prepare-release.outputs.release-artifacts }}
--- a/.github/workflows/templates/test-package-downloads-action.yml.jinja
+++ b/.github/workflows/templates/test-package-downloads-action.yml.jinja
@ -1,679 +0,0 @@
-name: Test Download Packages
-
-on:
-  workflow_call:
-    inputs:
-      salt-version:
-        type: string
-        required: true
-        description: The Salt version of the packages to install and test
-      cache-prefix:
-        required: true
-        type: string
-        description: Seed used to invalidate caches
-      environment:
-        required: true
-        type: string
-        description: The environment to run tests against
-      latest-release:
-        required: true
-        type: string
-        description: The latest salt release
-      nox-version:
-        required: true
-        type: string
-        description: The nox version to install
-      python-version:
-        required: false
-        type: string
-        description: The python version to run tests with
-        default: "3.10"
-      package-name:
-        required: false
-        type: string
-        description: The onedir package name to use
-        default: salt
-      skip-code-coverage:
-        required: false
-        type: boolean
-        description: Skip code coverage
-        default: false
-      nox-session:
-        required: false
-        type: string
-        description: The nox session to run
-        default: ci-test-onedir
-
-env:
-  COLUMNS: 190
-  AWS_MAX_ATTEMPTS: "10"
-  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
-  PIP_DISABLE_PIP_VERSION_CHECK: "1"
-  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"
-
-jobs:
-
-  linux:
-    name: Linux
-    runs-on:
-      - self-hosted
-      - linux
-      - bastion
-    env:
-      USE_S3_CACHE: 'true'
-    environment: ${{ inputs.environment }}
-    timeout-minutes: 120  # 2 Hours - More than this and something is wrong
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        <%- for os in test_salt_pkg_downloads_listing["linux"] %>
-          - distro-slug: <{ os.slug }>
-            arch: <{ os.arch }>
-            pkg-type: <{ os.pkg_type }>
-        <%- endfor %>
-
-    steps:
-
-      - name: "Throttle Builds"
-        shell: bash
-        run: |
-          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
-
-      - name: Checkout Source Code
-        uses: actions/checkout@v4
-
-      - name: Download Onedir Tarball as an Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}.tar.xz
-          path: artifacts/
-
-      - name: Decompress Onedir Tarball
-        shell: bash
-        run: |
-          python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
-          cd artifacts
-          tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}.tar.xz
-
-      - name: Download nox.linux.${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}.tar.* artifact for session ${{ inputs.nox-session }}
-        uses: actions/download-artifact@v4
-        with:
-          name: nox-linux-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}-${{ inputs.nox-session }}
-
-      - name: Setup Python Tools Scripts
-        uses: ./.github/actions/setup-python-tools-scripts
-        with:
-          cache-prefix: ${{ inputs.cache-prefix }}-pkg-download-linux
-
-      - name: Get Salt Project GitHub Actions Bot Environment
-        run: |
-          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
-          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
-          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
-
-      - name: Start VM
-        id: spin-up-vm
-        run: |
-          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
-
-      - name: List Free Space
-        run: |
-          tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
-
-      - name: Upload Checkout To VM
-        run: |
-          tools --timestamps vm rsync ${{ matrix.distro-slug }}
-
-      - name: Decompress .nox Directory
-        run: |
-          tools --timestamps vm decompress-dependencies ${{ matrix.distro-slug }}
-
-      - name: Show System Info
-        run: |
-          tools --timestamps --timeout-secs=1800 vm test --skip-requirements-install --print-system-information-only \
-            --nox-session=${{ inputs.nox-session }}-pkgs ${{ matrix.distro-slug }} -- download-pkgs
-
-      - name: Run Package Download Tests
-        env:
-          SALT_RELEASE: "${{ inputs.salt-version }}"
-          SALT_REPO_ARCH: ${{ matrix.arch }}
-          SALT_REPO_TYPE: ${{ inputs.environment }}
-          SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }}
-          SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }}
-          SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }}
-          SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }}
-          SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}"
-          LATEST_SALT_RELEASE: "${{ inputs.latest-release }}"
-          DOWNLOAD_TEST_PACKAGE_TYPE: ${{ matrix.pkg-type }}
-        run: |
-          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
-          -E SALT_RELEASE -E SALT_REPO_ARCH -E SALT_REPO_TYPE -E SALT_REPO_USER -E SALT_REPO_PASS \
-          -E SALT_REPO_DOMAIN_RELEASE -E SALT_REPO_DOMAIN_STAGING  -E LATEST_SALT_RELEASE -E DOWNLOAD_TEST_PACKAGE_TYPE \
-            --nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ matrix.distro-slug }} -- download-pkgs
-
-      - name: Combine Coverage Reports
-        if: always() && inputs.skip-code-coverage == false && steps.spin-up-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          tools --timestamps vm combine-coverage ${{ matrix.distro-slug }}
-
-      - name: Download Test Run Artifacts
-        id: download-artifacts-from-vm
-        if: always() && steps.spin-up-vm.outcome == 'success'
-        run: |
-          tools --timestamps vm download-artifacts ${{ matrix.distro-slug }}
-          # Delete the salt onedir, we won't need it anymore and it will prevent
-          # from it showing in the tree command below
-          rm -rf artifacts/salt*
-          tree -a artifacts
-
-      - name: Destroy VM
-        if: always()
-        run: |
-          tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }} || true
-
-      - name: Fix file ownership
-        run: |
-          sudo chown -R "$(id -un)" .
-
-      - name: Install Codecov CLI
-        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          # We can't yet use tokenless uploads with the codecov CLI
-          # python3 -m pip install codecov-cli
-          #
-          curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --import
-          curl -Os https://uploader.codecov.io/latest/linux/codecov
-          curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
-          curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig
-          gpg --verify codecov.SHA256SUM.sig codecov.SHA256SUM
-          shasum -a 256 -c codecov.SHA256SUM
-          chmod +x codecov
-
-      - name: Upload Source Code Coverage To Codecov
-        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          if [ ! -s artifacts/coverage/salt.xml ]; then
-            echo "The artifacts/coverage/salt.xml file does not exist"
-            exit 1
-          fi
-          # We can't yet use tokenless uploads with the codecov CLI
-          #codecovcli --auto-load-params-from GithubActions --verbose --token ${{ secrets.CODECOV_TOKEN }} \
-          #  do-upload --git-service github --sha ${{ github.sha }} \
-          #  --file artifacts/coverage/salt.xml \
-          #  --flag salt --flag ${{ matrix.distro-slug }} --flag pkg \
-          #  --name salt.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs
-          n=0
-          until [ "$n" -ge 5 ]
-          do
-          if ./codecov --file artifacts/coverage/salt.xml \
-              --sha ${{ github.event.pull_request.head.sha || github.sha }} ${{ github.event_name == 'pull_request' && format('--parent {0}', github.event.pull_request.base.sha) }} \
-              --flags salt,${{ matrix.distro-slug }},pkg \
-              --name salt.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs --nonZero; then
-              rc=$?
-              break
-          fi
-          rc=$?
-          n=$((n+1))
-          sleep 15
-          done
-          if [ "$rc" -ne 0 ]; then
-            echo "Failed to upload codecov stats"
-            exit 1
-          fi
-
-      - name: Upload Tests Code Coverage To Codecov
-        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          if [ ! -s artifacts/coverage/tests.xml ]; then
-            echo "The artifacts/coverage/tests.xml file does not exist"
-            exit 1
-          fi
-          # We can't yet use tokenless uploads with the codecov CLI
-          #codecovcli --auto-load-params-from GithubActions --verbose --token ${{ secrets.CODECOV_TOKEN }} \
-          #  do-upload --git-service github --sha ${{ github.sha }} \
-          #  --file artifacts/coverage/tests.xml \
-          #  --flag tests --flag ${{ matrix.distro-slug }} --flag pkg \
-          #  --name tests.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs
-          n=0
-          until [ "$n" -ge 5 ]
-          do
-          if ./codecov --file artifacts/coverage/tests.xml \
-              --sha ${{ github.event.pull_request.head.sha || github.sha }} ${{ github.event_name == 'pull_request' && format('--parent {0}', github.event.pull_request.base.sha) }} \
-              --flags tests,${{ matrix.distro-slug }},pkg \
-              --name tests.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs --nonZero; then
-              rc=$?
-              break
-          fi
-          rc=$?
-          n=$((n+1))
-          sleep 15
-          done
-          if [ "$rc" -ne 0 ]; then
-            echo "Failed to upload codecov stats"
-            exit 1
-          fi
-
-      - name: Upload Test Run Artifacts
-        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
-        with:
-          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}
-          path: |
-            artifacts
-            !artifacts/salt/*
-            !artifacts/salt-*.tar.*
-
-
-  macos:
-    name: MacOS
-    runs-on: ${{ matrix.distro-slug == 'macos-13-arm64' && 'macos-13-xlarge' || matrix.distro-slug }}
-    env:
-      USE_S3_CACHE: 'false'
-    environment: ${{ inputs.environment }}
-    timeout-minutes: 120  # 2 Hours - More than this and something is wrong
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        <%- for os in test_salt_pkg_downloads_listing["macos"] %>
-          - distro-slug: <{ os.slug }>
-            arch: <{ os.arch }>
-            pkg-type: <{ os.pkg_type }>
-        <%- endfor %>
-
-    steps:
-
-      - name: "Throttle Builds"
-        shell: bash
-        run: |
-          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
-
-      - name: Checkout Source Code
-        uses: actions/checkout@v4
-
-      - name: Download Onedir Tarball as an Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
-          path: artifacts/
-
-      - name: Install System Dependencies
-        run: |
-          brew install tree
-
-      - name: Decompress Onedir Tarball
-        shell: bash
-        run: |
-          python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
-          cd artifacts
-          tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
-
-      - name: Set up Python ${{ inputs.python-version }}
-        uses: actions/setup-python@v5
-        with:
-          python-version: "${{ inputs.python-version }}"
-          update-environment: true
-
-      - name: Install Nox
-        run: |
-          python3 -m pip install 'nox==${{ inputs.nox-version }}'
-
-      - name: Download nox.macos.${{ matrix.arch }}.tar.* artifact for session ${{ inputs.nox-session }}
-        uses: actions/download-artifact@v4
-        with:
-          name: nox-macos-${{ matrix.arch }}-${{ inputs.nox-session }}
-
-      - name: Decompress .nox Directory
-        run: |
-          nox --force-color -e decompress-dependencies -- macos ${{ matrix.arch }}
-
-      - name: Show System Info
-        env:
-          SKIP_REQUIREMENTS_INSTALL: "1"
-          PRINT_SYSTEM_INFO_ONLY: "1"
-        run: |
-          sudo -E nox --force-color -e ${{ inputs.nox-session }}-pkgs -- download-pkgs
-
-      - name: Run Package Download Tests
-        env:
-          SKIP_REQUIREMENTS_INSTALL: "1"
-          PRINT_TEST_SELECTION: "0"
-          PRINT_TEST_PLAN_ONLY: "0"
-          PRINT_SYSTEM_INFO: "0"
-          RERUN_FAILURES: "1"
-          GITHUB_ACTIONS_PIPELINE: "1"
-          SKIP_INITIAL_GH_ACTIONS_FAILURES: "1"
-          SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}"
-          COVERAGE_CONTEXT: ${{ matrix.distro-slug }}
-          SALT_RELEASE: "${{ inputs.salt-version }}"
-          SALT_REPO_ARCH: ${{ matrix.arch }}
-          LATEST_SALT_RELEASE: "${{ inputs.latest-release }}"
-          SALT_REPO_TYPE: ${{ inputs.environment }}
-          SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }}
-          SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }}
-          SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }}
-          SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }}
-          DOWNLOAD_TEST_PACKAGE_TYPE: ${{ matrix.pkg-type }}
-        run: |
-          sudo -E nox --force-color -e ${{ inputs.nox-session }}-pkgs -- download-pkgs
-
-      - name: Fix file ownership
-        run: |
-          sudo chown -R "$(id -un)" .
-
-      - name: Combine Coverage Reports
-        if: always() && inputs.skip-code-coverage == false && job.status != 'cancelled'
-        run: |
-          nox --force-color -e combine-coverage
-
-      - name: Prepare Test Run Artifacts
-        id: download-artifacts-from-vm
-        if: always() && job.status != 'cancelled'
-        run: |
-          # Delete the salt onedir, we won't need it anymore and it will prevent
-          # from it showing in the tree command below
-          rm -rf artifacts/salt*
-          tree -a artifacts
-
-      - name: Install Codecov CLI
-        if: always() && inputs.skip-code-coverage == false && job.status != 'cancelled'
-        run: |
-          # We can't yet use tokenless uploads with the codecov CLI
-          # python3 -m pip install codecov-cli
-          #
-          curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --import
-          curl -Os https://uploader.codecov.io/latest/macos/codecov
-          curl -Os https://uploader.codecov.io/latest/macos/codecov.SHA256SUM
-          curl -Os https://uploader.codecov.io/latest/macos/codecov.SHA256SUM.sig
-          gpg --verify codecov.SHA256SUM.sig codecov.SHA256SUM
-          shasum -a 256 -c codecov.SHA256SUM
-          chmod +x codecov
-
-      - name: Upload Source Code Coverage To Codecov
-        if: always() && inputs.skip-code-coverage == false && job.status != 'cancelled'
-        run: |
-          if [ ! -s artifacts/coverage/salt.xml ]; then
-            echo "The artifacts/coverage/salt.xml file does not exist"
-            exit 1
-          fi
-          # We can't yet use tokenless uploads with the codecov CLI
-          #codecovcli --auto-load-params-from GithubActions --verbose --token ${{ secrets.CODECOV_TOKEN }} \
-          #  do-upload --git-service github --sha ${{ github.sha }} \
-          #  --file artifacts/coverage/salt.xml \
-          #  --flag salt --flag ${{ matrix.distro-slug }} --flag pkg \
-          #  --name salt.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs
-          n=0
-          until [ "$n" -ge 5 ]
-          do
-          if ./codecov --file artifacts/coverage/salt.xml \
-              --sha ${{ github.event.pull_request.head.sha || github.sha }} ${{ github.event_name == 'pull_request' && format('--parent {0}', github.event.pull_request.base.sha) }} \
-              --flags salt,${{ matrix.distro-slug }},pkg \
-              --name salt.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs --nonZero; then
-              rc=$?
-              break
-          fi
-          rc=$?
-          n=$((n+1))
-          sleep 15
-          done
-          if [ "$rc" -ne 0 ]; then
-            echo "Failed to upload codecov stats"
-            exit 1
-          fi
-
-      - name: Upload Tests Code Coverage To Codecov
-        if: always() && inputs.skip-code-coverage == false && job.status != 'cancelled'
-        run: |
-          if [ ! -s artifacts/coverage/tests.xml ]; then
-            echo "The artifacts/coverage/tests.xml file does not exist"
-            exit 1
-          fi
-          # We can't yet use tokenless uploads with the codecov CLI
-          #codecovcli --auto-load-params-from GithubActions --verbose --token ${{ secrets.CODECOV_TOKEN }} \
-          #  do-upload --git-service github --sha ${{ github.sha }} \
-          #  --file artifacts/coverage/tests.xml \
-          #  --flag tests --flag ${{ matrix.distro-slug }} --flag pkg \
-          #  --name tests.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs
-          n=0
-          until [ "$n" -ge 5 ]
-          do
-          if ./codecov --file artifacts/coverage/tests.xml \
-              --sha ${{ github.event.pull_request.head.sha || github.sha }} ${{ github.event_name == 'pull_request' && format('--parent {0}', github.event.pull_request.base.sha) }} \
-              --flags tests,${{ matrix.distro-slug }},pkg \
-              --name tests.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs --nonZero; then
-              rc=$?
-              break
-          fi
-          rc=$?
-          n=$((n+1))
-          sleep 15
-          done
-          if [ "$rc" -ne 0 ]; then
-            echo "Failed to upload codecov stats"
-            exit 1
-          fi
-
-      - name: Upload Test Run Artifacts
-        if: always()
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
-        with:
-          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}
-          path: |
-            artifacts
-            !artifacts/salt/*
-            !artifacts/salt-*.tar.*
-
-
-  windows:
-    name: Windows
-    env:
-      USE_S3_CACHE: 'true'
-    runs-on:
-      - self-hosted
-      - linux
-      - bastion
-    environment: ${{ inputs.environment }}
-    timeout-minutes: 120  # 2 Hours - More than this and something is wrong
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        <%- for os in test_salt_pkg_downloads_listing["windows"] %>
-          - distro-slug: <{ os.slug }>
-            arch: <{ os.arch }>
-            pkg-type: <{ os.pkg_type }>
-        <%- endfor %>
-
-    steps:
-      - name: Checkout Source Code
-        uses: actions/checkout@v4
-
-      - name: Download Onedir Tarball as an Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
-          path: artifacts/
-
-      - name: Decompress Onedir Tarball
-        shell: bash
-        run: |
-          python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
-          cd artifacts
-          tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
-
-      - name: Download nox.windows.${{ matrix.arch }}.tar.* artifact for session ${{ inputs.nox-session }}
-        uses: actions/download-artifact@v4
-        with:
-          name: nox-windows-${{ matrix.arch }}-${{ inputs.nox-session }}
-
-      - name: Setup Python Tools Scripts
-        uses: ./.github/actions/setup-python-tools-scripts
-        with:
-          cache-prefix: ${{ inputs.cache-prefix }}-pkg-download-windows
-
-      - name: Get Salt Project GitHub Actions Bot Environment
-        run: |
-          TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
-          SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
-          echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
-
-      - name: Start VM
-        id: spin-up-vm
-        run: |
-          tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
-
-      - name: List Free Space
-        run: |
-          tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
-
-      - name: Upload Checkout To VM
-        run: |
-          tools --timestamps vm rsync ${{ matrix.distro-slug }}
-
-      - name: Decompress .nox Directory
-        run: |
-          tools --timestamps vm decompress-dependencies ${{ matrix.distro-slug }}
-
-      - name: Show System Info
-        run: |
-          tools --timestamps --timeout-secs=1800 vm test --skip-requirements-install --print-system-information-only \
-            --nox-session=${{ inputs.nox-session }}-pkgs ${{ matrix.distro-slug }} -- download-pkgs
-
-      - name: Run Package Download Tests
-        env:
-          SALT_RELEASE: "${{ inputs.salt-version }}"
-          SALT_REPO_ARCH: ${{ matrix.arch }}
-          LATEST_SALT_RELEASE: "${{ inputs.latest-release }}"
-          SALT_REPO_TYPE: ${{ inputs.environment }}
-          SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }}
-          SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }}
-          SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }}
-          SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }}
-          SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}"
-          DOWNLOAD_TEST_PACKAGE_TYPE: ${{ matrix.pkg-type }}
-        run: |
-          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
-          -E SALT_RELEASE -E SALT_REPO_ARCH -E SALT_REPO_TYPE -E SALT_REPO_USER -E SALT_REPO_PASS \
-          -E SALT_REPO_DOMAIN_RELEASE -E SALT_REPO_DOMAIN_STAGING -E LATEST_SALT_RELEASE -E DOWNLOAD_TEST_PACKAGE_TYPE \
-            --nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ matrix.distro-slug }} -- download-pkgs
-
-      - name: Combine Coverage Reports
-        if: always() && inputs.skip-code-coverage == false && steps.spin-up-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          tools --timestamps vm combine-coverage ${{ matrix.distro-slug }}
-
-      - name: Download Test Run Artifacts
-        id: download-artifacts-from-vm
-        if: always() && steps.spin-up-vm.outcome == 'success'
-        run: |
-          tools --timestamps vm download-artifacts ${{ matrix.distro-slug }}
-          # Delete the salt onedir, we won't need it anymore and it will prevent
-          # from it showing in the tree command below
-          rm -rf artifacts/salt*
-          tree -a artifacts
-
-      - name: Destroy VM
-        if: always()
-        run: |
-          tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }} || true
-
-      - name: Fix file ownership
-        run: |
-          sudo chown -R "$(id -un)" .
-
-      - name: Install Codecov CLI
-        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          # We can't yet use tokenless uploads with the codecov CLI
-          # python3 -m pip install codecov-cli
-          #
-          curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --import
-          curl -Os https://uploader.codecov.io/latest/linux/codecov
-          curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
-          curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig
-          gpg --verify codecov.SHA256SUM.sig codecov.SHA256SUM
-          shasum -a 256 -c codecov.SHA256SUM
-          chmod +x codecov
-
-      - name: Upload Source Code Coverage To Codecov
-        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          if [ ! -s artifacts/coverage/salt.xml ]; then
-            echo "The artifacts/coverage/salt.xml file does not exist"
-            exit 1
-          fi
-          # We can't yet use tokenless uploads with the codecov CLI
-          #codecovcli --auto-load-params-from GithubActions --verbose --token ${{ secrets.CODECOV_TOKEN }} \
-          #  do-upload --git-service github --sha ${{ github.sha }} \
-          #  --file artifacts/coverage/salt.xml \
-          #  --flag salt --flag ${{ matrix.distro-slug }} --flag pkg \
-          #  --name salt.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs
-          n=0
-          until [ "$n" -ge 5 ]
-          do
-          if ./codecov --file artifacts/coverage/salt.xml \
-              --sha ${{ github.event.pull_request.head.sha || github.sha }} ${{ github.event_name == 'pull_request' && format('--parent {0}', github.event.pull_request.base.sha) }} \
-              --flags salt,${{ matrix.distro-slug }},pkg \
-              --name salt.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs --nonZero; then
-              rc=$?
-              break
-          fi
-          rc=$?
-          n=$((n+1))
-          sleep 15
-          done
-          if [ "$rc" -ne 0 ]; then
-            echo "Failed to upload codecov stats"
-            exit 1
-          fi
-
-      - name: Upload Tests Code Coverage To Codecov
-        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        run: |
-          if [ ! -s artifacts/coverage/tests.xml ]; then
-            echo "The artifacts/coverage/tests.xml file does not exist"
-            exit 1
-          fi
-          # We can't yet use tokenless uploads with the codecov CLI
-          #codecovcli --auto-load-params-from GithubActions --verbose --token ${{ secrets.CODECOV_TOKEN }} \
-          #  do-upload --git-service github --sha ${{ github.sha }} \
-          #  --file artifacts/coverage/tests.xml \
-          #  --flag tests --flag ${{ matrix.distro-slug }} --flag pkg \
-          #  --name tests.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs
-          n=0
-          until [ "$n" -ge 5 ]
-          do
-          if ./codecov --file artifacts/coverage/tests.xml \
-              --sha ${{ github.event.pull_request.head.sha || github.sha }} ${{ github.event_name == 'pull_request' && format('--parent {0}', github.event.pull_request.base.sha) }} \
-              --flags tests,${{ matrix.distro-slug }},pkg \
-              --name tests.${{ matrix.distro-slug }}.${{ inputs.nox-session }}.download-pkgs --nonZero; then
-              rc=$?
-              break
-          fi
-          rc=$?
-          n=$((n+1))
-          sleep 15
-          done
-          if [ "$rc" -ne 0 ]; then
-            echo "Failed to upload codecov stats"
-            exit 1
-          fi
-
-      - name: Upload Test Run Artifacts
-        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
-        with:
-          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}
-          path: |
-            artifacts
-            !artifacts/salt/*
-            !artifacts/salt-*.tar.*
--- a/.github/workflows/templates/test-salt-pkg-repo-downloads.yml.jinja
+++ b/.github/workflows/templates/test-salt-pkg-repo-downloads.yml.jinja
@ -13,9 +13,7 @@
    needs:
      - prepare-workflow
      - publish-repositories
-      <%- for slug in test_salt_pkg_downloads_needs_slugs %>
-      - <{ slug }>
-      <%- endfor %>
+      - build-ci-deps
    <%- if gh_environment == "release" %>
      - download-onedir-artifact
    <%- else %>
--- a/.github/workflows/templates/test-salt-pkg.yml.jinja
+++ b/.github/workflows/templates/test-salt-pkg.yml.jinja
@ -1,9 +1,9 @@
  <%- for os in test_salt_pkg_listing["linux"] %>
-    <%- set job_name = "{}-pkg-tests".format(os.slug.replace(".", "")) %>
+    <%- set job_name = "{}-pkg-tests{}".format(os.slug.replace(".", ""), os.fips and '-fips' or '') %>

  <{ job_name }>:
    <%- do test_salt_pkg_needs.append(job_name) %>
-    name: <{ os.display_name }> Package Test
+    name: <{ os.display_name }> Package Test<%- if os.fips %> (fips)<%- endif %>
    <%- if workflow_slug != "ci" or os.slug in mandatory_os_slugs %>
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
    <%- else %>
--- a/.github/workflows/templates/test-salt.yml.jinja
+++ b/.github/workflows/templates/test-salt.yml.jinja
@ -67,10 +67,11 @@
  <%- endfor %>

  <%- for os in test_salt_listing["linux"] %>
+    <%- set job_name = "{}{}".format(os.slug.replace(".", ""), os.fips and '-fips' or '') %>

-  <{ os.slug.replace(".", "") }>:
-    <%- do test_salt_needs.append(os.slug.replace(".", "")) %>
-    name: <{ os.display_name }> Test
+  <{ job_name }>:
+    <%- do test_salt_needs.append(job_name) %>
+    name: <{ os.display_name }> Test<%- if os.fips %> (fips)<%- endif %>
    <%- if workflow_slug != "ci" or os.slug in mandatory_os_slugs %>
    if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
    <%- else %>
--- a/.github/workflows/test-action-linux.yml
+++ b/.github/workflows/test-action-linux.yml
@ -71,8 +71,9 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

@ -83,6 +84,7 @@ jobs:
    runs-on: ubuntu-latest
    outputs:
      matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
+      build-reports: ${{ steps.generate-matrix.outputs.build-reports }}
    steps:

      - name: "Throttle Builds"
@ -97,11 +99,13 @@ jobs:
        uses: ./.github/actions/setup-python-tools-scripts
        with:
          cache-prefix: ${{ inputs.cache-prefix }}
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple

      - name: Generate Test Matrix
        id: generate-matrix
        run: |
-          tools ci matrix --workflow=${{ inputs.workflow-slug }} ${{ fromJSON(inputs.testrun)['type'] == 'full' && '--full ' || '' }}${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }}
+          tools ci matrix --workflow=${{ inputs.workflow-slug }} ${{ fromJSON(inputs.testrun)['type'] == 'full' && '--full ' || '' }}${{ inputs.distro-slug }}

  test:
    name: Test
@ -129,6 +133,11 @@ jobs:
        run: |
          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"

+      - name: "Set `TIMESTAMP` environment variable"
+        shell: bash
+        run: |
+          echo "TIMESTAMP=$(date +%s)" | tee -a "$GITHUB_ENV"
+
      - name: Checkout Source Code
        uses: actions/checkout@v4

@ -156,7 +165,7 @@ jobs:

      - name: PyPi Proxy
        run: |
-          sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
+          sed -i '7s;^;--index-url=${{ vars.PIP_INDEX_URL }} --trusted-host ${{ vars.PIP_TRUSTED_HOST }} --extra-index-url=${{ vars.PIP_EXTRA_INDEX_URL }}\n;' requirements/static/ci/*/*.txt

      - name: Setup Python Tools Scripts
        uses: ./.github/actions/setup-python-tools-scripts
@ -205,7 +214,7 @@ jobs:
        if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }}
        run: |
          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
-            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
+            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
            ${{ matrix.tests-chunk }} -- --core-tests --slow-tests --suppress-no-test-exit-code \
            --from-filenames=testrun-changed-files.txt

@ -215,14 +224,14 @@ jobs:
        run: |
          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
-            ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }}
+            ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }}

      - name: Run Slow Tests
        id: run-slow-tests
        if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['slow'] }}
        run: |
          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
-            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
+            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
            ${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests

      - name: Run Core Tests
@ -230,7 +239,7 @@ jobs:
        if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['core'] }}
        run: |
          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
-            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
+            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
            ${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests

      - name: Run Flaky Tests
@ -238,7 +247,7 @@ jobs:
        if: ${{ fromJSON(inputs.testrun)['selected_tests']['flaky'] }}
        run: |
          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
-            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
+            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
            ${{ matrix.tests-chunk }} -- --no-fast-tests --flaky-jail

      - name: Run Full Tests
@ -247,7 +256,7 @@ jobs:
        run: |
          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
            --nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
-            -E TEST_GROUP ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} -- --slow-tests --core-tests \
+            -E TEST_GROUP ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} -- --slow-tests --core-tests \
            --test-group-count=${{ matrix.test-group-count || 1 }} --test-group=${{ matrix.test-group || 1 }}

      - name: Combine Coverage Reports
@ -265,7 +274,7 @@ jobs:
          rm -rf artifacts/salt*
          tree -a artifacts
          if [ "${{ inputs.skip-code-coverage }}" != "true" ]; then
-            mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ inputs.nox-session }}.${{ matrix.transport }}.${{ matrix.tests-chunk }}.grp${{ matrix.test-group || '1' }}
+            mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}${{ inputs.fips && '.fips' || '' }}.${{ inputs.nox-session }}.${{ matrix.transport }}.${{ matrix.tests-chunk }}.grp${{ matrix.test-group || '1' }}
          fi

      - name: Destroy VM
@ -275,56 +284,87 @@ jobs:

      - name: Upload Code Coverage Test Run Artifacts
        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-grp${{ matrix.test-group || '1' }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/coverage/

      - name: Upload JUnit XML Test Run Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
+          name: testrun-junit-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-grp${{ matrix.test-group || '1' }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/xml-unittests-output/

      - name: Upload Test Run Log Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
+          name: testrun-log-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-grp${{ matrix.test-group || '1' }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/logs

  report:
    name: Test Reports
-    if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+    if: always() && fromJSON(needs.generate-matrix.outputs.build-reports) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
    runs-on: ubuntu-latest
    needs:
      - test
+      - generate-matrix
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple

    steps:
      - name: Checkout Source Code
        uses: actions/checkout@v4

+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Merge JUnit XML Test Run Artifacts
+        if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-junit-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}
+          pattern: testrun-junit-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
+      - name: Merge Log Test Run Artifacts
+        if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-log-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}
+          pattern: testrun-log-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
+      - name: Merge Code Coverage Test Run Artifacts
+        if: ${{ inputs.skip-code-coverage == false }}
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}
+          pattern: testrun-coverage-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
      - name: Download Code Coverage Test Run Artifacts
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        if: ${{ inputs.skip-code-coverage == false }}
        id: download-coverage-artifacts
        with:
-          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}
          path: artifacts/coverage/

      - name: Show Downloaded Test Run Artifacts
+        if: ${{ inputs.skip-code-coverage == false }}
        run: |
          tree -a artifacts

@ -336,8 +376,8 @@ jobs:
        if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' && job.status != 'cancelled'
        run: |
          nox --force-color -e create-xml-coverage-reports
-          mv artifacts/coverage/salt.xml artifacts/coverage/salt..${{ inputs.distro-slug }}..${{ inputs.nox-session }}.xml
-          mv artifacts/coverage/tests.xml artifacts/coverage/tests..${{ inputs.distro-slug }}..${{ inputs.nox-session }}.xml
+          mv artifacts/coverage/salt.xml artifacts/coverage/salt..${{ inputs.distro-slug }}${{ inputs.fips && '..fips' || '' }}..${{ inputs.nox-session }}.xml
+          mv artifacts/coverage/tests.xml artifacts/coverage/tests..${{ inputs.distro-slug }}${{ inputs.fips && '..fips' || '' }}..${{ inputs.nox-session }}.xml

      - name: Report Salt Code Coverage
        if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
@ -355,13 +395,11 @@ jobs:
        if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
        continue-on-error: true
        run: |
-          mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ inputs.nox-session }}
+          mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}${{ inputs.fips && '.fips' || '' }}.${{ inputs.nox-session }}

      - name: Upload Code Coverage DB
        if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: all-testrun-coverage-artifacts
+          name: all-testrun-coverage-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.nox-session }}
          path: artifacts/coverage
--- a/.github/workflows/test-action-macos.yml
+++ b/.github/workflows/test-action-macos.yml
@ -68,8 +68,9 @@ on:

 env:
  COLUMNS: 190
-  PIP_INDEX_URL: "https://pypi-proxy.saltstack.net/root/local/+simple/"
-  PIP_EXTRA_INDEX_URL: "https://pypi.org/simple"
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

@ -80,6 +81,7 @@ jobs:
    runs-on: ubuntu-latest
    outputs:
      matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
+      build-reports: ${{ steps.generate-matrix.outputs.build-reports }}
    steps:

      - name: "Throttle Builds"
@ -94,6 +96,8 @@ jobs:
        uses: ./.github/actions/setup-python-tools-scripts
        with:
          cache-prefix: ${{ inputs.cache-prefix }}
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple

      - name: Generate Test Matrix
        id: generate-matrix
@ -122,6 +126,11 @@ jobs:
        run: |
          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"

+      - name: "Set `TIMESTAMP` environment variable"
+        shell: bash
+        run: |
+          echo "TIMESTAMP=$(date +%s)" | tee -a "$GITHUB_ENV"
+
      - name: Checkout Source Code
        uses: actions/checkout@v4

@ -159,6 +168,8 @@ jobs:
      - name: Install Nox
        run: |
          python3 -m pip install 'nox==${{ inputs.nox-version }}'
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple

      - name: Decompress .nox Directory
        run: |
@ -303,49 +314,79 @@ jobs:

      - name: Upload Code Coverage Test Run Artifacts
        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/coverage/

      - name: Upload JUnit XML Test Run Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
+          name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/xml-unittests-output/

      - name: Upload Test Run Log Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
+          name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/logs

  report:
    name: Test Reports
-    if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+    if: always() && fromJSON(needs.generate-matrix.outputs.build-reports) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
    runs-on: ubuntu-latest
    needs:
      - test
+      - generate-matrix
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple

    steps:
      - name: Checkout Source Code
        uses: actions/checkout@v4

+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Merge JUnit XML Test Run Artifacts
+        if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          pattern: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
+      - name: Merge Log Test Run Artifacts
+        if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          pattern: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
+      - name: Merge Code Coverage Test Run Artifacts
+        if: ${{ inputs.skip-code-coverage == false }}
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          pattern: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
      - name: Download Code Coverage Test Run Artifacts
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        if: ${{ inputs.skip-code-coverage == false }}
        id: download-coverage-artifacts
        with:
@ -353,6 +394,7 @@ jobs:
          path: artifacts/coverage/

      - name: Show Downloaded Test Run Artifacts
+        if: ${{ inputs.skip-code-coverage == false }}
        run: |
          tree -a artifacts

@ -392,9 +434,7 @@ jobs:

      - name: Upload Code Coverage DB
        if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: all-testrun-coverage-artifacts
+          name: all-testrun-coverage-artifacts-${{ inputs.distro-slug }}.${{ inputs.nox-session }}
          path: artifacts/coverage
--- a/.github/workflows/test-action-windows.yml
+++ b/.github/workflows/test-action-windows.yml
@ -71,8 +71,9 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

@ -83,6 +84,7 @@ jobs:
    runs-on: ubuntu-latest
    outputs:
      matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
+      build-reports: ${{ steps.generate-matrix.outputs.build-reports }}
    steps:

      - name: "Throttle Builds"
@ -97,6 +99,8 @@ jobs:
        uses: ./.github/actions/setup-python-tools-scripts
        with:
          cache-prefix: ${{ inputs.cache-prefix }}
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple

      - name: Generate Test Matrix
        id: generate-matrix
@ -129,6 +133,11 @@ jobs:
        run: |
          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"

+      - name: "Set `TIMESTAMP` environment variable"
+        shell: bash
+        run: |
+          echo "TIMESTAMP=$(date +%s)" | tee -a "$GITHUB_ENV"
+
      - name: Checkout Source Code
        uses: actions/checkout@v4

@ -156,7 +165,7 @@ jobs:

      - name: PyPi Proxy
        run: |
-          sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
+          sed -i '7s;^;--index-url=${{ vars.PIP_INDEX_URL }} --trusted-host ${{ vars.PIP_TRUSTED_HOST }} --extra-index-url=${{ vars.PIP_EXTRA_INDEX_URL }}\n;' requirements/static/ci/*/*.txt

      - name: Setup Python Tools Scripts
        uses: ./.github/actions/setup-python-tools-scripts
@ -275,50 +284,80 @@ jobs:

      - name: Upload Code Coverage Test Run Artifacts
        if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-grp${{ matrix.test-group || '1' }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/coverage/

      - name: Upload JUnit XML Test Run Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
+          name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-grp${{ matrix.test-group || '1' }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/xml-unittests-output/

      - name: Upload Test Run Log Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
+          name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}-${{ matrix.tests-chunk }}-grp${{ matrix.test-group || '1' }}-${{ env.TIMESTAMP }}
          path: |
            artifacts/logs


  report:
    name: Test Reports
-    if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+    if: always() && fromJSON(needs.generate-matrix.outputs.build-reports) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
    runs-on: ubuntu-latest
    needs:
      - test
+      - generate-matrix
+    env:
+      PIP_INDEX_URL: https://pypi.org/simple

    steps:
      - name: Checkout Source Code
        uses: actions/checkout@v4

+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Merge JUnit XML Test Run Artifacts
+        if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          pattern: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
+      - name: Merge Log Test Run Artifacts
+        if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          pattern: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
+      - name: Merge Code Coverage Test Run Artifacts
+        if: ${{ inputs.skip-code-coverage == false }}
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
+          pattern: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-*
+          separate-directories: false
+          delete-merged: true
+
      - name: Download Code Coverage Test Run Artifacts
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        if: ${{ inputs.skip-code-coverage == false }}
        id: download-coverage-artifacts
        with:
@ -326,6 +365,7 @@ jobs:
          path: artifacts/coverage/

      - name: Show Downloaded Test Run Artifacts
+        if: ${{ inputs.skip-code-coverage == false }}
        run: |
          tree -a artifacts

@ -360,9 +400,7 @@ jobs:

      - name: Upload Code Coverage DB
        if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: all-testrun-coverage-artifacts
+          name: all-testrun-coverage-artifacts-${{ inputs.distro-slug }}.${{ inputs.nox-session }}
          path: artifacts/coverage
--- a/.github/workflows/test-package-downloads-action.yml
+++ b/.github/workflows/test-package-downloads-action.yml
@ -48,15 +48,45 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

 jobs:

+  generate-matrix:
+    name: Generate Matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
+    steps:
+
+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Checkout Source Code
+        uses: actions/checkout@v4
+
+      - name: Setup Python Tools Scripts
+        uses: ./.github/actions/setup-python-tools-scripts
+        with:
+          cache-prefix: ${{ inputs.cache-prefix }}
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple
+
+      - name: Generate Test Matrix
+        id: generate-matrix
+        run: |
+          tools ci pkg-downloads-matrix
+
  linux:
    name: Linux
+    needs:
+      - generate-matrix
    runs-on:
      - self-hosted
      - linux
@ -68,115 +98,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        include:
-          - distro-slug: amazonlinux-2
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: amazonlinux-2-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: amazonlinux-2-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: amazonlinux-2023
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: amazonlinux-2023-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: amazonlinux-2023-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: centos-7
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: centos-7-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: centos-7-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: debian-11
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: debian-11-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: debian-12
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: debian-12-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: fedora-39
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: fedora-39-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: fedora-39-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: photonos-4
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: photonos-4-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: photonos-4-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: photonos-5
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: photonos-5-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: photonos-5-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: rockylinux-8
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: rockylinux-8-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: rockylinux-8-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: rockylinux-9
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: rockylinux-9-arm64
-            arch: aarch64
-            pkg-type: package
-          - distro-slug: rockylinux-9-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: ubuntu-20.04
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: ubuntu-20.04-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: ubuntu-22.04
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: ubuntu-22.04
-            arch: x86_64
-            pkg-type: onedir
-          - distro-slug: ubuntu-22.04-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: ubuntu-22.04-arm64
-            arch: arm64
-            pkg-type: onedir
-          - distro-slug: ubuntu-23.04
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: ubuntu-23.04-arm64
-            arch: arm64
-            pkg-type: package
+        include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include)['linux'] }}

    steps:

@ -361,11 +283,9 @@ jobs:

      - name: Upload Test Run Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}
+          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}-${{ matrix.pkg-type }}
          path: |
            artifacts
            !artifacts/salt/*
@ -374,27 +294,18 @@ jobs:

  macos:
    name: MacOS
+    needs:
+      - generate-matrix
    runs-on: ${{ matrix.distro-slug == 'macos-13-arm64' && 'macos-13-xlarge' || matrix.distro-slug }}
    env:
      USE_S3_CACHE: 'false'
+      PIP_INDEX_URL: https://pypi.org/simple
    environment: ${{ inputs.environment }}
    timeout-minutes: 120  # 2 Hours - More than this and something is wrong
    strategy:
      fail-fast: false
      matrix:
-        include:
-          - distro-slug: macos-12
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: macos-13
-            arch: x86_64
-            pkg-type: package
-          - distro-slug: macos-13-arm64
-            arch: arm64
-            pkg-type: package
-          - distro-slug: macos-13-arm64
-            arch: arm64
-            pkg-type: onedir
+        include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include)['macos'] }}

    steps:

@ -570,11 +481,9 @@ jobs:

      - name: Upload Test Run Artifacts
        if: always()
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}
+          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}-${{ matrix.pkg-type }}
          path: |
            artifacts
            !artifacts/salt/*
@ -583,6 +492,8 @@ jobs:

  windows:
    name: Windows
+    needs:
+      - generate-matrix
    env:
      USE_S3_CACHE: 'true'
    runs-on:
@ -594,16 +505,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        include:
-          - distro-slug: windows-2022
-            arch: amd64
-            pkg-type: nsis
-          - distro-slug: windows-2022
-            arch: amd64
-            pkg-type: msi
-          - distro-slug: windows-2022
-            arch: amd64
-            pkg-type: onedir
+        include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include)['windows'] }}

    steps:
      - name: Checkout Source Code
@ -782,11 +684,9 @@ jobs:

      - name: Upload Test Run Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}
+          name: pkg-testrun-artifacts-${{ matrix.distro-slug }}-${{ matrix.arch }}-${{ matrix.pkg-type }}
          path: |
            artifacts
            !artifacts/salt/*
--- a/.github/workflows/test-packages-action-linux.yml
+++ b/.github/workflows/test-packages-action-linux.yml
@ -65,8 +65,9 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"
  USE_S3_CACHE: 'true'
@ -83,6 +84,7 @@ jobs:
      - x86_64
    outputs:
      pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }}
+      build-reports: ${{ steps.generate-pkg-matrix.outputs.build-reports }}
    steps:

      - name: "Throttle Builds"
@ -101,7 +103,7 @@ jobs:
      - name: Generate Package Test Matrix
        id: generate-pkg-matrix
        run: |
-          tools ci pkg-matrix ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
+          tools ci pkg-matrix ${{ inputs.distro-slug }} \
            ${{ inputs.pkg-type }} --testing-releases ${{ join(fromJSON(inputs.testing-releases), ' ') }}


@ -126,6 +128,11 @@ jobs:
        run: |
          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"

+      - name: "Set `TIMESTAMP` environment variable"
+        shell: bash
+        run: |
+          echo "TIMESTAMP=$(date +%s)" | tee -a "$GITHUB_ENV"
+
      - name: Checkout Source Code
        uses: actions/checkout@v4

@ -198,9 +205,9 @@ jobs:

      - name: Run Package Tests
        run: |
-          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install ${{ matrix.fips && '--fips ' || '' }}\
+          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install ${{ inputs.fips && '--fips ' || '' }}\
          --nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
-          ${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
+          ${{ matrix.version && format('--prev-version={0}', matrix.version) || ''}}

      - name: Download Test Run Artifacts
        id: download-artifacts-from-vm
@ -219,11 +226,9 @@ jobs:

      - name: Upload Test Run Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.pkg-type }}-${{ inputs.arch }}-${{ matrix.tests-chunk }}-${{ matrix.version || 'no-version'}}-${{ env.TIMESTAMP }}
          path: |
            artifacts
            !artifacts/pkg/*
@ -233,26 +238,34 @@ jobs:
  report:
    name: Report
    runs-on: ubuntu-latest
-    if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+    if: always() && fromJSON(needs.generate-matrix.outputs.build-reports) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
    needs:
-      - test
      - generate-matrix
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }}
+      - test

    steps:
      - name: Checkout Source Code
        uses: actions/checkout@v4

+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Merge Test Run Artifacts
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.pkg-type }}
+          pattern: pkg-testrun-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.pkg-type }}-*
+          separate-directories: true
+          delete-merged: true
+
      - name: Download Test Run Artifacts
        id: download-test-run-artifacts
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}${{ inputs.fips && '-fips' || '' }}-${{ inputs.pkg-type }}
          path: artifacts

      - name: Show Test Run Artifacts
--- a/.github/workflows/test-packages-action-macos.yml
+++ b/.github/workflows/test-packages-action-macos.yml
@ -62,8 +62,9 @@ on:

 env:
  COLUMNS: 190
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

@ -79,6 +80,7 @@ jobs:
      - x86_64
    outputs:
      pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }}
+      build-reports: ${{ steps.generate-pkg-matrix.outputs.build-reports }}
    steps:

      - name: "Throttle Builds"
@ -118,6 +120,11 @@ jobs:
        run: |
          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"

+      - name: "Set `TIMESTAMP` environment variable"
+        shell: bash
+        run: |
+          echo "TIMESTAMP=$(date +%s)" | tee -a "$GITHUB_ENV"
+
      - name: Checkout Source Code
        uses: actions/checkout@v4

@ -156,6 +163,8 @@ jobs:
      - name: Install Nox
        run: |
          python3 -m pip install 'nox==${{ inputs.nox-version }}'
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple

      - name: Download nox.macos.${{ inputs.arch }}.tar.* artifact for session ${{ inputs.nox-session }}
        uses: actions/download-artifact@v4
@ -185,7 +194,7 @@ jobs:
          COVERAGE_CONTEXT: ${{ inputs.distro-slug }}
        run: |
          sudo -E nox --force-color -e ${{ inputs.nox-session }}-pkgs -- ${{ matrix.tests-chunk }} \
-          ${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
+          ${{ matrix.version && format('--prev-version={0}', matrix.version) || ''}}

      - name: Fix file ownership
        run: |
@ -202,11 +211,9 @@ jobs:

      - name: Upload Test Run Artifacts
        if: always()
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}-${{ inputs.arch }}-${{ matrix.tests-chunk }}-${{ matrix.version || 'no-version'}}-${{ env.TIMESTAMP }}
          path: |
            artifacts
            !artifacts/pkg/*
@ -216,26 +223,34 @@ jobs:
  report:
    name: Report
    runs-on: ubuntu-latest
-    if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+    if: always() && fromJSON(needs.generate-matrix.outputs.build-reports) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
    needs:
-      - test
      - generate-matrix
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }}
+      - test

    steps:
      - name: Checkout Source Code
        uses: actions/checkout@v4

+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Merge Test Run Artifacts
+        continue-on-error: true
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}
+          pattern: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}-*
+          separate-directories: true
+          delete-merged: true
+
      - name: Download Test Run Artifacts
        id: download-test-run-artifacts
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}
          path: artifacts

      - name: Show Test Run Artifacts
@ -251,3 +266,5 @@ jobs:
      - name: Install Nox
        run: |
          python3 -m pip install 'nox==${{ inputs.nox-version }}'
+        env:
+          PIP_INDEX_URL: https://pypi.org/simple
--- a/.github/workflows/test-packages-action-windows.yml
+++ b/.github/workflows/test-packages-action-windows.yml
@ -65,8 +65,9 @@ env:
  COLUMNS: 190
  AWS_MAX_ATTEMPTS: "10"
  AWS_RETRY_MODE: "adaptive"
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
+  PIP_INDEX_URL: ${{ vars.PIP_INDEX_URL }}
+  PIP_TRUSTED_HOST: ${{ vars.PIP_TRUSTED_HOST }}
+  PIP_EXTRA_INDEX_URL: ${{ vars.PIP_EXTRA_INDEX_URL }}
  PIP_DISABLE_PIP_VERSION_CHECK: "1"
  RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

@ -82,6 +83,7 @@ jobs:
      - x86_64
    outputs:
      pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }}
+      build-reports: ${{ steps.generate-pkg-matrix.outputs.build-reports }}
    steps:

      - name: "Throttle Builds"
@ -125,6 +127,11 @@ jobs:
        run: |
          t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"

+      - name: "Set `TIMESTAMP` environment variable"
+        shell: bash
+        run: |
+          echo "TIMESTAMP=$(date +%s)" | tee -a "$GITHUB_ENV"
+
      - name: Checkout Source Code
        uses: actions/checkout@v4

@ -199,7 +206,7 @@ jobs:
        run: |
          tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install ${{ matrix.fips && '--fips ' || '' }}\
          --nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
-          ${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
+          ${{ matrix.version && format('--prev-version={0}', matrix.version) || ''}}

      - name: Download Test Run Artifacts
        id: download-artifacts-from-vm
@ -218,11 +225,9 @@ jobs:

      - name: Upload Test Run Artifacts
        if: always() && steps.download-artifacts-from-vm.outcome == 'success'
-        uses: actions/upload-artifact@v3
-        # This needs to be actions/upload-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/upload-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}-${{ inputs.arch }}-${{ matrix.tests-chunk }}-${{ matrix.version || 'no-version'}}-${{ env.TIMESTAMP }}
          path: |
            artifacts
            !artifacts/pkg/*
@ -232,26 +237,34 @@ jobs:
  report:
    name: Report
    runs-on: ubuntu-latest
-    if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
+    if: always() && fromJSON(needs.generate-matrix.outputs.build-reports) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
    needs:
-      - test
      - generate-matrix
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }}
+      - test

    steps:
      - name: Checkout Source Code
        uses: actions/checkout@v4

+      - name: "Throttle Builds"
+        shell: bash
+        run: |
+          t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
+
+      - name: Merge Test Run Artifacts
+        uses: actions/upload-artifact/merge@v4
+        continue-on-error: true
+        with:
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}
+          pattern: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}-*
+          separate-directories: true
+          delete-merged: true
+
      - name: Download Test Run Artifacts
        id: download-test-run-artifacts
-        uses: actions/download-artifact@v3
-        # This needs to be actions/download-artifact@v3 because we upload multiple artifacts
-        # under the same name something that actions/upload-artifact@v4 does not do.
+        uses: actions/download-artifact@v4
        with:
-          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
+          name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}
          path: artifacts

      - name: Show Test Run Artifacts
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,87 @@ Versions are `MAJOR.PATCH`.

 # Changelog

+## 3006.8 (2024-04-29)
+
+
+### Removed
+
+- Removed deprecated code scheduled to be removed on 2024-01-01:
+
+  * ``TemporaryLoggingHandler`` and ``QueueHandler`` in ``salt/_logging/handlers.py``
+  * All of the ``salt/log`` package.
+  * The ``salt/modules/cassandra_mod.py`` module.
+  * The ``salt/returners/cassandra_return.py`` returner.
+  * The ``salt/returners/django_return.py`` returner. [#66147](https://github.com/saltstack/salt/issues/66147)
+
+
+### Deprecated
+
+- Drop Fedora 37 and Fedora 38 support [#65860](https://github.com/saltstack/salt/issues/65860)
+- Drop CentOS Stream 8 and 9 from CI/CD [#66104](https://github.com/saltstack/salt/issues/66104)
+- Drop Photon OS 3 support [#66105](https://github.com/saltstack/salt/issues/66105)
+- The ``salt.utils.psutil_compat`` module has been deprecated and will be removed in Salt 3008. Please use the ``psutil`` module directly. [#66139](https://github.com/saltstack/salt/issues/66139)
+
+
+### Fixed
+
+- ``user.add`` on Windows now allows you to add user names that contain all
+  numeric characters [#53363](https://github.com/saltstack/salt/issues/53363)
+- Fix an issue with the win_system module detecting established connections on
+  non-Windows systems. Uses psutils instead of parsing the return of netstat [#60508](https://github.com/saltstack/salt/issues/60508)
+- pkg.refresh_db on Windows now honors saltenv [#61807](https://github.com/saltstack/salt/issues/61807)
+- Fixed an issue with adding new machine policies and applying those same
+  policies in the same state by adding a ``refresh_cache`` option to the
+  ``lgpo.set`` state. [#62734](https://github.com/saltstack/salt/issues/62734)
+- file.managed correctly handles file path with '#' [#63060](https://github.com/saltstack/salt/issues/63060)
+- Fix master ip detection when DNS records change [#63654](https://github.com/saltstack/salt/issues/63654)
+- Fix user and group management on Windows to handle the Everyone group [#63667](https://github.com/saltstack/salt/issues/63667)
+- Fixes an issue in pkg.refresh_db on Windows where new package definition
+  files were not being picked up on the first run [#63848](https://github.com/saltstack/salt/issues/63848)
+- Display a proper error when pki commands fail in the win_pki module [#64933](https://github.com/saltstack/salt/issues/64933)
+- Prevent full system upgrade on single package install for Arch Linux [#65200](https://github.com/saltstack/salt/issues/65200)
+- When using s3fs, if files are deleted from the bucket, they were not deleted in
+  the master or minion local cache, which could lead to unexpected file copies or
+  even state applications. This change makes the local cache consistent with the
+  remote bucket by deleting files locally that are deleted from the bucket.
+
+  **NOTE** this could lead to **breakage** on your affected systems if it was
+  inadvertently depending on previously deleted files. [#65611](https://github.com/saltstack/salt/issues/65611)
+- Fixed an issue with file.directory state where paths would be modified in test
+  mode if backupname is used. [#66049](https://github.com/saltstack/salt/issues/66049)
+- Execution modules have access to regular fileclient durring pillar rendering. [#66124](https://github.com/saltstack/salt/issues/66124)
+- Fixed a issue with server channel where a minion's public key
+  would be rejected if it contained a final newline character. [#66126](https://github.com/saltstack/salt/issues/66126)
+- Fix content type backwards compatablity with http proxy post requests in the http utils module. [#66127](https://github.com/saltstack/salt/issues/66127)
+- Fix systemctl with "try-restart" instead of "retry-restart" within the RPM spec, properly restarting upgraded services [#66143](https://github.com/saltstack/salt/issues/66143)
+- Auto discovery of ssh, scp and ssh-keygen binaries. [#66205](https://github.com/saltstack/salt/issues/66205)
+- Add leading slash to salt helper file paths as per dh_links requirement [#66280](https://github.com/saltstack/salt/issues/66280)
+- Fixed x509.certificate_managed - ca_server did not return a certificate [#66284](https://github.com/saltstack/salt/issues/66284)
+- removed log line that did nothing. [#66289](https://github.com/saltstack/salt/issues/66289)
+- Chocolatey: Make sure the return dictionary from ``chocolatey.version``
+  contains lowercase keys [#66290](https://github.com/saltstack/salt/issues/66290)
+- fix cacheing inline pillar, by not rendering inline pillar during cache save function. [#66292](https://github.com/saltstack/salt/issues/66292)
+- The file module correctly perserves file permissions on link target. [#66400](https://github.com/saltstack/salt/issues/66400)
+- Upgrade relenv to 0.16.0 and python to 3.10.14 [#66402](https://github.com/saltstack/salt/issues/66402)
+- backport the fix from #66164 to fix #65703. use OrderedDict to fix bad indexing. [#66705](https://github.com/saltstack/salt/issues/66705)
+
+
+### Added
+
+- Add Fedora 39 support [#65859](https://github.com/saltstack/salt/issues/65859)
+
+
+### Security
+
+- Upgrade to `cryptography==42.0.5` due to a few security issues:
+
+  * https://github.com/advisories/GHSA-9v9h-cgj8-h64p
+  * https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
+  * https://github.com/advisories/GHSA-6vqw-3v5j-54x4 [#66141](https://github.com/saltstack/salt/issues/66141)
+- Bump to `idna==3.7` due to https://github.com/advisories/GHSA-jjg7-2v4v-x38h [#66377](https://github.com/saltstack/salt/issues/66377)
+- Bump to `aiohttp==3.9.4` due to https://github.com/advisories/GHSA-7gpw-8wmc-pm8g [#66411](https://github.com/saltstack/salt/issues/66411)
+
+
 ## 3006.7 (2024-02-20)


--- a/SECURITY.md
+++ b/SECURITY.md
@ -4,77 +4,65 @@
 - saltproject-security.pdl@broadcom.com

 **GPG key ID:**
- 4EA0793D
+- 37654A06

 **GPG key fingerprint:**
- `8ABE 4EFC F0F4 B24B FF2A  AF90 D570 F2D3 4EA0 793D`
+- `99EF 26F2 6469 2D24 973A 7007 E8BF 76A7 3765 4A06`

 **GPG Public Key**

 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----

-mQINBFO15mMBEADa3CfQwk5ED9wAQ8fFDku277CegG3U1hVGdcxqKNvucblwoKCb
-hRK6u9ihgaO9V9duV2glwgjytiBI/z6lyWqdaD37YXG/gTL+9Md+qdSDeaOa/9eg
-7y+g4P+FvU9HWUlujRVlofUn5Dj/IZgUywbxwEybutuzvvFVTzsn+DFVwTH34Qoh
-QIuNzQCSEz3Lhh8zq9LqkNy91ZZQO1ZIUrypafspH6GBHHcE8msBFgYiNBnVcUFH
-u0r4j1Rav+621EtD5GZsOt05+NJI8pkaC/dDKjURcuiV6bhmeSpNzLaXUhwx6f29
-Vhag5JhVGGNQxlRTxNEM86HEFp+4zJQ8m/wRDrGX5IAHsdESdhP+ljDVlAAX/ttP
-/Ucl2fgpTnDKVHOA00E515Q87ZHv6awJ3GL1veqi8zfsLaag7rw1TuuHyGLOPkDt
-t5PAjsS9R3KI7pGnhqI6bTOi591odUdgzUhZChWUUX1VStiIDi2jCvyoOOLMOGS5
-AEYXuWYP7KgujZCDRaTNqRDdgPd93Mh9JI8UmkzXDUgijdzVpzPjYgFaWtyK8lsc
-Fizqe3/Yzf9RCVX/lmRbiEH+ql/zSxcWlBQd17PKaL+TisQFXcmQzccYgAxFbj2r
-QHp5ABEu9YjFme2Jzun7Mv9V4qo3JF5dmnUk31yupZeAOGZkirIsaWC3hwARAQAB
-tDBTYWx0U3RhY2sgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAc2FsdHN0YWNrLmNv
-bT6JAj4EEwECACgFAlO15mMCGwMFCQeGH4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
-AheAAAoJENVw8tNOoHk9z/MP/2vzY27fmVxU5X8joiiturjlgEqQw41IYEmWv1Bw
-4WVXYCHP1yu/1MC1uuvOmOd5BlI8YO2C2oyW7d1B0NorguPtz55b7jabCElekVCh
-h/H4ZVThiwqgPpthRv/2npXjIm7SLSs/kuaXo6Qy2JpszwDVFw+xCRVL0tH9KJxz
-HuNBeVq7abWD5fzIWkmGM9hicG/R2D0RIlco1Q0VNKy8klG+pOFOW886KnwkSPc7
-JUYp1oUlHsSlhTmkLEG54cyVzrTP/XuZuyMTdtyTc3mfgW0adneAL6MARtC5UB/h
-q+v9dqMf4iD3wY6ctu8KWE8Vo5MUEsNNO9EA2dUR88LwFZ3ZnnXdQkizgR/Aa515
-dm17vlNkSoomYCo84eN7GOTfxWcq+iXYSWcKWT4X+h/ra+LmNndQWQBRebVUtbKE
-ZDwKmiQz/5LY5EhlWcuU4lVmMSFpWXt5FR/PtzgTdZAo9QKkBjcv97LYbXvsPI69
-El1BLAg+m+1UpE1L7zJT1il6PqVyEFAWBxW46wXCCkGssFsvz2yRp0PDX8A6u4yq
-rTkt09uYht1is61joLDJ/kq3+6k8gJWkDOW+2NMrmf+/qcdYCMYXmrtOpg/wF27W
-GMNAkbdyzgeX/MbUBCGCMdzhevRuivOI5bu4vT5s3KdshG+yhzV45bapKRd5VN+1
-mZRqiQJVBBMBCAA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBIq+Tvzw
-9LJL/yqvkNVw8tNOoHk9BQJe1uRXBQkPoTz0AAoJENVw8tNOoHk9akAQANKIDIBY
-J3DmWH3g6rWURdREQcBVfMkw6j5MHlIEwlGrN3whSaPv2KR3tatRccBCQ0olQeYb
-ZeFtPuf0Du+LqGaAePo5DkPNU7GHoba2+ZE/sJ4wZ4CzAQM6+LvH2iLHeLZ1VLlu
-ZEftxD1RFKTqpnav8KiyYGkeFuEn4eMSIhbudp/8wkN40sCWL22D141EhVSRvLlO
-BMUpTWdtSYTg0F2pgQL5U2A56syuiwUwPXzQb45JEJILmG8zkeJB9s8kGtErypIH
-P+qxJXq24woGUFeJjiLdiOhI6/YoVBACUkKmig36CGf/DH5NAeQECeZq3YBNp7XK
-tsF1dPitxuTM/UkOHoHUnGhDlBcQMWe9WuBK4rA+7GH9NT8o7M6+2OKhk181tJ+s
-Y2kP7RSXOV162thRsNvVImXajAIFTR3ksEDFGVq/4jh85jFoIbNH3x27NxOu6e2p
-OIkXNXmSFXLUmwbfEfIk06gqP3xzkaj+eWHcLDkn9bUKblBJhHdhf9Vsy/N2NRW2
-23c64qDutw1NX7msDuN3KXisim+isBzPVVzymkkhkXK+UpjrRR0ePvph3fnGf1bc
-NipVtn1KKM7kurSrSjFVLwLi52SGnEHKJnbbhh+AKV09SNYi6IaKL8yw8c1d0K80
-PlBaJEvkC6myzaaRtYcna4pbiIysBaZtwDOOuQINBFO15mMBEAC5UuLii9ZLz6qH
-fIJp35IOW9U8SOf7QFhzXR7NZ3DmJsd3f6Nb/habQFIHjm3K9wbpj+FvaW2oWRlF
-VvYdzjUq6c82GUUjW1dnqgUvFwdmM8351n0YQ2TonmyaF882RvsRZrbJ65uvy7SQ
-xlouXaAYOdqwLsPxBEOyOnMPSktW5V2UIWyxsNP3sADchWIGq9p5D3Y/loyIMsS1
-dj+TjoQZOKSj7CuRT98+8yhGAY8YBEXu9r3I9o6mDkuPpAljuMc8r09Im6az2egt
-K/szKt4Hy1bpSSBZU4W/XR7XwQNywmb3wxjmYT6Od3Mwj0jtzc3gQiH8hcEy3+BO
-+NNmyzFVyIwOLziwjmEcw62S57wYKUVnHD2nglMsQa8Ve0e6ABBMEY7zGEGStva5
-9rfgeh0jUMJiccGiUDTMs0tdkC6knYKbu/fdRqNYFoNuDcSeLEw4DdCuP01l2W4y
-Y+fiK6hAcL25amjzc+yYo9eaaqTn6RATbzdhHQZdpAMxY+vNT0+NhP1Zo5gYBMR6
-5Zp/VhFsf67ijb03FUtdw9N8dHwiR2m8vVA8kO/gCD6wS2p9RdXqrJ9JhnHYWjiV
-uXR+f755ZAndyQfRtowMdQIoiXuJEXYw6XN+/BX81gJaynJYc0uw0MnxWQX+A5m8
-HqEsbIFUXBYXPgbwXTm7c4IHGgXXdwARAQABiQI8BBgBCAAmAhsMFiEEir5O/PD0
-skv/Kq+Q1XDy006geT0FAl7W5K0FCQ+hPUoACgkQ1XDy006geT1Q0Q//atnw1D4J
-13nL8Mygk+ANY4Xljub/TeZqKtzmnWGso843XysErLH1adCu1KDX1Dj4/o3WoPOt
-0O78uSS81N428ocOPKx+fA63n7q1mRqHHy6pLLVKoT66tmvE1ZN0ObaiPK9IxZkB
-ThGlHJk9VaUg0vzAaRznogWeBh1dyZktVrtbUO5u4xDX9iql/unVmCWm+U1R7t4q
-fqPEbk8ZnWc7x4bAZf8/vSQ93mAbpnRRuJdDK9tsiuhl8pRz7OyzvMS81rVF75ja
-7CcShPofrW4yZ7FqAUMwTbfrvsAraWmDjW17Ao7C2dUA9ViwSKJ6u6Pd5no/hwbm
-jVoxtO2RvjGOBxKneD36uENAUMBExjDTkSHmOxUYSknrEKUy7P1OL2ZHLG8/rouN
-5ZvIxHiMkz12ukSt29IHvCngn1UB4/7+tvDHqug4ZAZPuwH7TC5Hk6WO0OoK8Eb2
-sQa2QoehQjwK0IakGd5kFEqKgbrwYPPa3my7l58nOZmPHdMcTOzgKvUEYAITjsT4
-oOtocs9Nj+cfCfp6YUn6JeYfiHs+Xhze5igdWIl0ZO5rTmbqcD8A1URKBds0WA+G
-FLP9shPC0rS/L3Y1fKhqAc0h+znWBU6xjipTkmzh3FdM8gGT6g9YwGQNbi/x47k5
-vtBIWO4LPeGEvb2Gs65PL2eouOqU6yvBr5Y=
-=F/97
+mQINBGZpxDsBEACz8yoRBXaJiifaWz3wd4FLSO18mgH7H/+0iNTbV1ZwhgGEtWTF
+Z31HfrsbxVgICoMgFYt8WKnc4MHZLIgDfTuCFQpf7PV/VqRBAknZwQKEAjHfrYNz
+Q1vy3CeKC1qcKQISEQr7VFf58sOC8GJ54jLLc2rCsg9cXI6yvUFtGwL9Qv7g/NZn
+rtLjc4NZIKdIvSt+/PtooQtsz0jfLMdMpMFa41keH3MknIbydBUnGj7eC8ANN/iD
+Re2QHAW2KfQh3Ocuh/DpJ0/dwbzXmXfMWHk30E+s31TfdLiFt1Iz5kZDF8iHrDMq
+x39/GGmF10y5rfq43V1Ucxm+1tl5Km0JcX6GpPUtgRpfUYAxwxfGfezt4PjYRYH2
+mNxXXPLsnVTvdWPTvS0msSrcTHmnU5His38I6goXI7dLZm0saqoWi3sqEQ8TPS6/
+DkLtYjpb/+dql+KrXD7erd3j8KKflIXn7AEsv+luNk6czGOKgdG9agkklzOHfEPc
+xOGmaFfe/1mu8HxgaCuhNAQWlk79ZC+GAm0sBZIQAQRtABgag5vWr16hVix7BPMG
+Fp8+caOVv6qfQ7gBmJ3/aso6OzyOxsluVxQRt94EjPTm0xuwb1aYNJOhEj9cPkjQ
+XBjo3KN0rwcAViR/fdUzrIV1sn2hms0v5WZ+TDtz1w0OpLZOwe23BDE1+QARAQAB
+tEJTYWx0IFByb2plY3QgU2VjdXJpdHkgVGVhbSA8c2FsdHByb2plY3Qtc2VjdXJp
+dHkucGRsQGJyb2FkY29tLmNvbT6JAlcEEwEKAEEWIQSZ7ybyZGktJJc6cAfov3an
+N2VKBgUCZmnEOwIbAwUJB4TOAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
+CRDov3anN2VKBk7rD/9QdcYdNGfk96W906HlVpb3JCwT0t9T7ElP97Ot0YN6LqMj
+vVQpxWYi7riUSyt1FtlCAM+hmghImzILF9LKDRCZ1H5UStI/u9T53cZpUZtVW/8R
+bUNBCl495UcgioIZG5DsfZ/GdBOgY+hQfdgh7HC8a8A/owCt2hHbnth970NQ+LHb
+/0ERLfOHRxozgPBhze8Vqf939KlteM5ljgTw/IkJJIsxJi4C6pQntSHvB3/Bq/Nw
+Kf3vk3XYFtVibeQODSVvc6useo+SNGV/wsK/6kvh/vfP9Trv/GMOn/89Bj2aL1PR
+M382E6sDB9d22p4ehVgbcOpkwHtr9DGerK9xzfG4aUjLu9qVD5Ep3gqKSsCe+P8z
+bpADdVCnk+Vdp3Bi+KI7buSkqfbZ0m9vCY3ei1fMiDiTTjvNliL5QCO6PvYNYiDw
+LLImrQThv55ZRQsRRT7J6A94kwDoI6zcBEalv/aPws0nQHJtgWRUpmy5RcbVu9Z
+QBXlUpCzCB+gGaGRE1u0hCfuvkbcG1pXFFBdSUuAK4o4ktiRALVUndELic/PU1nR
+jwo/+j0SGw/jTwqVChUfLDZbiAQ2JICoVpZ+e1zQfsxa/yDu2e4D543SvNFHDsxh
+bsBeCsopzJSA0n2HAdYvPxOPoWVvZv+U8ZV3EEVOUgsO5//cRJddCgLU89Q4DrkC
+DQRmacQ7ARAAsz8jnpfw3DCRxdCVGiqWAtgj8r2gx5n1wJsKsgvyGQdKUtPwlX04
+7w13lIDT2DwoXFozquYsTn9XkIoWbVckqo0NN/V7/QxIZIYTqRcFXouHTbXDJm5C
+tsvfDlnTsaplyRawPU2mhYg39/lzIt8zIjvy5zo/pElkRP5m03nG+ItrsHN6CCvf
+ZiRxme6EQdn+aoHh2GtICL8+c3HvQzTHYKxFn84Ibt3uNxwt+Mu6YhG9tkYMQQk5
+SkYA4CYAaw2Lc/g0ee36iqw/5d79M8YcQtHhy5zzqgdEvExjFPdowV1hhFIEkNkM
+uqIAknXVesqLLw2hPeYmyhYQqeBKIrWmBhBKX9c0vMYkDDH3T/sSylVhH0QAXP6E
+WmLja3E1ov6pt6j7j/wWzC9LSMFDJI2yWCeOE1oea5D89tH6XvsGRTiog62zF/9a
+77197iIa0+o91chp4iLkzDvuK8pVujPx8bNsK8jlJ+OW73NmliCVg+hecoFLNsri
+/TsBngFNVcu79Q1XfyvoDdR2C09ItCBEZGt6LOlq/+ATUw1aBz6L1hvLBtiR3Hfu
+X31YlbxdvVPjlzg6O6GXSfnokNTWv2mVXWTRIrP0RrKvMyiNPXVW7EunUuXI0Axk
+Xg3E5kAjKXkBXzoCTCVz/sXPLjvjI0x3Z7obgPpcTi9h5DIX6PFyK/kAEQEAAYkC
+PAQYAQoAJhYhBJnvJvJkaS0klzpwB+i/dqc3ZUoGBQJmacQ7AhsMBQkHhM4AAAoJ
+EOi/dqc3ZUoGDeAQAKbyiHA1sl0fnvcZxoZ3mWA/Qesddp7Nv2aEW8I3hAJoTVml
+ZvMxk8leZgsQJtSsVDNnxeyW+WCIUkhxmd95UlkTTj5mpyci1YrxAltPJ2TWioLe
+F2doP8Y+4iGnaV+ApzWG33sLr95z37RKVdMuGk/O5nLMeWnSPA7HHWJCxECMm0SH
+uI8aby8w2aBZ1kOMFB/ToEEzLBu9fk+zCzG3uH8QhdciMENVhsyBSULIrmwKglyI
+VQwj2dXHyekQh7QEHV+CdKMfs3ZOANwm52OwjaK0dVb3IMFGvlUf4UXXfcXwLAkj
+vW+Ju4kLGxVQpOlh1EBain9WOaHZGh6EGuTpjJO32PyRq8iSMNb8coeonoPFWrE/
+A5dy3z5x5CZhJ6kyNwYs/9951r30Ct9qNZo9WZwp8AGQVs+J9XEYnZIWXnO1hdKs
+dRStPvY7VqS500t8eWqWRfCLgofZAb9Fv7SwTPQ2G7bOuTXmQKAIEkU9vzo5XACu
+AtR/9bC9ghNnlNuH4xiViBclrq2dif/I2ZwItpQHjuCDeMKz9kdADRI0tuNPpRHe
+QP1YpURW+I+PYZzNgbnwzl6Bxo7jCHFgG6BQ0ih5sVwEDhlXjSejd8CNMYEy3ElL
+xJLUpltwXLZSrJEXYjtJtnh0om71NXes0OyWE1cL4+U6WA9Hho6xedjk2bai
+=pPmt
 -----END PGP PUBLIC KEY BLOCK-----
 ```

--- a/changelog/50196.fixed.md
+++ b/changelog/50196.fixed.md
@ -0,0 +1 @@
+Made slsutil.renderer work with salt-ssh
--- a/changelog/51605.fixed.md
+++ b/changelog/51605.fixed.md
@ -0,0 +1 @@
+Fixed defaults.merge is not available when using salt-ssh
--- a/changelog/53363.fixed.md
+++ b/changelog/53363.fixed.md
@ -1,2 +0,0 @@
-``user.add`` on Windows now allows you to add user names that contain all
-numeric characters
--- a/changelog/56441.fixed.md
+++ b/changelog/56441.fixed.md
@ -0,0 +1 @@
+Fixed config.get does not support merge option with salt-ssh
--- a/changelog/57649.fixed.md
+++ b/changelog/57649.fixed.md
@ -0,0 +1 @@
+ Update to include croniter in pkg requirements
--- a/changelog/60508.fixed.md
+++ b/changelog/60508.fixed.md
@ -1,2 +0,0 @@
-Fix an issue with the win_system module detecting established connections on
-non-Windows systems. Uses psutils instead of parsing the return of netstat
--- a/changelog/61100.fixed.md
+++ b/changelog/61100.fixed.md
@ -0,0 +1 @@
+Fixed state.test does not work with salt-ssh
--- a/changelog/61143.fixed.md
+++ b/changelog/61143.fixed.md
@ -0,0 +1 @@
+Made slsutil.findup work with salt-ssh
--- a/changelog/61166.fixed.md
+++ b/changelog/61166.fixed.md
@ -0,0 +1,5 @@
+Fixes multiple issues with the cmd module on Windows. Scripts are called using
+the ``-File`` parameter to the ``powershell.exe`` binary. ``CLIXML`` data in
+stderr is now removed (only applies to encoded commands). Commands can now be
+sent to ``cmd.powershell`` as a list. Makes sure JSON data returned is valid.
+Strips whitespace from the return when using ``runas``.
--- a/changelog/61534.fixed.md
+++ b/changelog/61534.fixed.md
@ -0,0 +1,2 @@
+Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a
+rewrite to use PowerShell instead of netsh to make the changes on the system
--- a/changelog/61807.fixed.md
+++ b/changelog/61807.fixed.md
@ -1 +0,0 @@
-pkg.refresh_db on Windows now honors saltenv
--- a/changelog/62734.fixed.md
+++ b/changelog/62734.fixed.md
@ -1,3 +0,0 @@
-Fixed an issue with adding new machine policies and applying those same
-policies in the same state by adding a ``refresh_cache`` option to the
-``lgpo.set`` state.
--- a/changelog/63060.fixed.md
+++ b/changelog/63060.fixed.md
@ -1 +0,0 @@
-file.managed correctly handles file path with '#'
--- a/changelog/63654.fixed.md
+++ b/changelog/63654.fixed.md
@ -1 +0,0 @@
-Fix master ip detection when DNS records change
--- a/changelog/63667.fixed.md
+++ b/changelog/63667.fixed.md
@ -1 +0,0 @@
-Fix user and group management on Windows to handle the Everyone group
--- a/changelog/63848.fixed.md
+++ b/changelog/63848.fixed.md
@ -1,2 +0,0 @@
-Fixes an issue in pkg.refresh_db on Windows where new package definition
-files were not being picked up on the first run
--- a/changelog/64300.fixed.md
+++ b/changelog/64300.fixed.md
@ -0,0 +1 @@
+Fix utf8 handling in 'pass' renderer
--- a/changelog/64563.fixed.md
+++ b/changelog/64563.fixed.md
@ -0,0 +1 @@
+Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module.
--- a/changelog/64728.fixed.md
+++ b/changelog/64728.fixed.md
@ -0,0 +1 @@
+salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows.
--- a/changelog/64933.fixed.md
+++ b/changelog/64933.fixed.md
@ -1 +0,0 @@
-Display a proper error when pki commands fail in the win_pki module
--- a/changelog/65067.fixed.md
+++ b/changelog/65067.fixed.md
@ -0,0 +1 @@
+Fixed slsutil.update with salt-ssh during template rendering
--- a/changelog/65200.fixed.md
+++ b/changelog/65200.fixed.md
@ -1 +0,0 @@
-Prevent full system upgrade on single package install for Arch Linux
--- a/changelog/65251.fixed.md
+++ b/changelog/65251.fixed.md
@ -0,0 +1 @@
+Fix config.items when called on minion
--- a/changelog/65295.fixed.md
+++ b/changelog/65295.fixed.md
@ -0,0 +1 @@
+Fix typo in nftables module to ensure unique nft family values
--- a/changelog/65304.fixed.md
+++ b/changelog/65304.fixed.md
@ -0,0 +1 @@
+pkg.installed state aggregate does not honors requires requisite
--- a/changelog/65611.fixed.md
+++ b/changelog/65611.fixed.md
@ -1,7 +0,0 @@
-When using s3fs, if files are deleted from the bucket, they were not deleted in
-the master or minion local cache, which could lead to unexpected file copies or
-even state applications. This change makes the local cache consistent with the
-remote bucket by deleting files locally that are deleted from the bucket.
-
-**NOTE** this could lead to **breakage** on your affected systems if it was
-inadvertently depending on previously deleted files.
--- a/changelog/65630.fixed.md
+++ b/changelog/65630.fixed.md
@ -0,0 +1 @@
+Added SSH wrapper for logmod
--- a/changelog/65816.fixed.md
+++ b/changelog/65816.fixed.md
@ -0,0 +1 @@
+Fix for GitFS failure to unlock lock file, and resource cleanup for process SIGTERM
--- a/changelog/65837.fixed.md
+++ b/changelog/65837.fixed.md
@ -0,0 +1 @@
+Corrected x509_v2 CRL creation `last_update` and `next_update` values when system timezone is not UTC
--- a/changelog/65859.added.md
+++ b/changelog/65859.added.md
@ -1 +0,0 @@
-Add Fedora 39 support
--- a/changelog/65860.deprecated.md
+++ b/changelog/65860.deprecated.md
@ -1 +0,0 @@
-Drop Fedora 37 and Fedora 38 support
--- a/changelog/66049.fixed.md
+++ b/changelog/66049.fixed.md
@ -1,2 +0,0 @@
-Fixed an issue with file.directory state where paths would be modified in test
-mode if backupname is used.
--- a/changelog/66104.deprecated.md
+++ b/changelog/66104.deprecated.md
@ -1 +0,0 @@
-Drop CentOS Stream 8 and 9 from CI/CD
--- a/changelog/66105.deprecated.md
+++ b/changelog/66105.deprecated.md
@ -1 +0,0 @@
-Drop Photon OS 3 support
--- a/changelog/66124.fixed.md
+++ b/changelog/66124.fixed.md
@ -1 +0,0 @@
-Execution modules have access to regular fileclient durring pillar rendering.
--- a/changelog/66126.fixed.md
+++ b/changelog/66126.fixed.md
@ -1,2 +0,0 @@
-Fixed a issue with server channel where a minion's public key
-would be rejected if it contained a final newline character.
--- a/changelog/66127.fixed.md
+++ b/changelog/66127.fixed.md
@ -1 +0,0 @@
-Fix content type backwards compatablity with http proxy post requests in the http utils module.
--- a/changelog/66139.deprecated.md
+++ b/changelog/66139.deprecated.md
@ -1 +0,0 @@
-The ``salt.utils.psutil_compat`` module has been deprecated and will be removed in Salt 3008. Please use the ``psutil`` module directly.
--- a/changelog/66141.security.md
+++ b/changelog/66141.security.md
@ -1,5 +0,0 @@
-Upgrade to `cryptography==42.0.5` due to a few security issues:
-
-* https://github.com/advisories/GHSA-9v9h-cgj8-h64p
-* https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
-* https://github.com/advisories/GHSA-6vqw-3v5j-54x4
--- a/changelog/66143.fixed.md
+++ b/changelog/66143.fixed.md
@ -1 +0,0 @@
-Fix systemctl with "try-restart" instead of "retry-restart" within the RPM spec, properly restarting upgraded services
--- a/changelog/66147.removed.md
+++ b/changelog/66147.removed.md
@ -1,7 +0,0 @@
-Removed deprecated code scheduled to be removed on 2024-01-01:
-
-* ``TemporaryLoggingHandler`` and ``QueueHandler`` in ``salt/_logging/handlers.py``
-* All of the ``salt/log`` package.
-* The ``salt/modules/cassandra_mod.py`` module.
-* The ``salt/returners/cassandra_return.py`` returner.
-* The ``salt/returners/django_return.py`` returner.
--- a/changelog/66180.added.md
+++ b/changelog/66180.added.md
@ -0,0 +1 @@
+Add Ubuntu 24.04 support
--- a/changelog/66205.fixed.md
+++ b/changelog/66205.fixed.md
@ -1 +0,0 @@
-Auto discovery of ssh, scp and ssh-keygen binaries.
--- a/changelog/66280.fixed.md
+++ b/changelog/66280.fixed.md
@ -1 +0,0 @@
-Add leading slash to salt helper file paths as per dh_links requirement
--- a/changelog/66284.fixed.md
+++ b/changelog/66284.fixed.md
@ -1 +0,0 @@
-Fixed x509.certificate_managed - ca_server did not return a certificate
--- a/changelog/66289.fixed.md
+++ b/changelog/66289.fixed.md
@ -1 +0,0 @@
-removed log line that did nothing.
--- a/changelog/66290.fixed.md
+++ b/changelog/66290.fixed.md
@ -1,2 +0,0 @@
-Chocolatey: Make sure the return dictionary from ``chocolatey.version``
-contains lowercase keys
--- a/changelog/66292.fixed.md
+++ b/changelog/66292.fixed.md
@ -1 +0,0 @@
-fix cacheing inline pillar, by not rendering inline pillar during cache save function.
--- a/changelog/66300.added.md
+++ b/changelog/66300.added.md
@ -0,0 +1 @@
+Add Fedora 40 support, replacing Fedora 39
--- a/changelog/66342.fixed.md
+++ b/changelog/66342.fixed.md
@ -0,0 +1 @@
+Made `file.managed` skip download of a remote source if the managed file already exists with the correct hash
--- a/changelog/66377.security.md
+++ b/changelog/66377.security.md
@ -1 +0,0 @@
-Bump to `idna==3.7` due to https://github.com/advisories/GHSA-jjg7-2v4v-x38h
--- a/changelog/66382.fixed.md
+++ b/changelog/66382.fixed.md
@ -0,0 +1 @@
+Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source and destination addresses
--- a/changelog/66400.fixed.md
+++ b/changelog/66400.fixed.md
@ -1 +0,0 @@
-The file module correctly perserves file permissions on link target.
--- a/changelog/66402.fixed.md
+++ b/changelog/66402.fixed.md
@ -1 +0,0 @@
-Upgrade relenv to 0.16.0 and python to 3.10.14
--- a/changelog/66411.security.md
+++ b/changelog/66411.security.md
@ -1 +0,0 @@
-Bump to `aiohttp==3.9.4` due to https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
--- a/changelog/66414.fixed.md
+++ b/changelog/66414.fixed.md
@ -0,0 +1 @@
+Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key
--- a/changelog/66488.security.md
+++ b/changelog/66488.security.md
@ -0,0 +1 @@
+Bump to ``jinja2==3.1.4`` due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj
--- a/changelog/66579.fixed.md
+++ b/changelog/66579.fixed.md
@ -0,0 +1 @@
+Fix support for FIPS approved encryption and signing algorithms.
--- a/changelog/66604.fixed.md
+++ b/changelog/66604.fixed.md
@ -0,0 +1 @@
+Fix RPM package provides
--- a/changelog/66623.deprecated.md
+++ b/changelog/66623.deprecated.md
@ -0,0 +1 @@
+Drop CentOS 7 support
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				`Fixed defaults.merge is not available when using salt-ssh`
				`@ -0,0 +1 @@`
				`Fixed config.get does not support merge option with salt-ssh`
				`@ -0,0 +1 @@`
				`Update to include croniter in pkg requirements`
				`@ -0,0 +1 @@`
				`Fixed state.test does not work with salt-ssh`
				`@ -1 +0,0 @@`
				`pkg.refresh_db on Windows now honors saltenv`
				`@ -1 +0,0 @@`
				`file.managed correctly handles file path with '#'`
				`@ -1 +0,0 @@`
				`Fix master ip detection when DNS records change`
				`@ -1 +0,0 @@`
				`Fix user and group management on Windows to handle the Everyone group`
				`@ -0,0 +1 @@`
				`Fixed incorrect version argument will be ignored for multiple package targets warning when using pkgs argument to yumpkg module.`
				`@ -0,0 +1 @@`
				`salt-cloud honors root_dir config setting for log_file location and fixes for root_dir locations on windows.`