saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge 3006.x into 3007.x

Browse source
This commit is contained in:
Pedro Algarvio 2024-01-05 11:29:13 +00:00
commit 68ecf808e3
No known key found for this signature in database
GPG key ID: BB36BF6584A298FF
83 changed files with 3641 additions and 6921 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

132
.github/workflows/build-deb-packages.yml vendored
View file

@ -1,132 +0,0 @@
---
name: Build DEB Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build:
name: DEB
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-12
steps:
# Checkout here so we can easily use custom actions
- uses: actions/checkout@v4
# Checkout here for the build process
- name: Checkout in build directory
uses: actions/checkout@v4
with:
path:
pkgs/checkout/
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: pkgs/checkout/artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
path: pkgs/checkout/
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cwd: pkgs/checkout/
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
cwd: pkgs/checkout/
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build Deb
working-directory: pkgs/checkout/
run: |
tools pkg build deb --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Cleanup
run: |
rm -rf pkgs/checkout/
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload DEBs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ${{ github.workspace }}/pkgs/*
retention-days: 7
if-no-files-found: error

135
.github/workflows/build-deps-ci-action-macos.yml vendored
View file

@ -1,135 +0,0 @@
---
name: Install Test Dependencies
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
nox-session:
required: true
type: string
description: The nox session to run
salt-version:
type: string
required: true
description: The Salt version to set prior to running tests.
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
nox-version:
required: true
type: string
description: The nox version to install
python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
env:
COLUMNS: 190
PIP_INDEX_URL: "https://pypi-proxy.saltstack.net/root/local/+simple/"
PIP_EXTRA_INDEX_URL: "https://pypi.org/simple"
GITHUB_ACTIONS_PIPELINE: "1"
jobs:
dependencies:
name: Install
runs-on: ${{ inputs.distro-slug }}
timeout-minutes: 90
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/setup-python@v4
with:
python-version: "${{ inputs.python-version }}"
- name: Install System Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
brew install openssl@3
- name: Install Nox
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
env:
PRINT_TEST_SELECTION: "0"
PRINT_SYSTEM_INFO: "0"
run: |
export PYCURL_SSL_LIBRARY=openssl
export LDFLAGS="-L/usr/local/opt/openssl@3/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@3/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig"
nox --install-only -e ${{ inputs.nox-session }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e "pre-archive-cleanup(pkg=False)"
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e compress-dependencies -- ${{ inputs.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: nox.${{ inputs.distro-slug }}.tar.*

258
.github/workflows/build-deps-ci-action.yml vendored
View file

@ -4,10 +4,6 @@ name: Install Test Dependencies
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
nox-session:
required: true
type: string
@ -20,18 +16,14 @@ on:
required: true
type: string
description: Seed used to invalidate caches
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
nox-version:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -53,13 +45,21 @@ env:
jobs:
dependencies:
name: Install
linux-dependencies:
name: Linux
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
- distro-slug: centos-7
arch: x86_64
- distro-slug: centos-7-arm64
arch: arm64
steps:
- name: "Throttle Builds"
@ -70,20 +70,18 @@ jobs:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Cache nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -92,7 +90,7 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
@ -116,45 +114,243 @@ jobs:
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ inputs.distro-slug }}
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }}
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ inputs.distro-slug }}
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ inputs.distro-slug }}
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ inputs.distro-slug }}
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }}
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: nox.${{ inputs.distro-slug }}.tar.*
name: nox-linux-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.linux.${{ matrix.arch }}.tar.*
macos-dependencies:
name: MacOS
runs-on: ${{ matrix.distro-slug }}
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
- distro-slug: macos-12
arch: x86_64
- distro-slug: macos-13-xlarge
arch: arm64
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/setup-python@v4
with:
python-version: "${{ inputs.python-version }}"
- name: Install System Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
brew install openssl@3
- name: Install Nox
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
env:
PRINT_TEST_SELECTION: "0"
PRINT_SYSTEM_INFO: "0"
run: |
export PYCURL_SSL_LIBRARY=openssl
export LDFLAGS="-L/usr/local/opt/openssl@3/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@3/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig"
nox --install-only -e ${{ inputs.nox-session }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e "pre-archive-cleanup(pkg=False)"
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e compress-dependencies -- macos ${{ matrix.arch }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-macos-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.macos.${{ matrix.arch }}.tar.*
windows-dependencies:
name: Windows
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
- distro-slug: windows-2022
arch: amd64
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
- name: Get Salt Project GitHub Actions Bot Environment
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-windows-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.windows.${{ matrix.arch }}.tar.*

83
.github/workflows/build-deps-onedir-linux.yml vendored
View file

@ -1,83 +0,0 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-linux-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: linux
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: linux
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

88
.github/workflows/build-deps-onedir-macos.yml vendored
View file

@ -1,88 +0,0 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- aarch64
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-macos
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: darwin
arch: ${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: darwin
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

86
.github/workflows/build-deps-onedir-windows.yml vendored
View file

@ -1,86 +0,0 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-windows-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: windows
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

181
.github/workflows/build-deps-onedir.yml vendored Normal file
View file

@ -0,0 +1,181 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-linux-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: linux
arch: ${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: linux
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-deps-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- arm64
runs-on:
- ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-macos
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: macos
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: macos
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-deps-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-windows-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: windows
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

5
.github/workflows/build-docs.yml vendored
View file

@ -24,10 +24,7 @@ jobs:
build:
name: Build
runs-on:
- self-hosted
- linux
- medium
- x86_64
- ubuntu-latest
strategy:
fail-fast: false
matrix:

158
.github/workflows/build-macos-packages.yml vendored
View file

@ -1,158 +0,0 @@
---
name: Build macOS Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
sign-packages:
type: boolean
default: false
description: Sign Packages
environment:
type: string
description: The GitHub Environment where this workflow should run
default: ci
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-pkgs:
name: macOS
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
source:
- ${{ inputs.source }}
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-packages }}" == "true" ]; then
if [ "${{ (secrets.MAC_SIGN_APPLE_ACCT != '' && contains(fromJSON('["nightly", "staging"]'), inputs.environment)) && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Prepare Package Signing
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
run: |
echo ${{ secrets.MAC_SIGN_DEV_APP_CERT_B64 }} | base64 --decode > app-cert.p12
echo ${{ secrets.MAC_SIGN_DEV_INSTALL_CERT_B64 }} | base64 --decode > install-cert.p12
# Create SaltSigning keychain. This will contain the certificates for signing
security create-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Append SaltSigning keychain to the search list
security list-keychains -d user -s "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" "$(security list-keychains -d user | sed s/\"//g)"
# Unlock the keychain so we can import certs
security unlock-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Developer Application Certificate
security import "app-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm app-cert.p12
# Developer Installer Certificate
security import "install-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm install-cert.p12
security set-key-partition-list -S apple-tool:,apple: -k "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" &> /dev/null
- name: Build MacOS Package
env:
DEV_APP_CERT: "${{ secrets.MAC_SIGN_DEV_APP_CERT }}"
DEV_INSTALL_CERT: "${{ secrets.MAC_SIGN_DEV_INSTALL_CERT }}"
APPLE_ACCT: "${{ secrets.MAC_SIGN_APPLE_ACCT }}"
APPLE_TEAM_ID: "${{ secrets.MAC_SIGN_APPLE_TEAM_ID }}"
APP_SPEC_PWD: "${{ secrets.MAC_SIGN_APP_SPEC_PWD }}"
run: |
tools pkg build macos --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-darwin-{1}.tar.xz --salt-version {0} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0}', inputs.salt-version)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: pkg/macos/salt-${{ inputs.salt-version }}-py3-*.pkg
retention-days: 7
if-no-files-found: error

461
.github/workflows/build-packages.yml vendored Normal file
View file

@ -0,0 +1,461 @@
---
name: Build Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
sign-macos-packages:
type: boolean
default: false
description: Sign MacOS Packages
sign-windows-packages:
type: boolean
default: false
description: Sign Windows Packages
environment:
type: string
description: The GitHub Environment where this workflow should run
default: ci
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-macos-pkgs:
name: macOS
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
source:
- ${{ inputs.source }}
runs-on:
- ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-macos-packages }}" == "true" ]; then
if [ "${{ (secrets.MAC_SIGN_APPLE_ACCT != '' && contains(fromJSON('["nightly", "staging"]'), inputs.environment)) && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-macos-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Prepare Package Signing
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
run: |
echo ${{ secrets.MAC_SIGN_DEV_APP_CERT_B64 }} | base64 --decode > app-cert.p12
echo ${{ secrets.MAC_SIGN_DEV_INSTALL_CERT_B64 }} | base64 --decode > install-cert.p12
# Create SaltSigning keychain. This will contain the certificates for signing
security create-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Append SaltSigning keychain to the search list
security list-keychains -d user -s "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" "$(security list-keychains -d user | sed s/\"//g)"
# Unlock the keychain so we can import certs
security unlock-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Developer Application Certificate
security import "app-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm app-cert.p12
# Developer Installer Certificate
security import "install-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm install-cert.p12
security set-key-partition-list -S apple-tool:,apple: -k "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" &> /dev/null
- name: Build MacOS Package
env:
DEV_APP_CERT: "${{ secrets.MAC_SIGN_DEV_APP_CERT }}"
DEV_INSTALL_CERT: "${{ secrets.MAC_SIGN_DEV_INSTALL_CERT }}"
APPLE_ACCT: "${{ secrets.MAC_SIGN_APPLE_ACCT }}"
APPLE_TEAM_ID: "${{ secrets.MAC_SIGN_APPLE_TEAM_ID }}"
APP_SPEC_PWD: "${{ secrets.MAC_SIGN_APP_SPEC_PWD }}"
run: |
tools pkg build macos --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-macos-{1}.tar.xz --salt-version {0} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0}', inputs.salt-version)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: pkg/macos/salt-${{ inputs.salt-version }}-py3-*.pkg
retention-days: 7
if-no-files-found: error
build-deb-packages:
name: DEB
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-12
steps:
# Checkout here so we can easily use custom actions
- uses: actions/checkout@v4
# Checkout here for the build process
- name: Checkout in build directory
uses: actions/checkout@v4
with:
path:
pkgs/checkout/
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: pkgs/checkout/artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
path: pkgs/checkout/
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cwd: pkgs/checkout/
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
cwd: pkgs/checkout/
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build Deb
working-directory: pkgs/checkout/
run: |
tools pkg build deb --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Cleanup
run: |
rm -rf pkgs/checkout/
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload DEBs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ${{ github.workspace }}/pkgs/*
retention-days: 7
if-no-files-found: error
build-rpm-packages:
name: RPM
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:centosstream-9
steps:
- uses: actions/checkout@v4
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build RPM
run: |
tools pkg build rpm --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload RPMs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ~/rpmbuild/RPMS/*/*.rpm
retention-days: 7
if-no-files-found: error
build-windows-pkgs:
name: Windows
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
source:
- ${{ inputs.source }}
runs-on:
- windows-latest
env:
SM_HOST: "${{ secrets.WIN_SIGN_HOST_PROD }}"
SM_API_KEY: "${{ secrets.WIN_SIGN_API_KEY }}"
SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12"
SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}"
SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}"
WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}"
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-windows-packages }}" == "true" ]; then
if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-windows-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip
path: artifacts/
- name: Code signing with Software Trust Manager
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
uses: digicert/ssm-code-signing@v0.0.2
- name: Setup Certificate
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
shell: bash
run: |
echo "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
- name: Build Windows Packages
run: |
tools pkg build windows --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-windows-{1}.zip --salt-version {0} --arch {1} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0} --arch {1}', inputs.salt-version, matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
shell: bash
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI" >> "$GITHUB_OUTPUT"
else
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS-from-src" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} NSIS Packages
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-nsis }}
path: pkg/windows/build/Salt-*.exe
retention-days: 7
if-no-files-found: error
- name: Upload ${{ matrix.arch }} MSI Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-msi }}
path: pkg/windows/build/Salt-*.msi
retention-days: 7
if-no-files-found: error

114
.github/workflows/build-rpm-packages.yml vendored
View file

@ -1,114 +0,0 @@
---
name: Build RPM Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build:
name: RPM
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:centosstream-9
steps:
- uses: actions/checkout@v4
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build RPM
run: |
tools pkg build rpm --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload RPMs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ~/rpmbuild/RPMS/${{ matrix.arch }}/*.rpm
retention-days: 7
if-no-files-found: error

90
.github/workflows/build-salt-onedir-linux.yml vendored
View file

@ -1,90 +0,0 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-windows
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Setup Relenv
uses: ./.github/actions/setup-relenv
id: setup-relenv
with:
platform: linux
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: linux
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

93
.github/workflows/build-salt-onedir-macos.yml vendored
View file

@ -1,93 +0,0 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- aarch64
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: darwin
arch: ${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: darwin
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

93
.github/workflows/build-salt-onedir-windows.yml vendored
View file

@ -1,93 +0,0 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: windows
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

200
.github/workflows/build-salt-onedir.yml vendored Normal file
View file

@ -0,0 +1,200 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-windows
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Setup Relenv
uses: ./.github/actions/setup-relenv
id: setup-relenv
with:
platform: linux
arch: ${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: linux
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-salt-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- arm64
runs-on:
- ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: macos
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: macos
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-salt-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: windows
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

164
.github/workflows/build-windows-packages.yml vendored
View file

@ -1,164 +0,0 @@
---
name: Build Windows Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
sign-packages:
type: boolean
default: false
description: Sign Packages
environment:
type: string
description: The GitHub Environment where this workflow should run
default: ci
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-pkgs:
name: Windows
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
source:
- ${{ inputs.source }}
runs-on:
- windows-latest
env:
SM_HOST: "${{ secrets.WIN_SIGN_HOST_PROD }}"
SM_API_KEY: "${{ secrets.WIN_SIGN_API_KEY }}"
SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12"
SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}"
SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}"
WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}"
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-packages }}" == "true" ]; then
if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip
path: artifacts/
- name: Code signing with Software Trust Manager
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
uses: digicert/ssm-code-signing@v0.0.2
- name: Setup Certificate
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
shell: bash
run: |
echo "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
- name: Build Windows Packages
run: |
tools pkg build windows --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-windows-{1}.zip --salt-version {0} --arch {1} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0} --arch {1}', inputs.salt-version, matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
shell: bash
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI" >> "$GITHUB_OUTPUT"
else
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS-from-src" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} NSIS Packages
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-nsis }}
path: pkg/windows/build/Salt-*.exe
retention-days: 7
if-no-files-found: error
- name: Upload ${{ matrix.arch }} MSI Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-msi }}
path: pkg/windows/build/Salt-*.msi
retention-days: 7
if-no-files-found: error

1407
.github/workflows/ci.yml vendored
View file

File diff suppressed because it is too large Load diff

4
.github/workflows/lint-action.yml vendored
View file

@ -18,7 +18,7 @@ env:
jobs:
Salt:
name: Lint Salt's Source Code
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "large", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['salt'] || fromJSON(inputs.changed-files)['lint'] }}
container:
@ -62,7 +62,7 @@ jobs:
Tests:
name: Lint Salt's Test Suite
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "large", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['tests'] || fromJSON(inputs.changed-files)['lint'] }}
container:

1459
.github/workflows/nightly.yml vendored
View file

File diff suppressed because it is too large Load diff

2
.github/workflows/pre-commit-action.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
Pre-Commit:
name: Run Pre-Commit Against Salt
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
container:
image: ghcr.io/saltstack/salt-ci-containers/python:3.10

2
.github/workflows/release-tag.yml vendored
View file

@ -31,7 +31,7 @@ jobs:
permissions:
contents: write # for dev-drprasad/delete-tag-and-release to delete tags or releases
name: Generate Tag and Github Release
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- uses: dev-drprasad/delete-tag-and-release@v0.2.0
if: github.event.inputs.reTag == 'true'

2
.github/workflows/release-update-winrepo.yml vendored
View file

@ -19,7 +19,7 @@ permissions:
jobs:
update-winrepo:
name: Update Winrepo
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- name: Checkout Salt

748
.github/workflows/release.yml vendored
View file

@ -35,7 +35,7 @@ jobs:
check-requirements:
name: Check Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: release-check
steps:
- name: Check For Admin Permission
@ -58,6 +58,7 @@ jobs:
cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }}
latest-release: ${{ steps.get-salt-releases.outputs.latest-release }}
releases: ${{ steps.get-salt-releases.outputs.releases }}
nox-archive-hash: ${{ steps.nox-archive-hash.outputs.nox-archive-hash }}
steps:
- uses: actions/checkout@v4
with:
@ -116,6 +117,11 @@ jobs:
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Get Hash For Nox Tarball Cache
id: nox-archive-hash
run: |
echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT"
download-onedir-artifact:
name: Download Staging Onedir Artifact
runs-on:
@ -132,15 +138,15 @@ jobs:
- platform: linux
arch: x86_64
- platform: linux
arch: aarch64
arch: arm64
- platform: windows
arch: amd64
- platform: windows
arch: x86
- platform: darwin
- platform: macos
arch: x86_64
- platform: darwin
arch: aarch64
- platform: macos
arch: arm64
steps:
- uses: actions/checkout@v4
@ -166,662 +172,19 @@ jobs:
path: artifacts/salt-${{ inputs.salt-version }}-onedir-${{ matrix.platform }}-${{ matrix.arch }}.tar.xz*
retention-days: 7
if-no-files-found: error
windows-2016-ci-deps:
name: Windows 2016 Deps
build-ci-deps:
name: CI Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: windows-2016
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
windows-2019-ci-deps:
name: Windows 2019 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: windows-2019
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
windows-2022-ci-deps:
name: Windows 2022 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: windows-2022
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
macos-12-ci-deps:
name: macOS 12 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: macos-12
nox-session: ci-test-onedir
platform: darwin
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
macos-13-ci-deps:
name: macOS 13 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: macos-13
nox-session: ci-test-onedir
platform: darwin
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
macos-13-xlarge-ci-deps:
name: macOS 13 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: macos-13-xlarge
nox-session: ci-test-onedir
platform: darwin
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-8-ci-deps:
name: Alma Linux 8 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-8
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-8-arm64-ci-deps:
name: Alma Linux 8 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-8-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-9-ci-deps:
name: Alma Linux 9 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-9
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-9-arm64-ci-deps:
name: Alma Linux 9 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-9-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2-ci-deps:
name: Amazon Linux 2 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2-arm64-ci-deps:
name: Amazon Linux 2 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2023-ci-deps:
name: Amazon Linux 2023 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2023
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2023-arm64-ci-deps:
name: Amazon Linux 2023 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2023-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
archlinux-lts-ci-deps:
name: Arch Linux LTS Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: archlinux-lts
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centos-7-ci-deps:
name: CentOS 7 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centos-7
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centos-7-arm64-ci-deps:
name: CentOS 7 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centos-7-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-8-ci-deps:
name: CentOS Stream 8 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-8
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-8-arm64-ci-deps:
name: CentOS Stream 8 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-8-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-9-ci-deps:
name: CentOS Stream 9 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-9
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-9-arm64-ci-deps:
name: CentOS Stream 9 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-9-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-10-ci-deps:
name: Debian 10 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-10
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-11-ci-deps:
name: Debian 11 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-11
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-11-arm64-ci-deps:
name: Debian 11 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-11-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-12-ci-deps:
name: Debian 12 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-12
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-12-arm64-ci-deps:
name: Debian 12 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-12-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-37-ci-deps:
name: Fedora 37 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-37
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-37-arm64-ci-deps:
name: Fedora 37 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-37-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-38-ci-deps:
name: Fedora 38 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-38
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-38-arm64-ci-deps:
name: Fedora 38 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-38-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
opensuse-15-ci-deps:
name: Opensuse 15 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: opensuse-15
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-3-ci-deps:
name: Photon OS 3 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-3
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-3-arm64-ci-deps:
name: Photon OS 3 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-3-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-4-ci-deps:
name: Photon OS 4 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-4
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-4-arm64-ci-deps:
name: Photon OS 4 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-4-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-5-ci-deps:
name: Photon OS 5 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-5
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-5-arm64-ci-deps:
name: Photon OS 5 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-5-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2004-ci-deps:
name: Ubuntu 20.04 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-20.04
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2004-arm64-ci-deps:
name: Ubuntu 20.04 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-20.04-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2204-ci-deps:
name: Ubuntu 22.04 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-22.04
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2204-arm64-ci-deps:
name: Ubuntu 22.04 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-22.04-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
backup:
name: Backup
@ -894,43 +257,7 @@ jobs:
needs:
- prepare-workflow
- publish-repositories
- almalinux-8-arm64-ci-deps
- almalinux-8-ci-deps
- almalinux-9-arm64-ci-deps
- almalinux-9-ci-deps
- amazonlinux-2-arm64-ci-deps
- amazonlinux-2-ci-deps
- amazonlinux-2023-arm64-ci-deps
- amazonlinux-2023-ci-deps
- centos-7-arm64-ci-deps
- centos-7-ci-deps
- centosstream-8-arm64-ci-deps
- centosstream-8-ci-deps
- centosstream-9-arm64-ci-deps
- centosstream-9-ci-deps
- debian-10-ci-deps
- debian-11-arm64-ci-deps
- debian-11-ci-deps
- debian-12-arm64-ci-deps
- debian-12-ci-deps
- fedora-37-arm64-ci-deps
- fedora-37-ci-deps
- fedora-38-arm64-ci-deps
- fedora-38-ci-deps
- macos-12-ci-deps
- macos-13-ci-deps
- macos-13-xlarge-ci-deps
- photonos-3-arm64-ci-deps
- photonos-3-ci-deps
- photonos-4-arm64-ci-deps
- photonos-4-ci-deps
- photonos-5-arm64-ci-deps
- photonos-5-ci-deps
- ubuntu-2004-arm64-ci-deps
- ubuntu-2004-ci-deps
- ubuntu-2204-arm64-ci-deps
- ubuntu-2204-ci-deps
- windows-2022-ci-deps
- build-ci-deps
- download-onedir-artifact
uses: ./.github/workflows/test-package-downloads-action.yml
with:
@ -942,6 +269,7 @@ jobs:
python-version: "3.10"
skip-code-coverage: true
latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}"
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
secrets: inherit
release:
@ -1114,7 +442,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- check-requirements
- prepare-workflow
@ -1122,47 +450,7 @@ jobs:
- pkg-download-tests
- release
- publish-pypi
- windows-2016-ci-deps
- windows-2019-ci-deps
- windows-2022-ci-deps
- macos-12-ci-deps
- macos-13-ci-deps
- macos-13-xlarge-ci-deps
- almalinux-8-ci-deps
- almalinux-8-arm64-ci-deps
- almalinux-9-ci-deps
- almalinux-9-arm64-ci-deps
- amazonlinux-2-ci-deps
- amazonlinux-2-arm64-ci-deps
- amazonlinux-2023-ci-deps
- amazonlinux-2023-arm64-ci-deps
- archlinux-lts-ci-deps
- centos-7-ci-deps
- centos-7-arm64-ci-deps
- centosstream-8-ci-deps
- centosstream-8-arm64-ci-deps
- centosstream-9-ci-deps
- centosstream-9-arm64-ci-deps
- debian-10-ci-deps
- debian-11-ci-deps
- debian-11-arm64-ci-deps
- debian-12-ci-deps
- debian-12-arm64-ci-deps
- fedora-37-ci-deps
- fedora-37-arm64-ci-deps
- fedora-38-ci-deps
- fedora-38-arm64-ci-deps
- opensuse-15-ci-deps
- photonos-3-ci-deps
- photonos-3-arm64-ci-deps
- photonos-4-ci-deps
- photonos-4-arm64-ci-deps
- photonos-5-ci-deps
- photonos-5-arm64-ci-deps
- ubuntu-2004-ci-deps
- ubuntu-2004-arm64-ci-deps
- ubuntu-2204-ci-deps
- ubuntu-2204-arm64-ci-deps
- build-ci-deps
steps:
- name: Get workflow information
id: get-workflow-info

1411
.github/workflows/scheduled.yml vendored
View file

File diff suppressed because it is too large Load diff

1453
.github/workflows/staging.yml vendored
View file

File diff suppressed because it is too large Load diff

74
.github/workflows/templates/build-ci-deps.yml.jinja vendored
View file

@ -1,86 +1,22 @@
<%- for slug, display_name, arch in build_ci_deps_listing["windows"] %>
<{ slug.replace(".", "") }>-ci-deps:
<%- do test_salt_needs.append(slug.replace(".", "") + "-ci-deps") %>
name: <{ display_name }> Deps
build-ci-deps:
<%- do test_salt_needs.append("build-ci-deps") %>
name: CI Deps
<%- if workflow_slug != 'release' %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-ci'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
<%- endif %>
needs:
- prepare-workflow
<%- if workflow_slug != 'release' %>
- build-salt-onedir-windows
- build-salt-onedir
<%- else %>
- download-onedir-artifact
<%- endif %>
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
<%- endfor %>
<%- for slug, display_name, arch in build_ci_deps_listing["macos"] %>
<{ slug.replace(".", "") }>-ci-deps:
<%- do test_salt_needs.append(slug.replace(".", "") + "-ci-deps") %>
name: <{ display_name }> Deps
<%- if workflow_slug != 'release' %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-ci'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
<%- endif %>
needs:
- prepare-workflow
<%- if workflow_slug != 'release' %>
- build-salt-onedir-macos
<%- else %>
- download-onedir-artifact
<%- endif %>
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
arch: <{ arch }>
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
<%- endfor %>
<%- for slug, display_name, arch in build_ci_deps_listing["linux"] %>
<{ slug.replace(".", "") }>-ci-deps:
<%- do test_salt_needs.append(slug.replace(".", "") + "-ci-deps") %>
name: <{ display_name }> Deps
<%- if workflow_slug != 'release' %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-ci'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
<%- endif %>
needs:
- prepare-workflow
<%- if workflow_slug != 'release' %>
- build-salt-onedir-linux
<%- else %>
- download-onedir-artifact
<%- endif %>
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: linux
arch: <{ arch }>
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
<%- endfor %>
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"

10
.github/workflows/templates/build-deb-repo.yml.jinja vendored
View file

@ -5,15 +5,15 @@
include:
<%- for distro, version, arch in (
("debian", "10", "x86_64"),
("debian", "10", "aarch64"),
("debian", "10", "arm64"),
("debian", "11", "x86_64"),
("debian", "11", "aarch64"),
("debian", "11", "arm64"),
("debian", "12", "x86_64"),
("debian", "12", "aarch64"),
("debian", "12", "arm64"),
("ubuntu", "20.04", "x86_64"),
("ubuntu", "20.04", "aarch64"),
("ubuntu", "20.04", "arm64"),
("ubuntu", "22.04", "x86_64"),
("ubuntu", "22.04", "aarch64"),
("ubuntu", "22.04", "arm64"),
) %>
- pkg-type: deb
distro: <{ distro }>

358
.github/workflows/templates/build-deps-ci-action.yml.jinja vendored Normal file
View file

@ -0,0 +1,358 @@
---
name: Install Test Dependencies
on:
workflow_call:
inputs:
nox-session:
required: true
type: string
description: The nox session to run
salt-version:
type: string
required: true
description: The Salt version to set prior to running tests.
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
nox-version:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
linux-dependencies:
name: Linux
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
<%- for arch, build_distro_slug in build_ci_deps_listing["linux"] %>
- distro-slug: <{ build_distro_slug }>
arch: <{ arch }>
<%- endfor %>
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
- name: Get Salt Project GitHub Actions Bot Environment
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-linux-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.linux.${{ matrix.arch }}.tar.*
macos-dependencies:
name: MacOS
runs-on: ${{ matrix.distro-slug }}
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
<%- for arch, build_distro_slug in build_ci_deps_listing["macos"] %>
- distro-slug: <{ build_distro_slug }>
arch: <{ arch }>
<%- endfor %>
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/setup-python@v4
with:
python-version: "${{ inputs.python-version }}"
- name: Install System Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
brew install openssl@3
- name: Install Nox
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
env:
PRINT_TEST_SELECTION: "0"
PRINT_SYSTEM_INFO: "0"
run: |
export PYCURL_SSL_LIBRARY=openssl
export LDFLAGS="-L/usr/local/opt/openssl@3/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@3/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig"
nox --install-only -e ${{ inputs.nox-session }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e "pre-archive-cleanup(pkg=False)"
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e compress-dependencies -- macos ${{ matrix.arch }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-macos-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.macos.${{ matrix.arch }}.tar.*
windows-dependencies:
name: Windows
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
<%- for arch, build_distro_slug in build_ci_deps_listing["windows"] %>
- distro-slug: <{ build_distro_slug }>
arch: <{ arch }>
<%- endfor %>
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
- name: Get Salt Project GitHub Actions Bot Environment
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-windows-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.windows.${{ matrix.arch }}.tar.*

2
.github/workflows/templates/build-macos-repo.yml.jinja vendored
View file

@ -28,7 +28,7 @@
- name: Download macOS Arch64 Packages
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-aarch64-macos
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-arm64-macos
path: artifacts/pkgs/incoming
- name: Setup GnuPG

8
.github/workflows/templates/build-onedir-repo.yml.jinja vendored
View file

@ -25,22 +25,22 @@
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-x86_64.tar.xz
path: artifacts/pkgs/incoming
- name: Download Linux aarch64 Onedir Archive
- name: Download Linux arm64 Onedir Archive
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-aarch64.tar.xz
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-arm64.tar.xz
path: artifacts/pkgs/incoming
- name: Download macOS x86_64 Onedir Archive
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-x86_64.tar.xz
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-x86_64.tar.xz
path: artifacts/pkgs/incoming
- name: Download macOS arm64 Onedir Archive
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-aarch64.tar.xz
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-arm64.tar.xz
path: artifacts/pkgs/incoming
- name: Download Windows amd64 Onedir Archive

25
.github/workflows/templates/build-packages.yml.jinja vendored
View file

@ -1,38 +1,27 @@
<%- for platform, pkg_type, display_name, runner_type in (
("linux", "rpm", "RPM", "self-hosted"),
("linux", "deb", "DEB", "self-hosted"),
("windows", "windows", "Windows", "github-hosted"),
("macos", "macos", "macOS", "github-hosted"),
) %>
<%- for backend in ("onedir", "src") %>
<%- set job_name = "build-{}-pkgs-{}".format(pkg_type, backend) %>
<%- set job_name = "build-pkgs-{}".format(backend) %>
<%- if backend == "src" %>
<%- do conclusion_needs.append(job_name) %>
<%- endif %>
<{ job_name }>:
name: Build Packages
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['<{ runner_type }>'] }}
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-salt-onedir-<{ platform }>
uses: ./.github/workflows/build-<{ pkg_type }>-packages.yml
- build-salt-onedir
uses: ./.github/workflows/build-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
relenv-version: "<{ relenv_version }>"
python-version: "<{ python_version }>"
source: "<{ backend }>"
<%- if pkg_type in ("macos", "windows") and gh_environment %>
<%- if gh_environment %>
environment: <{ gh_environment }>
<%- if pkg_type == "macos" %>
sign-packages: true
<%- else %>
sign-packages: <% if gh_environment == 'nightly' -%> false <%- else -%> ${{ inputs.sign-windows-packages }} <%- endif %>
<%- endif %>
sign-macos-packages: true
sign-windows-packages: <% if gh_environment == 'nightly' -%> false <%- else -%> ${{ inputs.sign-windows-packages }} <%- endif %>
secrets: inherit
<%- endif %>
<%- endfor %>
<%- endfor %>

6
.github/workflows/templates/build-repos.yml.jinja vendored
View file

@ -20,11 +20,9 @@
needs:
- prepare-workflow
<%- if type not in ("src", "onedir") %>
- build-<{ type }>-pkgs-onedir
- build-pkgs-onedir
<%- elif type == 'onedir' %>
- build-salt-onedir-linux
- build-salt-onedir-macos
- build-salt-onedir-windows
- build-salt-onedir
<%- elif type == 'src' %>
- build-source-tarball
<%- endif %>

2
.github/workflows/templates/build-rpm-repo.yml.jinja vendored
View file

@ -66,7 +66,7 @@
- name: Download RPM Packages
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}-rpm
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm
path: artifacts/pkgs/incoming
- name: Setup GnuPG

27
.github/workflows/templates/ci.yml.jinja vendored
View file

@ -52,7 +52,7 @@
- x86_64
<%- else %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
<%- endif %>
needs:
- prepare-workflow
@ -210,7 +210,7 @@
needs:
- prepare-workflow
- prepare-release
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
@ -240,16 +240,14 @@
<%- set job_name = "build-deps-onedir" %>
<%- if includes.get(job_name, True) %>
<%- for platform in ("linux", "windows", "macos") %>
<%- set platform_job_name = "{}-{}".format(job_name, platform) %>
<{ platform_job_name }>:
<%- do conclusion_needs.append(platform_job_name) %>
<{ job_name }>:
<%- do conclusion_needs.append(job_name) %>
name: Build Dependencies Onedir
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
uses: ./.github/workflows/build-deps-onedir-<{ platform }>.yml
uses: ./.github/workflows/build-deps-onedir.yml
with:
cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }}
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
@ -258,24 +256,21 @@
relenv-version: "<{ relenv_version }>"
python-version: "<{ python_version }>"
<%- endfor %>
<%- endif %>
<%- set job_name = "build-salt-onedir" %>
<%- if includes.get(job_name, True) %>
<%- for platform in ("linux", "windows", "macos") %>
<%- set platform_job_name = "{}-{}".format(job_name, platform) %>
<{ platform_job_name }>:
<%- do conclusion_needs.append(platform_job_name) %>
<{ job_name }>:
<%- do conclusion_needs.append(job_name) %>
name: Build Salt Onedir
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] }}
needs:
- prepare-workflow
- build-deps-onedir-<{ platform }>
- build-deps-onedir
- build-source-tarball
uses: ./.github/workflows/build-salt-onedir-<{ platform }>.yml
uses: ./.github/workflows/build-salt-onedir.yml
with:
cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }}
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
@ -284,7 +279,6 @@
relenv-version: "<{ relenv_version }>"
python-version: "<{ python_version }>"
<%- endfor %>
<%- endif %>
@ -314,7 +308,7 @@
<%- do conclusion_needs.append("combine-all-code-coverage") %>
name: Combine Code Coverage
if: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] == false }}
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- prepare-workflow
<%- for need in test_salt_needs.iter(consume=False) %>
@ -324,7 +318,6 @@
- uses: actions/checkout@v4
- name: Set up Python 3.10
if: ${{ github.event.repository.private == false }}
uses: actions/setup-python@v4
with:
python-version: "3.10"

10
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -75,7 +75,7 @@ jobs:
prepare-workflow:
name: Prepare Workflow Run
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
<%- if prepare_workflow_if_check %>
if: <{ prepare_workflow_if_check }>
<%- endif %>
@ -97,6 +97,7 @@ jobs:
releases: ${{ steps.get-salt-releases.outputs.releases }}
release-changelog-target: ${{ steps.get-release-changelog-target.outputs.release-changelog-target }}
testing-releases: ${{ steps.get-testing-releases.outputs.testing-releases }}
nox-archive-hash: ${{ steps.nox-archive-hash.outputs.nox-archive-hash }}
steps:
- uses: actions/checkout@v4
with:
@ -213,6 +214,11 @@ jobs:
run: |
tools ci get-pr-test-labels --repository ${{ github.repository }}
- name: Get Hash For Nox Tarball Cache
id: nox-archive-hash
run: |
echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT"
<%- if prepare_actual_release %>
- name: Check Existing Releases
@ -343,7 +349,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
<%- if workflow_slug == "nightly" %>
environment: <{ workflow_slug }>
<%- endif %>

2
.github/workflows/templates/nightly.yml.jinja vendored
View file

@ -58,7 +58,7 @@ concurrency:
<%- do conclusion_needs.append('notify-slack') %>
notify-slack:
name: Notify Slack
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: <{ gh_environment }>
needs:
<%- for need in prepare_workflow_needs.iter(consume=False) %>

16
.github/workflows/templates/release.yml.jinja vendored
View file

@ -52,7 +52,7 @@ permissions:
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: <{ gh_environment }>-check
steps:
- name: Check For Admin Permission
@ -86,6 +86,7 @@ permissions:
cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }}
latest-release: ${{ steps.get-salt-releases.outputs.latest-release }}
releases: ${{ steps.get-salt-releases.outputs.releases }}
nox-archive-hash: ${{ steps.nox-archive-hash.outputs.nox-archive-hash }}
steps:
- uses: actions/checkout@v4
with:
@ -144,6 +145,11 @@ permissions:
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Get Hash For Nox Tarball Cache
id: nox-archive-hash
run: |
echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT"
<%- endblock prepare_workflow_job %>
<%- endif %>
@ -166,15 +172,15 @@ permissions:
- platform: linux
arch: x86_64
- platform: linux
arch: aarch64
arch: arm64
- platform: windows
arch: amd64
- platform: windows
arch: x86
- platform: darwin
- platform: macos
arch: x86_64
- platform: darwin
arch: aarch64
- platform: macos
arch: arm64
steps:
- uses: actions/checkout@v4

2
.github/workflows/templates/staging.yml.jinja vendored
View file

@ -66,7 +66,7 @@ concurrency:
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: <{ gh_environment }>-check
steps:
- name: Check For Admin Permission

38
.github/workflows/templates/test-package-downloads-action.yml.jinja vendored
View file

@ -23,6 +23,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -84,7 +88,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -92,15 +96,13 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
@ -318,7 +320,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Install System Dependencies
@ -330,7 +332,7 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
@ -342,19 +344,17 @@ jobs:
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ matrix.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ matrix.arch }}
- name: Show System Info & Test Plan
env:
@ -545,13 +545,11 @@ jobs:
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true

5
.github/workflows/templates/test-salt-pkg-repo-downloads.yml.jinja vendored
View file

@ -19,9 +19,7 @@
<%- if gh_environment == "release" %>
- download-onedir-artifact
<%- else %>
- build-salt-onedir-linux
- build-salt-onedir-macos
- build-salt-onedir-windows
- build-salt-onedir
<%- endif %>
uses: ./.github/workflows/test-package-downloads-action.yml
with:
@ -33,4 +31,5 @@
python-version: "<{ gh_actions_workflows_python_version }>"
skip-code-coverage: true
latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}"
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
secrets: inherit

21
.github/workflows/templates/test-salt-pkg.yml.jinja vendored
View file

@ -7,9 +7,9 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-<{ pkg_type }>-pkgs-onedir
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-packages-action.yml
- build-pkgs-onedir
- build-ci-deps
uses: ./.github/workflows/test-packages-action-linux.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -23,6 +23,7 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- if fips == "fips" %>
fips: true
<%- endif %>
@ -40,13 +41,13 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
needs:
- prepare-workflow
- build-macos-pkgs-onedir
- <{ slug.replace(".", "") }>-ci-deps
- build-pkgs-onedir
- build-ci-deps
uses: ./.github/workflows/test-packages-action-macos.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
platform: macos
arch: <{ arch }>
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
pkg-type: macos
@ -56,6 +57,7 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
@ -70,9 +72,9 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-windows-pkgs-onedir
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-packages-action.yml
- build-pkgs-onedir
- build-ci-deps
uses: ./.github/workflows/test-packages-action-windows.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -86,6 +88,7 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
<%- endfor %>

15
.github/workflows/templates/test-salt.yml.jinja vendored
View file

@ -14,8 +14,8 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-action.yml
- build-ci-deps
uses: ./.github/workflows/test-action-windows.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -30,6 +30,7 @@
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ windows_full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
@ -42,12 +43,12 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
needs:
- prepare-workflow
- <{ slug.replace(".", "") }>-ci-deps
- build-ci-deps
uses: ./.github/workflows/test-action-macos.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
platform: macos
arch: <{ arch }>
nox-version: <{ nox_version }>
gh-actions-python-version: "<{ gh_actions_workflows_python_version }>"
@ -58,6 +59,7 @@
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
@ -69,8 +71,8 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-action.yml
- build-ci-deps
uses: ./.github/workflows/test-action-linux.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -85,6 +87,7 @@
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- if fips == "fips" %>
fips: true
<%- endif %>

2
.github/workflows/templates/trigger-branch-workflows.yml.jinja vendored
View file

@ -7,7 +7,7 @@
<%- do conclusion_needs.append(job_name) %>
name: Trigger Branch Workflows
if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- workflow-requirements
steps:

2
.github/workflows/templates/workflow-requirements-check.yml.jinja vendored
View file

@ -4,7 +4,7 @@
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Workflow Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
outputs:
requirements-met: ${{ steps.check-requirements.outputs.requirements-met }}
steps:

17
.github/workflows/test-action.yml → .github/workflows/test-action-linux.yml vendored
View file

@ -40,6 +40,10 @@ on:
required: true
type: number
description: Timeout, in minutes, for the test job
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
gh-actions-python-version:
required: false
type: string
@ -82,10 +86,7 @@ jobs:
generate-matrix:
name: Test Matrix
runs-on:
- self-hosted
- linux
- x86_64
runs-on: ubuntu-latest
outputs:
matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
steps:
@ -152,13 +153,11 @@ jobs:
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true

18
.github/workflows/test-action-macos.yml vendored
View file

@ -45,6 +45,10 @@ on:
required: true
type: number
description: Timeout, in minutes, for the test job
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
package-name:
required: false
type: string
@ -75,7 +79,7 @@ jobs:
generate-matrix:
name: Test Matrix
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
outputs:
matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
steps:
@ -142,13 +146,11 @@ jobs:
run: |
brew install tree
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
@ -163,7 +165,7 @@ jobs:
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ inputs.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ inputs.arch }}
- name: Download testrun-changed-files.txt
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }}
@ -380,7 +382,7 @@ jobs:
report:
name: Test Reports
if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- test

395
.github/workflows/test-action-windows.yml vendored Normal file
View file

@ -0,0 +1,395 @@
---
name: Test Artifact
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
nox-session:
required: true
type: string
description: The nox session to run
testrun:
required: true
type: string
description: JSON string containing information about what and how to run the test suite
salt-version:
type: string
required: true
description: The Salt version to set prior to running tests.
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
nox-version:
required: true
type: string
description: The nox version to install
timeout-minutes:
required: true
type: number
description: Timeout, in minutes, for the test job
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
gh-actions-python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
fips:
required: false
type: boolean
default: false
description: Test run with FIPS enabled
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
skip-code-coverage:
required: false
type: boolean
description: Skip code coverage
default: false
skip-junit-reports:
required: false
type: boolean
description: Skip Publishing JUnit Reports
default: false
workflow-slug:
required: false
type: string
description: Which workflow is running.
default: ci
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
generate-matrix:
name: Test Matrix
runs-on: ubuntu-latest
outputs:
matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Test Matrix
id: generate-matrix
run: |
tools ci matrix --workflow=${{ inputs.workflow-slug }} ${{ fromJSON(inputs.testrun)['type'] == 'full' && '--full ' || '' }}${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }}
test:
name: Test
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: ${{ inputs.timeout-minutes }}
needs:
- generate-matrix
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include) }}
env:
SALT_TRANSPORT: ${{ matrix.transport }}
TEST_GROUP: ${{ matrix.test-group || 1 }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Setup Salt Version
run: |
echo "${{ inputs.salt-version }}" > salt/_version.txt
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Download cached nox.windows.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: PyPi Proxy
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Download testrun-changed-files.txt
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }}
uses: actions/download-artifact@v3
with:
name: testrun-changed-files.txt
- name: Get Salt Project GitHub Actions Bot Environment
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
id: spin-up-vm
env:
TESTS_CHUNK: ${{ matrix.tests-chunk }}
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
- name: List Free Space
run: |
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
run: |
tools --timestamps vm rsync ${{ inputs.distro-slug }}
- name: Decompress .nox Directory
run: |
tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }}
- name: Show System Info & Test Plan
run: |
tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }}
- name: Run Fast/Changed Tests
id: run-fast-changed-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['fast'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
- name: Run Slow/Changed Tests
id: run-slow-changed-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['slow'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
- name: Run Core/Changed Tests
id: run-core-changed-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['core'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
- name: Run Fast Tests
id: run-fast-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['fast'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }}
- name: Run Slow Tests
id: run-slow-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['slow'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests
- name: Run Core Tests
id: run-core-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['core'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests
- name: Run Flaky Tests
id: run-flaky-tests
if: ${{ fromJSON(inputs.testrun)['selected_tests']['flaky'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --flaky-jail
- name: Run Full Tests
id: run-full-tests
if: ${{ fromJSON(inputs.testrun)['type'] == 'full' }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
-E TEST_GROUP ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} -- --slow-tests --core-tests \
--test-group-count=${{ matrix.test-group-count || 1 }} --test-group=${{ matrix.test-group || 1 }}
- name: Combine Coverage Reports
if: always() && inputs.skip-code-coverage == false && steps.spin-up-vm.outcome == 'success'
run: |
tools --timestamps vm combine-coverage ${{ inputs.distro-slug }}
- name: Download Test Run Artifacts
id: download-artifacts-from-vm
if: always() && steps.spin-up-vm.outcome == 'success'
run: |
tools --timestamps vm download-artifacts ${{ inputs.distro-slug }}
# Delete the salt onedir, we won't need it anymore and it will prevent
# from it showing in the tree command below
rm -rf artifacts/salt*
tree -a artifacts
if [ "${{ inputs.skip-code-coverage }}" != "true" ]; then
mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ inputs.nox-session }}.${{ matrix.transport }}.${{ matrix.tests-chunk }}.grp${{ matrix.test-group || '1' }}
fi
- name: Destroy VM
if: always()
run: |
tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true
- name: Upload Code Coverage Test Run Artifacts
if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
uses: actions/upload-artifact@v3
with:
name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: |
artifacts/coverage/
- name: Upload JUnit XML Test Run Artifacts
if: always() && steps.download-artifacts-from-vm.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
path: |
artifacts/xml-unittests-output/
- name: Upload Test Run Log Artifacts
if: always() && steps.download-artifacts-from-vm.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
path: |
artifacts/logs
- name: Publish Test Report
uses: mikepenz/action-junit-report@v3
# always run even if the previous steps fails
if: always() && inputs.skip-junit-reports == false && job.status != 'cancelled'
with:
check_name: Test Results(${{ inputs.distro-slug }}, transport=${{ matrix.transport }}, tests-chunk=${{ matrix.tests-chunk }}, group=${{ matrix.test-group || '1' }})
report_paths: 'artifacts/xml-unittests-output/*.xml'
annotate_only: true
report:
name: Test Reports
if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
runs-on:
- self-hosted
- linux
- x86_64
needs:
- test
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Download Code Coverage Test Run Artifacts
uses: actions/download-artifact@v3
if: ${{ inputs.skip-code-coverage == false }}
id: download-coverage-artifacts
with:
name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: artifacts/coverage/
- name: Show Downloaded Test Run Artifacts
run: |
tree -a artifacts
- name: Install Nox
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Create XML Coverage Reports
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' && job.status != 'cancelled'
run: |
nox --force-color -e create-xml-coverage-reports
mv artifacts/coverage/salt.xml artifacts/coverage/salt..${{ inputs.distro-slug }}..${{ inputs.nox-session }}.xml
mv artifacts/coverage/tests.xml artifacts/coverage/tests..${{ inputs.distro-slug }}..${{ inputs.nox-session }}.xml
- name: Report Salt Code Coverage
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
continue-on-error: true
run: |
nox --force-color -e report-coverage -- salt
- name: Report Combined Code Coverage
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
continue-on-error: true
run: |
nox --force-color -e report-coverage
- name: Rename Code Coverage DB
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
continue-on-error: true
run: |
mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ inputs.nox-session }}
- name: Upload Code Coverage DB
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: all-testrun-coverage-artifacts
path: artifacts/coverage

63
.github/workflows/test-package-downloads-action.yml vendored
View file

@ -23,6 +23,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -131,17 +135,20 @@ jobs:
- distro-slug: debian-10
arch: x86_64
pkg-type: package
- distro-slug: debian-10-arm64
arch: arm64
pkg-type: package
- distro-slug: debian-11
arch: x86_64
pkg-type: package
- distro-slug: debian-11-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: debian-12
arch: x86_64
pkg-type: package
- distro-slug: debian-12-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: fedora-37
arch: x86_64
@ -192,20 +199,26 @@ jobs:
arch: x86_64
pkg-type: package
- distro-slug: ubuntu-20.04-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: ubuntu-22.04
arch: x86_64
pkg-type: package
- distro-slug: ubuntu-22.04-arm64
arch: aarch64
pkg-type: package
- distro-slug: ubuntu-22.04
arch: x86_64
pkg-type: onedir
- distro-slug: ubuntu-22.04-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: ubuntu-22.04-arm64
arch: arm64
pkg-type: onedir
- distro-slug: ubuntu-23.04
arch: x86_64
pkg-type: package
- distro-slug: ubuntu-23.04-arm64
arch: arm64
pkg-type: package
steps:
@ -220,7 +233,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -228,15 +241,13 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
@ -445,7 +456,7 @@ jobs:
arch: arm64
pkg-type: package
- distro-slug: macos-13-xlarge
arch: aarch64
arch: arm64
pkg-type: onedir
steps:
@ -461,7 +472,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Install System Dependencies
@ -473,7 +484,7 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
@ -485,19 +496,17 @@ jobs:
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ matrix.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ matrix.arch }}
- name: Show System Info & Test Plan
env:
@ -692,13 +701,11 @@ jobs:
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true

14
.github/workflows/test-packages-action.yml → .github/workflows/test-packages-action-linux.yml vendored
View file

@ -35,6 +35,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -78,6 +82,8 @@ jobs:
generate-matrix:
name: Generate Matrix
runs-on:
# We need to run on our self-hosted runners because we need proper credentials
# for boto3 to scan through our repositories.
- self-hosted
- linux
- x86_64
@ -152,13 +158,11 @@ jobs:
run: |
tree artifacts/pkg/
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true

18
.github/workflows/test-packages-action-macos.yml vendored
View file

@ -35,6 +35,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -71,6 +75,8 @@ jobs:
generate-matrix:
name: Generate Matrix
runs-on:
# We need to run on our self-hosted runners because we need proper credentials
# for boto3 to scan through our repositories.
- self-hosted
- linux
- x86_64
@ -154,19 +160,17 @@ jobs:
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ inputs.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ inputs.arch }}
- name: Show System Info & Test Plan
env:
@ -220,7 +224,7 @@ jobs:
report:
name: Report
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
needs:
- test

279
.github/workflows/test-packages-action-windows.yml vendored Normal file
View file

@ -0,0 +1,279 @@
name: Test Artifact
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
pkg-type:
required: true
type: string
description: The platform arch being tested
salt-version:
type: string
required: true
description: The Salt version of the packages to install and test
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
testing-releases:
required: true
type: string
description: A JSON list of releases to test upgrades against
nox-version:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
fips:
required: false
type: boolean
default: false
description: Test run with FIPS enabled
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
nox-session:
required: false
type: string
description: The nox session to run
default: ci-test-onedir
skip-code-coverage:
required: false
type: boolean
description: Skip code coverage
default: false
skip-junit-reports:
required: false
type: boolean
description: Skip Publishing JUnit Reports
default: false
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
generate-matrix:
name: Generate Matrix
runs-on:
# We need to run on our self-hosted runners because we need proper credentials
# for boto3 to scan through our repositories.
- self-hosted
- linux
- x86_64
outputs:
pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Package Test Matrix
id: generate-pkg-matrix
run: |
tools ci pkg-matrix ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ inputs.pkg-type }} --testing-releases ${{ join(fromJSON(inputs.testing-releases), ' ') }}
test:
name: Test
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 120 # 2 Hours - More than this and something is wrong
needs:
- generate-matrix
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Download Packages
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-${{ inputs.arch }}-${{ inputs.pkg-type }}
path: artifacts/pkg/
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: List Packages
run: |
tree artifacts/pkg/
- name: Download cached nox.windows.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
- name: List Free Space
run: |
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
run: |
tools --timestamps vm rsync ${{ inputs.distro-slug }}
- name: Decompress .nox Directory
run: |
tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }}
- name: Downgrade importlib-metadata
if: ${{ contains(fromJSON('["amazonlinux-2", "centos-7", "debian-10"]'), inputs.distro-slug) && contains(fromJSON('["upgrade-classic", "downgrade-classic"]'), matrix.tests-chunk) }}
run: |
# This step can go away once we stop testing classic packages upgrade/downgrades to/from 3005.x
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- "sudo python3 -m pip install -U 'importlib-metadata<=4.13.0' 'virtualenv<=20.21.1'"
- name: Show System Info & Test Plan
run: |
tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \
--nox-session=${{ inputs.nox-session }}-pkgs ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Run Package Tests
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install ${{ matrix.fips && '--fips ' || '' }}\
--nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Download Test Run Artifacts
id: download-artifacts-from-vm
if: always() && steps.spin-up-vm.outcome == 'success'
run: |
tools --timestamps vm download-artifacts ${{ inputs.distro-slug }}
# Delete the salt onedir, we won't need it anymore and it will prevent
# from it showing in the tree command below
rm -rf artifacts/salt*
tree -a artifacts
- name: Destroy VM
if: always()
run: |
tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true
- name: Upload Test Run Artifacts
if: always() && steps.download-artifacts-from-vm.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: |
artifacts
!artifacts/pkg/*
!artifacts/salt/*
!artifacts/salt-*.tar.*
report:
name: Report
runs-on:
- self-hosted
- linux
- x86_64
if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
needs:
- test
- generate-matrix
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }}
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Download Test Run Artifacts
id: download-test-run-artifacts
uses: actions/download-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: artifacts
- name: Show Test Run Artifacts
if: always() && steps.download-test-run-artifacts.outcome == 'success'
run: |
tree -a artifacts
- name: Publish Test Report
uses: mikepenz/action-junit-report@v3
# always run even if the previous steps fails
if: always() && inputs.skip-junit-reports == false && steps.download-test-run-artifacts.outcome == 'success'
with:
check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.tests-chunk }})
report_paths: 'artifacts/xml-unittests-output/*.xml'
annotate_only: true

2
.github/workflows/triage.yml vendored
View file

@ -22,7 +22,7 @@ jobs:
issues: write
pull-requests: read # for dawidd6/action-download-artifact to query commit hash
name: Triage New Issue
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

1
changelog/63063.fixed.md Normal file
View file

@ -0,0 +1 @@
Corrected encoding of credentials for use with Artifactory

1
changelog/65752.fixed.md Normal file
View file

@ -0,0 +1 @@
Fix nonsensical time in fileclient timeout error.

1
changelog/65759.fixed.md Normal file
View file

@ -0,0 +1 @@
Fix un-closed transport in tornado netapi

59
noxfile.py
View file

@ -1230,14 +1230,29 @@ def coverage_report(session):
def decompress_dependencies(session):
if not session.posargs:
session.error(
"Please pass the distro-slug to run tests against. "
"Check cicd/images.yml for what's available."
"The 'decompress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
distro_slug = session.posargs.pop(0)
if "windows" in distro_slug:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.gz"
try:
platform = session.posargs.pop(0)
arch = session.posargs.pop(0)
if session.posargs:
session.error(
"The 'decompress-dependencies' session target only accepts "
"two arguments, '<platform> <arch>'."
)
except IndexError:
session.error(
"The 'decompress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
if platform == "windows":
extension = "tar.gz"
scripts_dir_name = "Scripts"
else:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.xz"
extension = "tar.xz"
scripts_dir_name = "bin"
nox_dependencies_tarball = f"nox.{platform}.{arch}.{extension}"
nox_dependencies_tarball_path = REPO_ROOT / nox_dependencies_tarball
if not nox_dependencies_tarball_path.exists():
session.error(
@ -1251,10 +1266,7 @@ def decompress_dependencies(session):
session.log("Finding broken 'python' symlinks under '.nox/' ...")
for dirname in os.scandir(REPO_ROOT / ".nox"):
if "windows" not in distro_slug:
scan_path = REPO_ROOT.joinpath(".nox", dirname, "bin")
else:
scan_path = REPO_ROOT.joinpath(".nox", dirname, "Scripts")
scan_path = REPO_ROOT.joinpath(".nox", dirname, scripts_dir_name)
script_paths = {str(p): p for p in os.scandir(scan_path)}
fixed_shebang = f"#!{scan_path / 'python'}"
for key in sorted(script_paths):
@ -1285,7 +1297,7 @@ def decompress_dependencies(session):
continue
if not path.is_file():
continue
if "windows" not in distro_slug:
if platform != "windows":
# Let's try to fix shebang's
try:
fpath = pathlib.Path(path)
@ -1308,14 +1320,27 @@ def decompress_dependencies(session):
def compress_dependencies(session):
if not session.posargs:
session.error(
"Please pass the distro-slug to run tests against. "
"Check cicd/images.yml for what's available."
"The 'compress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
distro_slug = session.posargs.pop(0)
if IS_WINDOWS:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.gz"
try:
platform = session.posargs.pop(0)
arch = session.posargs.pop(0)
if session.posargs:
session.error(
"The 'compress-dependencies' session target only accepts "
"two arguments, '<platform> <arch>'."
)
except IndexError:
session.error(
"The 'compress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
if platform == "windows":
extension = "tar.gz"
else:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.xz"
extension = "tar.xz"
nox_dependencies_tarball = f"nox.{platform}.{arch}.{extension}"
nox_dependencies_tarball_path = REPO_ROOT / nox_dependencies_tarball
if nox_dependencies_tarball_path.exists():
session_warn(

4
pkg/debian/rules
View file

@ -24,8 +24,8 @@ override_dh_auto_build:
export FETCH_RELENV_VERSION=$${SALT_RELENV_VERSION}
export PY=$$(build/onedir/venv/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()') \
&& build/onedir/venv/bin/python3 -m pip install -r requirements/static/ci/py$${PY}/tools.txt
build/onedir/venv/bin/relenv fetch --arch=$${SALT_PACKAGE_ARCH} --python=$${SALT_PYTHON_VERSION}
build/onedir/venv/bin/relenv toolchain fetch --arch=$${SALT_PACKAGE_ARCH}
build/onedir/venv/bin/relenv fetch --python=$${SALT_PYTHON_VERSION}
build/onedir/venv/bin/relenv toolchain fetch
build/onedir/venv/bin/tools pkg build onedir-dependencies --arch $${SALT_PACKAGE_ARCH} --relenv-version=$${SALT_RELENV_VERSION} --python-version $${SALT_PYTHON_VERSION} --package-name build/onedir/salt --platform linux
# Fix any hardcoded paths to the relenv python binary on any of the scripts installed in the <onedir>/bin directory

4
pkg/rpm/salt.spec
View file

@ -169,8 +169,8 @@ cd $RPM_BUILD_DIR
export FETCH_RELENV_VERSION=${SALT_RELENV_VERSION}
export PY=$(build/venv/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()')
build/venv/bin/python3 -m pip install -r %{_salt_src}/requirements/static/ci/py${PY}/tools.txt
build/venv/bin/relenv fetch --arch=${SALT_PACKAGE_ARCH} --python=${SALT_PYTHON_VERSION}
build/venv/bin/relenv toolchain fetch --arch=${SALT_PACKAGE_ARCH}
build/venv/bin/relenv fetch --python=${SALT_PYTHON_VERSION}
build/venv/bin/relenv toolchain fetch
cd %{_salt_src}
$RPM_BUILD_DIR/build/venv/bin/tools pkg build onedir-dependencies --arch ${SALT_PACKAGE_ARCH} --relenv-version=${SALT_RELENV_VERSION} --python-version ${SALT_PYTHON_VERSION} --package-name $RPM_BUILD_DIR/build/salt --platform linux

2
requirements/static/ci/py3.10/darwin.txt
View file

@ -284,7 +284,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

2
requirements/static/ci/py3.10/freebsd.txt
View file

@ -287,7 +287,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.10/linux.txt
View file

@ -313,7 +313,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.11/darwin.txt
View file

@ -282,7 +282,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

2
requirements/static/ci/py3.11/freebsd.txt
View file

@ -285,7 +285,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.11/linux.txt
View file

@ -309,7 +309,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.12/cloud.txt
View file

@ -398,7 +398,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/static/ci/common.in

2
requirements/static/ci/py3.12/darwin.txt
View file

@ -276,7 +276,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

2
requirements/static/ci/py3.12/freebsd.txt
View file

@ -285,7 +285,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.12/lint.txt
View file

@ -423,7 +423,7 @@ packaging==23.1
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/base.txt
# ansible-core
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/static/ci/common.in

2
requirements/static/ci/py3.12/linux.txt
View file

@ -309,7 +309,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.8/freebsd.txt
View file

@ -291,7 +291,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.8/linux.txt
View file

@ -317,7 +317,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.9/darwin.txt
View file

@ -284,7 +284,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

2
requirements/static/ci/py3.9/freebsd.txt
View file

@ -287,7 +287,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.9/linux.txt
View file

@ -315,7 +315,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
salt/fileclient.py
View file

@ -1150,7 +1150,7 @@ class RemoteClient(Client):
)
except salt.exceptions.SaltReqTimeoutError:
raise SaltClientError(
f"File client timed out after {int(time.time() - start)}"
f"File client timed out after {int(time.monotonic() - start)} seconds"
)
def destroy(self):

3
salt/netapi/rest_tornado/saltnado.py
View file

@ -395,6 +395,9 @@ class EventListener:
)
del self.timeout_map[future]
def destroy(self):
self.event.destroy()
class BaseSaltAPIHandler(tornado.web.RequestHandler): # pylint: disable=W0223
ct_out_map = (

6
tests/pytests/integration/netapi/rest_tornado/conftest.py
View file

@ -18,9 +18,13 @@ def client_config(client_config, netapi_port):
@pytest.fixture
def app(app_urls, load_auth, client_config, minion_config, salt_sub_minion):
return netapi.build_tornado_app(
app = netapi.build_tornado_app(
app_urls, load_auth, client_config, minion_config, setup_event_listener=True
)
try:
yield app
finally:
app.event_listener.destroy()
@pytest.fixture

3
tests/pytests/unit/fileclient/test_fileclient.py
View file

@ -126,7 +126,8 @@ def test_fileclient_timeout(minion_opts, master_opts):
# Crypticle must return bytes to pass to transport.RequestClient.send
client.auth._crypticle = Mock()
client.auth._crypticle.dumps = mock_dumps
with pytest.raises(salt.exceptions.SaltClientError):
msg = r"^File client timed out after \d{1,4} seconds$"
with pytest.raises(salt.exceptions.SaltClientError, match=msg):
client.file_list()

1
tests/pytests/unit/pillar/test_pillar.py
View file

@ -173,5 +173,6 @@ def test_remote_pillar_timeout(temp_salt_minion, tmp_path):
mock = MagicMock()
mock.side_effect = salt.exceptions.SaltReqTimeoutError()
pillar.channel.crypted_transfer_decode_dictentry = mock
msg = r"^Pillar timed out after \d{1,4} seconds$"
with pytest.raises(salt.exceptions.SaltClientError):
pillar.compile_pillar()

8
tools/pkg/build.py
View file

@ -444,7 +444,7 @@ def windows(
arguments={
"arch": {
"help": "The architecture to build the package for",
"choices": ("x86_64", "aarch64", "x86", "amd64"),
"choices": ("x86_64", "arm64", "x86", "amd64"),
"required": True,
},
"python_version": {
@ -483,8 +483,8 @@ def onedir_dependencies(
assert package_name is not None
assert platform is not None
if platform in ("macos", "darwin") and arch == "aarch64":
arch = "arm64"
if platform not in ("macos", "darwin") and arch == "arm64":
arch = "aarch64"
shared_constants = _get_shared_constants()
if not python_version:
@ -559,7 +559,7 @@ def onedir_dependencies(
/ "static"
/ "pkg"
/ f"py{requirements_version}"
/ f"{platform}.txt"
/ f"{platform if platform != 'macos' else 'darwin'}.txt"
)
_check_pkg_build_files_exist(ctx, requirements_file=requirements_file)

144
tools/precommit/workflows.py
View file

@ -4,6 +4,7 @@ These commands are used for our GitHub Actions workflows.
# pylint: disable=resource-leakage,broad-except,3rd-party-module-not-gated
from __future__ import annotations
import json
import logging
import shutil
from typing import TYPE_CHECKING, cast
@ -18,6 +19,8 @@ log = logging.getLogger(__name__)
WORKFLOWS = tools.utils.REPO_ROOT / ".github" / "workflows"
TEMPLATES = WORKFLOWS / "templates"
with tools.utils.REPO_ROOT.joinpath("cicd", "golden-images.json").open() as rfh:
AMIS = json.load(rfh)
# Define the command group
@ -87,42 +90,45 @@ def generate_workflows(ctx: Context):
"Test Package Downloads": {
"template": "test-package-downloads-action.yml",
},
"Build CI Deps": {
"template": "build-deps-ci-action.yml",
},
}
test_salt_listing = {
test_salt_listing: dict[str, list[tuple[str, ...]]] = {
"linux": [
("almalinux-8", "Alma Linux 8", "x86_64", "no-fips"),
("almalinux-9", "Alma Linux 9", "x86_64", "no-fips"),
("amazonlinux-2", "Amazon Linux 2", "x86_64", "no-fips"),
("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "aarch64", "no-fips"),
("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "arm64", "no-fips"),
("amazonlinux-2023", "Amazon Linux 2023", "x86_64", "no-fips"),
("amazonlinux-2023-arm64", "Amazon Linux 2023 Arm64", "aarch64", "no-fips"),
("amazonlinux-2023-arm64", "Amazon Linux 2023 Arm64", "arm64", "no-fips"),
("archlinux-lts", "Arch Linux LTS", "x86_64", "no-fips"),
("centos-7", "CentOS 7", "x86_64", "no-fips"),
("centosstream-8", "CentOS Stream 8", "x86_64", "no-fips"),
("centosstream-9", "CentOS Stream 9", "x86_64", "no-fips"),
("debian-10", "Debian 10", "x86_64", "no-fips"),
("debian-11", "Debian 11", "x86_64", "no-fips"),
("debian-11-arm64", "Debian 11 Arm64", "aarch64", "no-fips"),
("debian-11-arm64", "Debian 11 Arm64", "arm64", "no-fips"),
("debian-12", "Debian 12", "x86_64", "no-fips"),
("debian-12-arm64", "Debian 12 Arm64", "aarch64", "no-fips"),
("debian-12-arm64", "Debian 12 Arm64", "arm64", "no-fips"),
("fedora-37", "Fedora 37", "x86_64", "no-fips"),
("fedora-38", "Fedora 38", "x86_64", "no-fips"),
("opensuse-15", "Opensuse 15", "x86_64", "no-fips"),
("photonos-3", "Photon OS 3", "x86_64", "no-fips"),
("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64", "no-fips"),
("photonos-3-arm64", "Photon OS 3 Arm64", "arm64", "no-fips"),
("photonos-4", "Photon OS 4", "x86_64", "fips"),
("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64", "fips"),
("photonos-4-arm64", "Photon OS 4 Arm64", "arm64", "fips"),
("photonos-5", "Photon OS 5", "x86_64", "fips"),
("photonos-5-arm64", "Photon OS 5 Arm64", "aarch64", "fips"),
("photonos-5-arm64", "Photon OS 5 Arm64", "arm64", "fips"),
("ubuntu-20.04", "Ubuntu 20.04", "x86_64", "no-fips"),
("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64", "no-fips"),
("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "arm64", "no-fips"),
("ubuntu-22.04", "Ubuntu 22.04", "x86_64", "no-fips"),
("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64", "no-fips"),
("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "arm64", "no-fips"),
],
"macos": [
("macos-12", "macOS 12", "x86_64"),
("macos-13", "macOS 13", "x86_64"),
("macos-13-xlarge", "macOS 13 Arm64", "aarch64"),
("macos-13-xlarge", "macOS 13 Arm64", "arm64"),
],
"windows": [
("windows-2016", "Windows 2016", "amd64"),
@ -137,7 +143,7 @@ def generate_workflows(ctx: Context):
(
"amazonlinux-2-arm64",
"Amazon Linux 2 Arm64",
"aarch64",
"arm64",
"rpm",
"no-fips",
),
@ -145,7 +151,7 @@ def generate_workflows(ctx: Context):
(
"amazonlinux-2023-arm64",
"Amazon Linux 2023 Arm64",
"aarch64",
"arm64",
"rpm",
"no-fips",
),
@ -155,30 +161,30 @@ def generate_workflows(ctx: Context):
(
"centosstream-9-arm64",
"CentOS Stream 9 Arm64",
"aarch64",
"arm64",
"rpm",
"no-fips",
),
("debian-10", "Debian 10", "x86_64", "deb", "no-fips"),
("debian-11", "Debian 11", "x86_64", "deb", "no-fips"),
("debian-11-arm64", "Debian 11 Arm64", "aarch64", "deb", "no-fips"),
("debian-11-arm64", "Debian 11 Arm64", "arm64", "deb", "no-fips"),
("debian-12", "Debian 12", "x86_64", "deb", "no-fips"),
("debian-12-arm64", "Debian 12 Arm64", "aarch64", "deb", "no-fips"),
("debian-12-arm64", "Debian 12 Arm64", "arm64", "deb", "no-fips"),
("photonos-3", "Photon OS 3", "x86_64", "rpm", "no-fips"),
("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64", "rpm", "no-fips"),
("photonos-3-arm64", "Photon OS 3 Arm64", "arm64", "rpm", "no-fips"),
("photonos-4", "Photon OS 4", "x86_64", "rpm", "fips"),
("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64", "rpm", "fips"),
("photonos-4-arm64", "Photon OS 4 Arm64", "arm64", "rpm", "fips"),
("photonos-5", "Photon OS 5", "x86_64", "rpm", "fips"),
("photonos-5-arm64", "Photon OS 5 Arm64", "aarch64", "rpm", "fips"),
("photonos-5-arm64", "Photon OS 5 Arm64", "arm64", "rpm", "fips"),
("ubuntu-20.04", "Ubuntu 20.04", "x86_64", "deb", "no-fips"),
("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64", "deb", "no-fips"),
("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "arm64", "deb", "no-fips"),
("ubuntu-22.04", "Ubuntu 22.04", "x86_64", "deb", "no-fips"),
("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64", "deb", "no-fips"),
("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "arm64", "deb", "no-fips"),
],
"macos": [
("macos-12", "macOS 12", "x86_64"),
("macos-13", "macOS 13", "x86_64"),
("macos-13-xlarge", "macOS 13 Arm64", "aarch64"),
("macos-13-xlarge", "macOS 13 Arm64", "arm64"),
],
"windows": [
("windows-2016", "Windows 2016", "amd64"),
@ -189,51 +195,15 @@ def generate_workflows(ctx: Context):
build_ci_deps_listing = {
"linux": [
("almalinux-8", "Alma Linux 8", "x86_64"),
("almalinux-8-arm64", "Alma Linux 8 Arm64", "aarch64"),
("almalinux-9", "Alma Linux 9", "x86_64"),
("almalinux-9-arm64", "Alma Linux 9 Arm64", "aarch64"),
("amazonlinux-2", "Amazon Linux 2", "x86_64"),
("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "aarch64"),
("amazonlinux-2023", "Amazon Linux 2023", "x86_64"),
("amazonlinux-2023-arm64", "Amazon Linux 2023 Arm64", "aarch64"),
("archlinux-lts", "Arch Linux LTS", "x86_64"),
("centos-7", "CentOS 7", "x86_64"),
("centos-7-arm64", "CentOS 7 Arm64", "aarch64"),
("centosstream-8", "CentOS Stream 8", "x86_64"),
("centosstream-8-arm64", "CentOS Stream 8 Arm64", "aarch64"),
("centosstream-9", "CentOS Stream 9", "x86_64"),
("centosstream-9-arm64", "CentOS Stream 9 Arm64", "aarch64"),
("debian-10", "Debian 10", "x86_64"),
("debian-11", "Debian 11", "x86_64"),
("debian-11-arm64", "Debian 11 Arm64", "aarch64"),
("debian-12", "Debian 12", "x86_64"),
("debian-12-arm64", "Debian 12 Arm64", "aarch64"),
("fedora-37", "Fedora 37", "x86_64"),
("fedora-37-arm64", "Fedora 37 Arm64", "aarch64"),
("fedora-38", "Fedora 38", "x86_64"),
("fedora-38-arm64", "Fedora 38 Arm64", "aarch64"),
("opensuse-15", "Opensuse 15", "x86_64"),
("photonos-3", "Photon OS 3", "x86_64"),
("photonos-3-arm64", "Photon OS 3 Arm64", "aarch64"),
("photonos-4", "Photon OS 4", "x86_64"),
("photonos-4-arm64", "Photon OS 4 Arm64", "aarch64"),
("photonos-5", "Photon OS 5", "x86_64"),
("photonos-5-arm64", "Photon OS 5 Arm64", "aarch64"),
("ubuntu-20.04", "Ubuntu 20.04", "x86_64"),
("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64"),
("ubuntu-22.04", "Ubuntu 22.04", "x86_64"),
("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64"),
("x86_64", "centos-7"),
("arm64", "centos-7-arm64"),
],
"macos": [
("macos-12", "macOS 12", "x86_64"),
("macos-13", "macOS 13", "x86_64"),
("macos-13-xlarge", "macOS 13 Arm64", "aarch64"),
("x86_64", "macos-12"),
("arm64", "macos-13-xlarge"),
],
"windows": [
("windows-2016", "Windows 2016", "amd64"),
("windows-2019", "Windows 2019", "amd64"),
("windows-2022", "Windows 2022", "amd64"),
("amd64", "windows-2022"),
],
}
test_salt_pkg_downloads_listing: dict[str, list[tuple[str, str, str]]] = {
@ -241,44 +211,46 @@ def generate_workflows(ctx: Context):
"macos": [],
"windows": [],
}
rpm_slugs = [
rpm_slugs = (
"almalinux",
"amazonlinux",
"centos",
"centosstream",
"fedora",
"photon",
]
for slug, display_name, arch in build_ci_deps_listing["linux"]:
if slug in ("archlinux-lts", "opensuse-15"):
)
linux_skip_pkg_download_tests = (
"archlinux-lts",
"opensuse-15",
"windows",
)
for slug in sorted(AMIS):
if slug.startswith(linux_skip_pkg_download_tests):
continue
test_salt_pkg_downloads_listing["linux"].append((slug, arch, "package"))
# Account for old arm64 repo paths
if arch == "aarch64":
for test_slug in rpm_slugs:
if slug.startswith(test_slug):
test_salt_pkg_downloads_listing["linux"].append(
(slug, "arm64", "package")
)
break
for slug, display_name, arch in build_ci_deps_listing["linux"][-2:]:
if slug in ("archlinux-lts", "opensuse-15"):
continue
test_salt_pkg_downloads_listing["linux"].append((slug, arch, "onedir"))
for slug, display_name, arch in build_ci_deps_listing["macos"]:
if arch == "aarch64":
if "arm64" in slug:
arch = "arm64"
else:
arch = "x86_64"
if slug.startswith(rpm_slugs) and arch == "arm64":
# While we maintain backwards compatible urls
test_salt_pkg_downloads_listing["linux"].append(
(slug, "aarch64", "package")
)
test_salt_pkg_downloads_listing["linux"].append((slug, arch, "package"))
if slug.startswith("ubuntu-22"):
test_salt_pkg_downloads_listing["linux"].append((slug, arch, "onedir"))
for slug, display_name, arch in test_salt_listing["macos"]:
test_salt_pkg_downloads_listing["macos"].append((slug, arch, "package"))
for slug, display_name, arch in build_ci_deps_listing["macos"][-1:]:
for slug, display_name, arch in test_salt_listing["macos"][-1:]:
test_salt_pkg_downloads_listing["macos"].append((slug, arch, "onedir"))
for slug, display_name, arch in build_ci_deps_listing["windows"][-1:]:
for slug, display_name, arch in test_salt_listing["windows"][-1:]:
for pkg_type in ("nsis", "msi", "onedir"):
test_salt_pkg_downloads_listing["windows"].append((slug, arch, pkg_type))
test_salt_pkg_downloads_needs_slugs = set()
for platform in test_salt_pkg_downloads_listing:
for slug, _, _ in test_salt_pkg_downloads_listing[platform]:
test_salt_pkg_downloads_needs_slugs.add(f"{slug.replace('.', '')}-ci-deps")
for _, arch, _ in test_salt_pkg_downloads_listing[platform]:
test_salt_pkg_downloads_needs_slugs.add("build-ci-deps")
env = Environment(
block_start_string="<%",

21
tools/utils/__init__.py
View file

@ -262,3 +262,24 @@ def download_file(
if chunk:
f.write(chunk)
return dest
def get_platform_and_arch_from_slug(slug: str) -> tuple[str, str]:
if "windows" in slug:
platform = "windows"
arch = "amd64"
elif "macos" in slug:
platform = "macos"
if "macos-13" in slug and "xlarge" in slug:
arch = "arm64"
else:
arch = "x86_64"
else:
platform = "linux"
if "arm64" in slug:
arch = "arm64"
elif "aarch64" in slug:
arch = "arm64"
else:
arch = "x86_64"
return platform, arch

12
tools/vm.py
View file

@ -1468,15 +1468,17 @@ class VM:
"""
Compress .nox/ into nox.<vm-name>.tar.* in the VM
"""
return self.run_nox("compress-dependencies", session_args=[self.name])
platform, arch = tools.utils.get_platform_and_arch_from_slug(self.name)
return self.run_nox("compress-dependencies", session_args=[platform, arch])
def decompress_dependencies(self):
"""
Decompress nox.<vm-name>.tar.* if it exists in the VM
"""
env = {"DELETE_NOX_ARCHIVE": "1"}
platform, arch = tools.utils.get_platform_and_arch_from_slug(self.name)
return self.run_nox(
"decompress-dependencies", session_args=[self.name], env=env
"decompress-dependencies", session_args=[platform, arch], env=env
)
def download_dependencies(self):
@ -1484,9 +1486,11 @@ class VM:
Download nox.<vm-name>.tar.* from VM
"""
if self.is_windows:
dependencies_filename = f"nox.{self.name}.tar.gz"
extension = "tar.gz"
else:
dependencies_filename = f"nox.{self.name}.tar.xz"
extension = "tar.xz"
platform, arch = tools.utils.get_platform_and_arch_from_slug(self.name)
dependencies_filename = f"nox.{platform}.{arch}.{extension}"
remote_path = self.upload_path.joinpath(dependencies_filename).as_posix()
if self.is_windows:
for drive in ("c:", "C:"):