saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #65815 from s0undt3ch/hotfix/merge-forward

Browse source 
[master] Merge 3007.x into master
This commit is contained in:
Pedro Algarvio 2024-01-10 05:09:08 +00:00 committed by GitHub
commit 73922a7469
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
139 changed files with 22833 additions and 26056 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

132
.github/workflows/build-deb-packages.yml vendored
View file

@ -1,132 +0,0 @@
---
name: Build DEB Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build:
name: DEB
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-12
steps:
# Checkout here so we can easily use custom actions
- uses: actions/checkout@v4
# Checkout here for the build process
- name: Checkout in build directory
uses: actions/checkout@v4
with:
path:
pkgs/checkout/
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: pkgs/checkout/artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
path: pkgs/checkout/
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cwd: pkgs/checkout/
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
cwd: pkgs/checkout/
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build Deb
working-directory: pkgs/checkout/
run: |
tools pkg build deb --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Cleanup
run: |
rm -rf pkgs/checkout/
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload DEBs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ${{ github.workspace }}/pkgs/*
retention-days: 7
if-no-files-found: error

135
.github/workflows/build-deps-ci-action-macos.yml vendored
View file

@ -1,135 +0,0 @@
---
name: Install Test Dependencies
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
nox-session:
required: true
type: string
description: The nox session to run
salt-version:
type: string
required: true
description: The Salt version to set prior to running tests.
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
nox-version:
required: true
type: string
description: The nox version to install
python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
env:
COLUMNS: 190
PIP_INDEX_URL: "https://pypi-proxy.saltstack.net/root/local/+simple/"
PIP_EXTRA_INDEX_URL: "https://pypi.org/simple"
GITHUB_ACTIONS_PIPELINE: "1"
jobs:
dependencies:
name: Install
runs-on: ${{ inputs.distro-slug }}
timeout-minutes: 90
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/setup-python@v4
with:
python-version: "${{ inputs.python-version }}"
- name: Install System Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
brew install openssl@3
- name: Install Nox
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
env:
PRINT_TEST_SELECTION: "0"
PRINT_SYSTEM_INFO: "0"
run: |
export PYCURL_SSL_LIBRARY=openssl
export LDFLAGS="-L/usr/local/opt/openssl@3/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@3/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig"
nox --install-only -e ${{ inputs.nox-session }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e "pre-archive-cleanup(pkg=False)"
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e compress-dependencies -- ${{ inputs.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: nox.${{ inputs.distro-slug }}.tar.*

258
.github/workflows/build-deps-ci-action.yml vendored
View file

@ -4,10 +4,6 @@ name: Install Test Dependencies
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
nox-session:
required: true
type: string
@ -20,18 +16,14 @@ on:
required: true
type: string
description: Seed used to invalidate caches
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
nox-version:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -53,13 +45,21 @@ env:
jobs:
dependencies:
name: Install
linux-dependencies:
name: Linux
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
- distro-slug: centos-7
arch: x86_64
- distro-slug: centos-7-arm64
arch: arm64
steps:
- name: "Throttle Builds"
@ -70,20 +70,18 @@ jobs:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Cache nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -92,7 +90,7 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
@ -116,45 +114,243 @@ jobs:
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ inputs.distro-slug }}
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }}
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ inputs.distro-slug }}
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ inputs.distro-slug }}
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ inputs.distro-slug }}
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }}
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: nox.${{ inputs.distro-slug }}.tar.*
name: nox-linux-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.linux.${{ matrix.arch }}.tar.*
macos-dependencies:
name: MacOS
runs-on: ${{ matrix.distro-slug }}
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
- distro-slug: macos-12
arch: x86_64
- distro-slug: macos-13-xlarge
arch: arm64
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
- name: Install System Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
brew install openssl@3
- name: Install Nox
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
env:
PRINT_TEST_SELECTION: "0"
PRINT_SYSTEM_INFO: "0"
run: |
export PYCURL_SSL_LIBRARY=openssl
export LDFLAGS="-L/usr/local/opt/openssl@3/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@3/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig"
nox --install-only -e ${{ inputs.nox-session }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e "pre-archive-cleanup(pkg=False)"
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e compress-dependencies -- macos ${{ matrix.arch }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-macos-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.macos.${{ matrix.arch }}.tar.*
windows-dependencies:
name: Windows
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
- distro-slug: windows-2022
arch: amd64
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
- name: Get Salt Project GitHub Actions Bot Environment
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-windows-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.windows.${{ matrix.arch }}.tar.*

83
.github/workflows/build-deps-onedir-linux.yml vendored
View file

@ -1,83 +0,0 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-linux-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: linux
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: linux
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

88
.github/workflows/build-deps-onedir-macos.yml vendored
View file

@ -1,88 +0,0 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- aarch64
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-macos
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: darwin
arch: ${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: darwin
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

86
.github/workflows/build-deps-onedir-windows.yml vendored
View file

@ -1,86 +0,0 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-windows-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: windows
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

181
.github/workflows/build-deps-onedir.yml vendored Normal file
View file

@ -0,0 +1,181 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-deps-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-linux-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: linux
arch: ${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: linux
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-deps-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- arm64
runs-on:
- ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-macos
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: macos
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: macos
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-deps-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-windows-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:
platform: windows
arch: ${{ matrix.arch }}
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

5
.github/workflows/build-docs.yml vendored
View file

@ -24,10 +24,7 @@ jobs:
build:
name: Build
runs-on:
- self-hosted
- linux
- medium
- x86_64
- ubuntu-latest
strategy:
fail-fast: false
matrix:

158
.github/workflows/build-macos-packages.yml vendored
View file

@ -1,158 +0,0 @@
---
name: Build macOS Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
sign-packages:
type: boolean
default: false
description: Sign Packages
environment:
type: string
description: The GitHub Environment where this workflow should run
default: ci
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-pkgs:
name: macOS
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
source:
- ${{ inputs.source }}
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-packages }}" == "true" ]; then
if [ "${{ (secrets.MAC_SIGN_APPLE_ACCT != '' && contains(fromJSON('["nightly", "staging"]'), inputs.environment)) && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Prepare Package Signing
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
run: |
echo ${{ secrets.MAC_SIGN_DEV_APP_CERT_B64 }} | base64 --decode > app-cert.p12
echo ${{ secrets.MAC_SIGN_DEV_INSTALL_CERT_B64 }} | base64 --decode > install-cert.p12
# Create SaltSigning keychain. This will contain the certificates for signing
security create-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Append SaltSigning keychain to the search list
security list-keychains -d user -s "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" "$(security list-keychains -d user | sed s/\"//g)"
# Unlock the keychain so we can import certs
security unlock-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Developer Application Certificate
security import "app-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm app-cert.p12
# Developer Installer Certificate
security import "install-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm install-cert.p12
security set-key-partition-list -S apple-tool:,apple: -k "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" &> /dev/null
- name: Build MacOS Package
env:
DEV_APP_CERT: "${{ secrets.MAC_SIGN_DEV_APP_CERT }}"
DEV_INSTALL_CERT: "${{ secrets.MAC_SIGN_DEV_INSTALL_CERT }}"
APPLE_ACCT: "${{ secrets.MAC_SIGN_APPLE_ACCT }}"
APPLE_TEAM_ID: "${{ secrets.MAC_SIGN_APPLE_TEAM_ID }}"
APP_SPEC_PWD: "${{ secrets.MAC_SIGN_APP_SPEC_PWD }}"
run: |
tools pkg build macos --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-darwin-{1}.tar.xz --salt-version {0} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0}', inputs.salt-version)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: pkg/macos/salt-${{ inputs.salt-version }}-py3-*.pkg
retention-days: 7
if-no-files-found: error

461
.github/workflows/build-packages.yml vendored Normal file
View file

@ -0,0 +1,461 @@
---
name: Build Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
sign-macos-packages:
type: boolean
default: false
description: Sign MacOS Packages
sign-windows-packages:
type: boolean
default: false
description: Sign Windows Packages
environment:
type: string
description: The GitHub Environment where this workflow should run
default: ci
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-macos-pkgs:
name: macOS
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
source:
- ${{ inputs.source }}
runs-on:
- ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-macos-packages }}" == "true" ]; then
if [ "${{ (secrets.MAC_SIGN_APPLE_ACCT != '' && contains(fromJSON('["nightly", "staging"]'), inputs.environment)) && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-macos-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Prepare Package Signing
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
run: |
echo ${{ secrets.MAC_SIGN_DEV_APP_CERT_B64 }} | base64 --decode > app-cert.p12
echo ${{ secrets.MAC_SIGN_DEV_INSTALL_CERT_B64 }} | base64 --decode > install-cert.p12
# Create SaltSigning keychain. This will contain the certificates for signing
security create-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Append SaltSigning keychain to the search list
security list-keychains -d user -s "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" "$(security list-keychains -d user | sed s/\"//g)"
# Unlock the keychain so we can import certs
security unlock-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}"
# Developer Application Certificate
security import "app-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm app-cert.p12
# Developer Installer Certificate
security import "install-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A
rm install-cert.p12
security set-key-partition-list -S apple-tool:,apple: -k "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" &> /dev/null
- name: Build MacOS Package
env:
DEV_APP_CERT: "${{ secrets.MAC_SIGN_DEV_APP_CERT }}"
DEV_INSTALL_CERT: "${{ secrets.MAC_SIGN_DEV_INSTALL_CERT }}"
APPLE_ACCT: "${{ secrets.MAC_SIGN_APPLE_ACCT }}"
APPLE_TEAM_ID: "${{ secrets.MAC_SIGN_APPLE_TEAM_ID }}"
APP_SPEC_PWD: "${{ secrets.MAC_SIGN_APP_SPEC_PWD }}"
run: |
tools pkg build macos --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-macos-{1}.tar.xz --salt-version {0} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0}', inputs.salt-version)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: pkg/macos/salt-${{ inputs.salt-version }}-py3-*.pkg
retention-days: 7
if-no-files-found: error
build-deb-packages:
name: DEB
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-12
steps:
# Checkout here so we can easily use custom actions
- uses: actions/checkout@v4
# Checkout here for the build process
- name: Checkout in build directory
uses: actions/checkout@v4
with:
path:
pkgs/checkout/
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: pkgs/checkout/artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
path: pkgs/checkout/
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cwd: pkgs/checkout/
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
cwd: pkgs/checkout/
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
working-directory: pkgs/checkout/
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build Deb
working-directory: pkgs/checkout/
run: |
tools pkg build deb --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Cleanup
run: |
rm -rf pkgs/checkout/
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload DEBs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ${{ github.workspace }}/pkgs/*
retention-days: 7
if-no-files-found: error
build-rpm-packages:
name: RPM
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:centosstream-9
steps:
- uses: actions/checkout@v4
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build RPM
run: |
tools pkg build rpm --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload RPMs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ~/rpmbuild/RPMS/*/*.rpm
retention-days: 7
if-no-files-found: error
build-windows-pkgs:
name: Windows
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
source:
- ${{ inputs.source }}
runs-on:
- windows-latest
env:
SM_HOST: "${{ secrets.WIN_SIGN_HOST_PROD }}"
SM_API_KEY: "${{ secrets.WIN_SIGN_API_KEY }}"
SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12"
SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}"
SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}"
WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}"
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-windows-packages }}" == "true" ]; then
if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-windows-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip
path: artifacts/
- name: Code signing with Software Trust Manager
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
uses: digicert/ssm-code-signing@v0.0.2
- name: Setup Certificate
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
shell: bash
run: |
echo "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
- name: Build Windows Packages
run: |
tools pkg build windows --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-windows-{1}.zip --salt-version {0} --arch {1} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0} --arch {1}', inputs.salt-version, matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
shell: bash
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI" >> "$GITHUB_OUTPUT"
else
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS-from-src" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} NSIS Packages
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-nsis }}
path: pkg/windows/build/Salt-*.exe
retention-days: 7
if-no-files-found: error
- name: Upload ${{ matrix.arch }} MSI Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-msi }}
path: pkg/windows/build/Salt-*.msi
retention-days: 7
if-no-files-found: error

114
.github/workflows/build-rpm-packages.yml vendored
View file

@ -1,114 +0,0 @@
---
name: Build RPM Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build:
name: RPM
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
source:
- ${{ inputs.source }}
container:
image: ghcr.io/saltstack/salt-ci-containers/packaging:centosstream-9
steps:
- uses: actions/checkout@v4
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Download Release Patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}.patch
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg configure-git
- name: Apply release patch
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
run: |
tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
- name: Build RPM
run: |
tools pkg build rpm --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
||
format('--arch={0}', matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm" >> "$GITHUB_OUTPUT"
else
echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload RPMs
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name }}
path: ~/rpmbuild/RPMS/${{ matrix.arch }}/*.rpm
retention-days: 7
if-no-files-found: error

90
.github/workflows/build-salt-onedir-linux.yml vendored
View file

@ -1,90 +0,0 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-windows
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Setup Relenv
uses: ./.github/actions/setup-relenv
id: setup-relenv
with:
platform: linux
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: linux
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

93
.github/workflows/build-salt-onedir-macos.yml vendored
View file

@ -1,93 +0,0 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- aarch64
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: darwin
arch: ${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: darwin
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

93
.github/workflows/build-salt-onedir-windows.yml vendored
View file

@ -1,93 +0,0 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: windows
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

200
.github/workflows/build-salt-onedir.yml vendored Normal file
View file

@ -0,0 +1,200 @@
---
name: Build Salt Onedir
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
github-hosted-runners:
type: boolean
required: true
self-hosted-runners:
type: boolean
required: true
cache-seed:
required: true
type: string
description: Seed used to invalidate caches
relenv-version:
required: true
type: string
description: The version of relenv to use
python-version:
required: true
type: string
description: The version of python to use with relenv
env:
RELENV_DATA: "${{ github.workspace }}/.relenv"
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-salt-linux:
name: Linux
if: ${{ inputs.self-hosted-runners }}
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-windows
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Setup Relenv
uses: ./.github/actions/setup-relenv
id: setup-relenv
with:
platform: linux
arch: ${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: linux
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-salt-macos:
name: macOS
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86_64
- arm64
runs-on:
- ${{ matrix.arch == 'arm64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: macos
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: macos
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}
build-salt-windows:
name: Windows
if: ${{ inputs.github-hosted-runners }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
runs-on: windows-latest
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: windows
arch: ${{ matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Install Salt into Relenv Onedir
uses: ./.github/actions/build-onedir-salt
with:
platform: windows
arch: ${{ matrix.arch }}
salt-version: "${{ inputs.salt-version }}"
python-version: "${{ inputs.python-version }}"
cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }}

164
.github/workflows/build-windows-packages.yml vendored
View file

@ -1,164 +0,0 @@
---
name: Build Windows Packages
on:
workflow_call:
inputs:
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages
relenv-version:
type: string
required: true
description: The relenv version to set prior to building packages.
python-version:
required: true
type: string
description: The version of python to use with relenv
sign-packages:
type: boolean
default: false
description: Sign Packages
environment:
type: string
description: The GitHub Environment where this workflow should run
default: ci
source:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
build-pkgs:
name: Windows
environment: ${{ inputs.environment }}
strategy:
fail-fast: false
max-parallel: 2
matrix:
arch:
- x86
- amd64
source:
- ${{ inputs.source }}
runs-on:
- windows-latest
env:
SM_HOST: "${{ secrets.WIN_SIGN_HOST_PROD }}"
SM_API_KEY: "${{ secrets.WIN_SIGN_API_KEY }}"
SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12"
SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}"
SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}"
WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}"
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
run: |
if [ "${{ inputs.sign-packages }}" == "true" ]; then
if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
else
MSG="The packages created WILL be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
fi
else
MSG="The sign-packages input is false. The packages created will NOT be signed."
echo "${MSG}"
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version
uses: ./.github/actions/setup-salt-version
with:
salt-version: "${{ inputs.salt-version }}"
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip
path: artifacts/
- name: Code signing with Software Trust Manager
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
uses: digicert/ssm-code-signing@v0.0.2
- name: Setup Certificate
if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }}
shell: bash
run: |
echo "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
- name: Build Windows Packages
run: |
tools pkg build windows --relenv-version=${{ inputs.relenv-version }} --python-version=${{ inputs.python-version }} ${{
inputs.source == 'onedir' &&
format(
'--onedir salt-{0}-onedir-windows-{1}.zip --salt-version {0} --arch {1} {2}',
inputs.salt-version,
matrix.arch,
steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || ''
)
||
format('--salt-version {0} --arch {1}', inputs.salt-version, matrix.arch)
}}
- name: Set Artifact Name
id: set-artifact-name
shell: bash
run: |
if [ "${{ inputs.source }}" != "src" ]; then
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI" >> "$GITHUB_OUTPUT"
else
echo "artifact-name-nsis=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS-from-src" >> "$GITHUB_OUTPUT"
echo "artifact-name-msi=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI-from-src" >> "$GITHUB_OUTPUT"
fi
- name: Upload ${{ matrix.arch }} NSIS Packages
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-nsis }}
path: pkg/windows/build/Salt-*.exe
retention-days: 7
if-no-files-found: error
- name: Upload ${{ matrix.arch }} MSI Package
uses: actions/upload-artifact@v3
with:
name: ${{ steps.set-artifact-name.outputs.artifact-name-msi }}
path: pkg/windows/build/Salt-*.msi
retention-days: 7
if-no-files-found: error

1421
.github/workflows/ci.yml vendored
View file

File diff suppressed because it is too large Load diff

4
.github/workflows/lint-action.yml vendored
View file

@ -18,7 +18,7 @@ env:
jobs:
Salt:
name: Lint Salt's Source Code
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "large", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['salt'] || fromJSON(inputs.changed-files)['lint'] }}
container:
@ -62,7 +62,7 @@ jobs:
Tests:
name: Lint Salt's Test Suite
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "large", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['tests'] || fromJSON(inputs.changed-files)['lint'] }}
container:

1481
.github/workflows/nightly.yml vendored
View file

File diff suppressed because it is too large Load diff

2
.github/workflows/pre-commit-action.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
Pre-Commit:
name: Run Pre-Commit Against Salt
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
container:
image: ghcr.io/saltstack/salt-ci-containers/python:3.10

4
.github/workflows/release-tag.yml vendored
View file

@ -31,7 +31,7 @@ jobs:
permissions:
contents: write # for dev-drprasad/delete-tag-and-release to delete tags or releases
name: Generate Tag and Github Release
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- uses: dev-drprasad/delete-tag-and-release@v0.2.0
if: github.event.inputs.reTag == 'true'
@ -54,7 +54,7 @@ jobs:
custom_tag: ${{ github.event.inputs.saltVersion }}
- name: Set up Python 3.8
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: 3.8

4
.github/workflows/release-update-winrepo.yml vendored
View file

@ -19,7 +19,7 @@ permissions:
jobs:
update-winrepo:
name: Update Winrepo
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- name: Checkout Salt
@ -34,7 +34,7 @@ jobs:
repository: saltstack/salt-winrepo-ng
- name: Set Up Python 3.10
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"

2
.github/workflows/release-upload-virustotal.yml vendored
View file

@ -37,7 +37,7 @@ jobs:
uses: actions/checkout@v4
- name: Set Up Python 3.10
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"

755
.github/workflows/release.yml vendored
View file

@ -35,7 +35,7 @@ jobs:
check-requirements:
name: Check Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: release-check
steps:
- name: Check For Admin Permission
@ -58,13 +58,14 @@ jobs:
cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }}
latest-release: ${{ steps.get-salt-releases.outputs.latest-release }}
releases: ${{ steps.get-salt-releases.outputs.releases }}
nox-archive-hash: ${{ steps.nox-archive-hash.outputs.nox-archive-hash }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full clone to also get the tags to get the right salt version
- name: Set up Python 3.10
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"
@ -106,16 +107,16 @@ jobs:
run: |
tools ci get-releases
- name: Check Salt Releases
run: |
echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.'
echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.'
- name: Set Cache Seed Output
id: set-cache-seed
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Get Hash For Nox Tarball Cache
id: nox-archive-hash
run: |
echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT"
download-onedir-artifact:
name: Download Staging Onedir Artifact
runs-on:
@ -132,15 +133,15 @@ jobs:
- platform: linux
arch: x86_64
- platform: linux
arch: aarch64
arch: arm64
- platform: windows
arch: amd64
- platform: windows
arch: x86
- platform: darwin
- platform: macos
arch: x86_64
- platform: darwin
arch: aarch64
- platform: macos
arch: arm64
steps:
- uses: actions/checkout@v4
@ -166,662 +167,19 @@ jobs:
path: artifacts/salt-${{ inputs.salt-version }}-onedir-${{ matrix.platform }}-${{ matrix.arch }}.tar.xz*
retention-days: 7
if-no-files-found: error
windows-2016-ci-deps:
name: Windows 2016 Deps
build-ci-deps:
name: CI Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: windows-2016
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
windows-2019-ci-deps:
name: Windows 2019 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: windows-2019
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
windows-2022-ci-deps:
name: Windows 2022 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: windows-2022
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
macos-12-ci-deps:
name: macOS 12 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: macos-12
nox-session: ci-test-onedir
platform: darwin
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
macos-13-ci-deps:
name: macOS 13 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: macos-13
nox-session: ci-test-onedir
platform: darwin
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
macos-13-xlarge-ci-deps:
name: macOS 13 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: macos-13-xlarge
nox-session: ci-test-onedir
platform: darwin
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-8-ci-deps:
name: Alma Linux 8 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-8
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-8-arm64-ci-deps:
name: Alma Linux 8 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-8-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-9-ci-deps:
name: Alma Linux 9 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-9
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-9-arm64-ci-deps:
name: Alma Linux 9 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: almalinux-9-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2-ci-deps:
name: Amazon Linux 2 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2-arm64-ci-deps:
name: Amazon Linux 2 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2023-ci-deps:
name: Amazon Linux 2023 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2023
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2023-arm64-ci-deps:
name: Amazon Linux 2023 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2023-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
archlinux-lts-ci-deps:
name: Arch Linux LTS Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: archlinux-lts
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centos-7-ci-deps:
name: CentOS 7 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centos-7
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centos-7-arm64-ci-deps:
name: CentOS 7 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centos-7-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-8-ci-deps:
name: CentOS Stream 8 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-8
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-8-arm64-ci-deps:
name: CentOS Stream 8 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-8-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-9-ci-deps:
name: CentOS Stream 9 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-9
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
centosstream-9-arm64-ci-deps:
name: CentOS Stream 9 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: centosstream-9-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-10-ci-deps:
name: Debian 10 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-10
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-11-ci-deps:
name: Debian 11 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-11
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-11-arm64-ci-deps:
name: Debian 11 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-11-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-12-ci-deps:
name: Debian 12 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-12
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
debian-12-arm64-ci-deps:
name: Debian 12 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: debian-12-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-37-ci-deps:
name: Fedora 37 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-37
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-37-arm64-ci-deps:
name: Fedora 37 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-37-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-38-ci-deps:
name: Fedora 38 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-38
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
fedora-38-arm64-ci-deps:
name: Fedora 38 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: fedora-38-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
opensuse-15-ci-deps:
name: Opensuse 15 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: opensuse-15
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-3-ci-deps:
name: Photon OS 3 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-3
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-3-arm64-ci-deps:
name: Photon OS 3 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-3-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-4-ci-deps:
name: Photon OS 4 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-4
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-4-arm64-ci-deps:
name: Photon OS 4 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-4-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-5-ci-deps:
name: Photon OS 5 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-5
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
photonos-5-arm64-ci-deps:
name: Photon OS 5 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: photonos-5-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2004-ci-deps:
name: Ubuntu 20.04 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-20.04
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2004-arm64-ci-deps:
name: Ubuntu 20.04 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-20.04-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2204-ci-deps:
name: Ubuntu 22.04 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-22.04
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
ubuntu-2204-arm64-ci-deps:
name: Ubuntu 22.04 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: ubuntu-22.04-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
backup:
name: Backup
@ -894,43 +252,7 @@ jobs:
needs:
- prepare-workflow
- publish-repositories
- almalinux-8-arm64-ci-deps
- almalinux-8-ci-deps
- almalinux-9-arm64-ci-deps
- almalinux-9-ci-deps
- amazonlinux-2-arm64-ci-deps
- amazonlinux-2-ci-deps
- amazonlinux-2023-arm64-ci-deps
- amazonlinux-2023-ci-deps
- centos-7-arm64-ci-deps
- centos-7-ci-deps
- centosstream-8-arm64-ci-deps
- centosstream-8-ci-deps
- centosstream-9-arm64-ci-deps
- centosstream-9-ci-deps
- debian-10-ci-deps
- debian-11-arm64-ci-deps
- debian-11-ci-deps
- debian-12-arm64-ci-deps
- debian-12-ci-deps
- fedora-37-arm64-ci-deps
- fedora-37-ci-deps
- fedora-38-arm64-ci-deps
- fedora-38-ci-deps
- macos-12-ci-deps
- macos-13-ci-deps
- macos-13-xlarge-ci-deps
- photonos-3-arm64-ci-deps
- photonos-3-ci-deps
- photonos-4-arm64-ci-deps
- photonos-4-ci-deps
- photonos-5-arm64-ci-deps
- photonos-5-ci-deps
- ubuntu-2004-arm64-ci-deps
- ubuntu-2004-ci-deps
- ubuntu-2204-arm64-ci-deps
- ubuntu-2204-ci-deps
- windows-2022-ci-deps
- build-ci-deps
- download-onedir-artifact
uses: ./.github/workflows/test-package-downloads-action.yml
with:
@ -942,6 +264,7 @@ jobs:
python-version: "3.10"
skip-code-coverage: true
latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}"
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
secrets: inherit
release:
@ -1114,7 +437,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- check-requirements
- prepare-workflow
@ -1122,47 +445,7 @@ jobs:
- pkg-download-tests
- release
- publish-pypi
- windows-2016-ci-deps
- windows-2019-ci-deps
- windows-2022-ci-deps
- macos-12-ci-deps
- macos-13-ci-deps
- macos-13-xlarge-ci-deps
- almalinux-8-ci-deps
- almalinux-8-arm64-ci-deps
- almalinux-9-ci-deps
- almalinux-9-arm64-ci-deps
- amazonlinux-2-ci-deps
- amazonlinux-2-arm64-ci-deps
- amazonlinux-2023-ci-deps
- amazonlinux-2023-arm64-ci-deps
- archlinux-lts-ci-deps
- centos-7-ci-deps
- centos-7-arm64-ci-deps
- centosstream-8-ci-deps
- centosstream-8-arm64-ci-deps
- centosstream-9-ci-deps
- centosstream-9-arm64-ci-deps
- debian-10-ci-deps
- debian-11-ci-deps
- debian-11-arm64-ci-deps
- debian-12-ci-deps
- debian-12-arm64-ci-deps
- fedora-37-ci-deps
- fedora-37-arm64-ci-deps
- fedora-38-ci-deps
- fedora-38-arm64-ci-deps
- opensuse-15-ci-deps
- photonos-3-ci-deps
- photonos-3-arm64-ci-deps
- photonos-4-ci-deps
- photonos-4-arm64-ci-deps
- photonos-5-ci-deps
- photonos-5-arm64-ci-deps
- ubuntu-2004-ci-deps
- ubuntu-2004-arm64-ci-deps
- ubuntu-2204-ci-deps
- ubuntu-2204-arm64-ci-deps
- build-ci-deps
steps:
- name: Get workflow information
id: get-workflow-info

1433
.github/workflows/scheduled.yml vendored
View file

File diff suppressed because it is too large Load diff

1463
.github/workflows/staging.yml vendored
View file

File diff suppressed because it is too large Load diff

74
.github/workflows/templates/build-ci-deps.yml.jinja vendored
View file

@ -1,86 +1,22 @@
<%- for slug, display_name, arch in build_ci_deps_listing["windows"] %>
<{ slug.replace(".", "") }>-ci-deps:
<%- do test_salt_needs.append(slug.replace(".", "") + "-ci-deps") %>
name: <{ display_name }> Deps
build-ci-deps:
<%- do test_salt_needs.append("build-ci-deps") %>
name: CI Deps
<%- if workflow_slug != 'release' %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-ci'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
<%- endif %>
needs:
- prepare-workflow
<%- if workflow_slug != 'release' %>
- build-salt-onedir-windows
- build-salt-onedir
<%- else %>
- download-onedir-artifact
<%- endif %>
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: windows
arch: amd64
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
<%- endfor %>
<%- for slug, display_name, arch in build_ci_deps_listing["macos"] %>
<{ slug.replace(".", "") }>-ci-deps:
<%- do test_salt_needs.append(slug.replace(".", "") + "-ci-deps") %>
name: <{ display_name }> Deps
<%- if workflow_slug != 'release' %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-ci'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
<%- endif %>
needs:
- prepare-workflow
<%- if workflow_slug != 'release' %>
- build-salt-onedir-macos
<%- else %>
- download-onedir-artifact
<%- endif %>
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
arch: <{ arch }>
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
<%- endfor %>
<%- for slug, display_name, arch in build_ci_deps_listing["linux"] %>
<{ slug.replace(".", "") }>-ci-deps:
<%- do test_salt_needs.append(slug.replace(".", "") + "-ci-deps") %>
name: <{ display_name }> Deps
<%- if workflow_slug != 'release' %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-ci'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
<%- endif %>
needs:
- prepare-workflow
<%- if workflow_slug != 'release' %>
- build-salt-onedir-linux
<%- else %>
- download-onedir-artifact
<%- endif %>
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: linux
arch: <{ arch }>
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
<%- endfor %>
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"

10
.github/workflows/templates/build-deb-repo.yml.jinja vendored
View file

@ -5,15 +5,15 @@
include:
<%- for distro, version, arch in (
("debian", "10", "x86_64"),
("debian", "10", "aarch64"),
("debian", "10", "arm64"),
("debian", "11", "x86_64"),
("debian", "11", "aarch64"),
("debian", "11", "arm64"),
("debian", "12", "x86_64"),
("debian", "12", "aarch64"),
("debian", "12", "arm64"),
("ubuntu", "20.04", "x86_64"),
("ubuntu", "20.04", "aarch64"),
("ubuntu", "20.04", "arm64"),
("ubuntu", "22.04", "x86_64"),
("ubuntu", "22.04", "aarch64"),
("ubuntu", "22.04", "arm64"),
) %>
- pkg-type: deb
distro: <{ distro }>

358
.github/workflows/templates/build-deps-ci-action.yml.jinja vendored Normal file
View file

@ -0,0 +1,358 @@
---
name: Install Test Dependencies
on:
workflow_call:
inputs:
nox-session:
required: true
type: string
description: The nox session to run
salt-version:
type: string
required: true
description: The Salt version to set prior to running tests.
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
nox-version:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
linux-dependencies:
name: Linux
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
<%- for arch, build_distro_slug in build_ci_deps_listing["linux"] %>
- distro-slug: <{ build_distro_slug }>
arch: <{ arch }>
<%- endfor %>
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
- name: Get Salt Project GitHub Actions Bot Environment
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-linux-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.linux.${{ matrix.arch }}.tar.*
macos-dependencies:
name: MacOS
runs-on: ${{ matrix.distro-slug }}
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
<%- for arch, build_distro_slug in build_ci_deps_listing["macos"] %>
- distro-slug: <{ build_distro_slug }>
arch: <{ arch }>
<%- endfor %>
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
- name: Install System Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
brew install openssl@3
- name: Install Nox
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
env:
PRINT_TEST_SELECTION: "0"
PRINT_SYSTEM_INFO: "0"
run: |
export PYCURL_SSL_LIBRARY=openssl
export LDFLAGS="-L/usr/local/opt/openssl@3/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@3/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig"
nox --install-only -e ${{ inputs.nox-session }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e "pre-archive-cleanup(pkg=False)"
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
nox --force-color -e compress-dependencies -- macos ${{ matrix.arch }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-macos-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.macos.${{ matrix.arch }}.tar.*
windows-dependencies:
name: Windows
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
include:
<%- for arch, build_distro_slug in build_ci_deps_listing["windows"] %>
- distro-slug: <{ build_distro_slug }>
arch: <{ arch }>
<%- endfor %>
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Cache nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
- name: Download Onedir Tarball as an Artifact
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: PyPi Proxy
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
- name: Get Salt Project GitHub Actions Bot Environment
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ matrix.distro-slug }}
- name: List Free Space
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm ssh ${{ matrix.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm rsync ${{ matrix.distro-slug }}
- name: Install Dependencies
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ matrix.distro-slug }}
- name: Cleanup .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm pre-archive-cleanup ${{ matrix.distro-slug }}
- name: Compress .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm compress-dependencies ${{ matrix.distro-slug }}
- name: Download Compressed .nox Directory
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm download-dependencies ${{ matrix.distro-slug }}
- name: Destroy VM
if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true'
run: |
tools --timestamps vm destroy --no-wait ${{ matrix.distro-slug }}
- name: Upload Nox Requirements Tarball
uses: actions/upload-artifact@v3
with:
name: nox-windows-${{ matrix.arch }}-${{ inputs.nox-session }}
path: nox.windows.${{ matrix.arch }}.tar.*

2
.github/workflows/templates/build-macos-repo.yml.jinja vendored
View file

@ -28,7 +28,7 @@
- name: Download macOS Arch64 Packages
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-aarch64-macos
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-arm64-macos
path: artifacts/pkgs/incoming
- name: Setup GnuPG

8
.github/workflows/templates/build-onedir-repo.yml.jinja vendored
View file

@ -25,22 +25,22 @@
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-x86_64.tar.xz
path: artifacts/pkgs/incoming
- name: Download Linux aarch64 Onedir Archive
- name: Download Linux arm64 Onedir Archive
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-aarch64.tar.xz
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-arm64.tar.xz
path: artifacts/pkgs/incoming
- name: Download macOS x86_64 Onedir Archive
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-x86_64.tar.xz
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-x86_64.tar.xz
path: artifacts/pkgs/incoming
- name: Download macOS arm64 Onedir Archive
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-aarch64.tar.xz
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-arm64.tar.xz
path: artifacts/pkgs/incoming
- name: Download Windows amd64 Onedir Archive

25
.github/workflows/templates/build-packages.yml.jinja vendored
View file

@ -1,38 +1,27 @@
<%- for platform, pkg_type, display_name, runner_type in (
("linux", "rpm", "RPM", "self-hosted"),
("linux", "deb", "DEB", "self-hosted"),
("windows", "windows", "Windows", "github-hosted"),
("macos", "macos", "macOS", "github-hosted"),
) %>
<%- for backend in ("onedir", "src") %>
<%- set job_name = "build-{}-pkgs-{}".format(pkg_type, backend) %>
<%- set job_name = "build-pkgs-{}".format(backend) %>
<%- if backend == "src" %>
<%- do conclusion_needs.append(job_name) %>
<%- endif %>
<{ job_name }>:
name: Build Packages
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['<{ runner_type }>'] }}
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-salt-onedir-<{ platform }>
uses: ./.github/workflows/build-<{ pkg_type }>-packages.yml
- build-salt-onedir
uses: ./.github/workflows/build-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
relenv-version: "<{ relenv_version }>"
python-version: "<{ python_version }>"
source: "<{ backend }>"
<%- if pkg_type in ("macos", "windows") and gh_environment %>
<%- if gh_environment %>
environment: <{ gh_environment }>
<%- if pkg_type == "macos" %>
sign-packages: true
<%- else %>
sign-packages: <% if gh_environment == 'nightly' -%> false <%- else -%> ${{ inputs.sign-windows-packages }} <%- endif %>
<%- endif %>
sign-macos-packages: true
sign-windows-packages: <% if gh_environment == 'nightly' -%> false <%- else -%> ${{ inputs.sign-windows-packages }} <%- endif %>
secrets: inherit
<%- endif %>
<%- endfor %>
<%- endfor %>

6
.github/workflows/templates/build-repos.yml.jinja vendored
View file

@ -20,11 +20,9 @@
needs:
- prepare-workflow
<%- if type not in ("src", "onedir") %>
- build-<{ type }>-pkgs-onedir
- build-pkgs-onedir
<%- elif type == 'onedir' %>
- build-salt-onedir-linux
- build-salt-onedir-macos
- build-salt-onedir-windows
- build-salt-onedir
<%- elif type == 'src' %>
- build-source-tarball
<%- endif %>

2
.github/workflows/templates/build-rpm-repo.yml.jinja vendored
View file

@ -66,7 +66,7 @@
- name: Download RPM Packages
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}-rpm
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm
path: artifacts/pkgs/incoming
- name: Setup GnuPG

33
.github/workflows/templates/ci.yml.jinja vendored
View file

@ -52,7 +52,7 @@
- x86_64
<%- else %>
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
<%- endif %>
needs:
- prepare-workflow
@ -62,7 +62,7 @@
<%- if not prepare_actual_release %>
- name: Set up Python 3.10
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"
@ -210,12 +210,12 @@
needs:
- prepare-workflow
- prepare-release
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "medium", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"
@ -240,16 +240,14 @@
<%- set job_name = "build-deps-onedir" %>
<%- if includes.get(job_name, True) %>
<%- for platform in ("linux", "windows", "macos") %>
<%- set platform_job_name = "{}-{}".format(job_name, platform) %>
<{ platform_job_name }>:
<%- do conclusion_needs.append(platform_job_name) %>
<{ job_name }>:
<%- do conclusion_needs.append(job_name) %>
name: Build Dependencies Onedir
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
uses: ./.github/workflows/build-deps-onedir-<{ platform }>.yml
uses: ./.github/workflows/build-deps-onedir.yml
with:
cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }}
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
@ -258,24 +256,21 @@
relenv-version: "<{ relenv_version }>"
python-version: "<{ python_version }>"
<%- endfor %>
<%- endif %>
<%- set job_name = "build-salt-onedir" %>
<%- if includes.get(job_name, True) %>
<%- for platform in ("linux", "windows", "macos") %>
<%- set platform_job_name = "{}-{}".format(job_name, platform) %>
<{ platform_job_name }>:
<%- do conclusion_needs.append(platform_job_name) %>
<{ job_name }>:
<%- do conclusion_needs.append(job_name) %>
name: Build Salt Onedir
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] }}
needs:
- prepare-workflow
- build-deps-onedir-<{ platform }>
- build-deps-onedir
- build-source-tarball
uses: ./.github/workflows/build-salt-onedir-<{ platform }>.yml
uses: ./.github/workflows/build-salt-onedir.yml
with:
cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }}
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
@ -284,7 +279,6 @@
relenv-version: "<{ relenv_version }>"
python-version: "<{ python_version }>"
<%- endfor %>
<%- endif %>
@ -314,7 +308,7 @@
<%- do conclusion_needs.append("combine-all-code-coverage") %>
name: Combine Code Coverage
if: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['skip_code_coverage'] == false }}
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- prepare-workflow
<%- for need in test_salt_needs.iter(consume=False) %>
@ -324,8 +318,7 @@
- uses: actions/checkout@v4
- name: Set up Python 3.10
if: ${{ github.event.repository.private == false }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"

18
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -75,7 +75,7 @@ jobs:
prepare-workflow:
name: Prepare Workflow Run
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
<%- if prepare_workflow_if_check %>
if: <{ prepare_workflow_if_check }>
<%- endif %>
@ -97,6 +97,7 @@ jobs:
releases: ${{ steps.get-salt-releases.outputs.releases }}
release-changelog-target: ${{ steps.get-release-changelog-target.outputs.release-changelog-target }}
testing-releases: ${{ steps.get-testing-releases.outputs.testing-releases }}
nox-archive-hash: ${{ steps.nox-archive-hash.outputs.nox-archive-hash }}
steps:
- uses: actions/checkout@v4
with:
@ -180,7 +181,7 @@ jobs:
- *pkg_tests_added_modified
- name: Set up Python 3.10
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"
@ -213,6 +214,11 @@ jobs:
run: |
tools ci get-pr-test-labels --repository ${{ github.repository }}
- name: Get Hash For Nox Tarball Cache
id: nox-archive-hash
run: |
echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT"
<%- if prepare_actual_release %>
- name: Check Existing Releases
@ -280,12 +286,6 @@ jobs:
run: |
tools ci get-testing-releases ${{ join(fromJSON(steps.get-salt-releases.outputs.releases), ' ') }} --salt-version ${{ steps.setup-salt-version.outputs.salt-version }}
- name: Check Salt Releases
run: |
echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.'
echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.'
echo '${{ steps.get-testing-releases.outputs.testing-releases }}' | jq -C '.'
- name: Define Testrun
id: define-testrun
run: |
@ -343,7 +343,7 @@ jobs:
# on a pull request instead of requiring all
name: Set the ${{ github.workflow }} Pipeline Exit Status
if: always()
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
<%- if workflow_slug == "nightly" %>
environment: <{ workflow_slug }>
<%- endif %>

2
.github/workflows/templates/nightly.yml.jinja vendored
View file

@ -58,7 +58,7 @@ concurrency:
<%- do conclusion_needs.append('notify-slack') %>
notify-slack:
name: Notify Slack
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: <{ gh_environment }>
needs:
<%- for need in prepare_workflow_needs.iter(consume=False) %>

23
.github/workflows/templates/release.yml.jinja vendored
View file

@ -52,7 +52,7 @@ permissions:
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: <{ gh_environment }>-check
steps:
- name: Check For Admin Permission
@ -86,13 +86,14 @@ permissions:
cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }}
latest-release: ${{ steps.get-salt-releases.outputs.latest-release }}
releases: ${{ steps.get-salt-releases.outputs.releases }}
nox-archive-hash: ${{ steps.nox-archive-hash.outputs.nox-archive-hash }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full clone to also get the tags to get the right salt version
- name: Set up Python 3.10
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.10"
@ -134,16 +135,16 @@ permissions:
run: |
tools ci get-releases
- name: Check Salt Releases
run: |
echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.'
echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.'
- name: Set Cache Seed Output
id: set-cache-seed
run: |
tools ci define-cache-seed ${{ env.CACHE_SEED }}
- name: Get Hash For Nox Tarball Cache
id: nox-archive-hash
run: |
echo "nox-archive-hash=${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py') }}" | tee -a "$GITHUB_OUTPUT"
<%- endblock prepare_workflow_job %>
<%- endif %>
@ -166,15 +167,15 @@ permissions:
- platform: linux
arch: x86_64
- platform: linux
arch: aarch64
arch: arm64
- platform: windows
arch: amd64
- platform: windows
arch: x86
- platform: darwin
- platform: macos
arch: x86_64
- platform: darwin
arch: aarch64
- platform: macos
arch: arm64
steps:
- uses: actions/checkout@v4

2
.github/workflows/templates/staging.yml.jinja vendored
View file

@ -66,7 +66,7 @@ concurrency:
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
environment: <{ gh_environment }>-check
steps:
- name: Check For Admin Permission

40
.github/workflows/templates/test-package-downloads-action.yml.jinja vendored
View file

@ -23,6 +23,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -84,7 +88,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -92,15 +96,13 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
@ -318,7 +320,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Install System Dependencies
@ -330,10 +332,10 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
update-environment: true
@ -342,19 +344,17 @@ jobs:
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ matrix.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ matrix.arch }}
- name: Show System Info & Test Plan
env:
@ -545,13 +545,11 @@ jobs:
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true

5
.github/workflows/templates/test-salt-pkg-repo-downloads.yml.jinja vendored
View file

@ -19,9 +19,7 @@
<%- if gh_environment == "release" %>
- download-onedir-artifact
<%- else %>
- build-salt-onedir-linux
- build-salt-onedir-macos
- build-salt-onedir-windows
- build-salt-onedir
<%- endif %>
uses: ./.github/workflows/test-package-downloads-action.yml
with:
@ -33,4 +31,5 @@
python-version: "<{ gh_actions_workflows_python_version }>"
skip-code-coverage: true
latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}"
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
secrets: inherit

21
.github/workflows/templates/test-salt-pkg.yml.jinja vendored
View file

@ -7,9 +7,9 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-<{ pkg_type }>-pkgs-onedir
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-packages-action.yml
- build-pkgs-onedir
- build-ci-deps
uses: ./.github/workflows/test-packages-action-linux.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -23,6 +23,7 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- if fips == "fips" %>
fips: true
<%- endif %>
@ -40,13 +41,13 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
needs:
- prepare-workflow
- build-macos-pkgs-onedir
- <{ slug.replace(".", "") }>-ci-deps
- build-pkgs-onedir
- build-ci-deps
uses: ./.github/workflows/test-packages-action-macos.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
platform: macos
arch: <{ arch }>
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
pkg-type: macos
@ -56,6 +57,7 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
@ -70,9 +72,9 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- build-windows-pkgs-onedir
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-packages-action.yml
- build-pkgs-onedir
- build-ci-deps
uses: ./.github/workflows/test-packages-action-windows.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -86,6 +88,7 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
<%- endfor %>

15
.github/workflows/templates/test-salt.yml.jinja vendored
View file

@ -14,8 +14,8 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-action.yml
- build-ci-deps
uses: ./.github/workflows/test-action-windows.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -30,6 +30,7 @@
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ windows_full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
@ -42,12 +43,12 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
needs:
- prepare-workflow
- <{ slug.replace(".", "") }>-ci-deps
- build-ci-deps
uses: ./.github/workflows/test-action-macos.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
platform: macos
arch: <{ arch }>
nox-version: <{ nox_version }>
gh-actions-python-version: "<{ gh_actions_workflows_python_version }>"
@ -58,6 +59,7 @@
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- endfor %>
@ -69,8 +71,8 @@
if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
needs:
- prepare-workflow
- <{ slug.replace(".", "") }>-ci-deps
uses: ./.github/workflows/test-action.yml
- build-ci-deps
uses: ./.github/workflows/test-action-linux.yml
with:
distro-slug: <{ slug }>
nox-session: ci-test-onedir
@ -85,6 +87,7 @@
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
nox-archive-hash: "${{ needs.prepare-workflow.outputs.nox-archive-hash }}"
<%- if fips == "fips" %>
fips: true
<%- endif %>

7
.github/workflows/templates/trigger-branch-workflows.yml.jinja vendored
View file

@ -1,17 +1,18 @@
<%- set job_name = "trigger-branch-{}-builds".format(workflow_slug) %>
<%- set branches = ["3006.x"] %>
<{ job_name }>:
<%- do conclusion_needs.append(job_name) %>
name: Trigger Branch Workflows
if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- workflow-requirements
steps:
<%- for branch in branches %>
<%- for branch in release_branches %>
- name: Trigger <{ branch }> branch
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/templates/workflow-requirements-check.yml.jinja vendored
View file

@ -4,7 +4,7 @@
<{ job_name }>:
<%- do prepare_workflow_needs.append(job_name) %>
name: Check Workflow Requirements
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
outputs:
requirements-met: ${{ steps.check-requirements.outputs.requirements-met }}
steps:

22
.github/workflows/test-action.yml → .github/workflows/test-action-linux.yml vendored
View file

@ -40,6 +40,10 @@ on:
required: true
type: number
description: Timeout, in minutes, for the test job
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
gh-actions-python-version:
required: false
type: string
@ -82,10 +86,7 @@ jobs:
generate-matrix:
name: Test Matrix
runs-on:
- self-hosted
- linux
- x86_64
runs-on: ubuntu-latest
outputs:
matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
steps:
@ -152,13 +153,11 @@ jobs:
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
@ -336,10 +335,7 @@ jobs:
report:
name: Test Reports
if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
runs-on:
- self-hosted
- linux
- x86_64
runs-on: ubuntu-latest
needs:
- test

22
.github/workflows/test-action-macos.yml vendored
View file

@ -45,6 +45,10 @@ on:
required: true
type: number
description: Timeout, in minutes, for the test job
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
package-name:
required: false
type: string
@ -75,7 +79,7 @@ jobs:
generate-matrix:
name: Test Matrix
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
outputs:
matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
steps:
@ -142,18 +146,16 @@ jobs:
run: |
brew install tree
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Set up Python ${{ inputs.gh-actions-python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.gh-actions-python-version }}"
@ -163,7 +165,7 @@ jobs:
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ inputs.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ inputs.arch }}
- name: Download testrun-changed-files.txt
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }}
@ -380,7 +382,7 @@ jobs:
report:
name: Test Reports
if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
needs:
- test
@ -401,7 +403,7 @@ jobs:
tree -a artifacts
- name: Set up Python ${{ inputs.gh-actions-python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.gh-actions-python-version }}"

392
.github/workflows/test-action-windows.yml vendored Normal file
View file

@ -0,0 +1,392 @@
---
name: Test Artifact
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
nox-session:
required: true
type: string
description: The nox session to run
testrun:
required: true
type: string
description: JSON string containing information about what and how to run the test suite
salt-version:
type: string
required: true
description: The Salt version to set prior to running tests.
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
nox-version:
required: true
type: string
description: The nox version to install
timeout-minutes:
required: true
type: number
description: Timeout, in minutes, for the test job
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
gh-actions-python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
fips:
required: false
type: boolean
default: false
description: Test run with FIPS enabled
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
skip-code-coverage:
required: false
type: boolean
description: Skip code coverage
default: false
skip-junit-reports:
required: false
type: boolean
description: Skip Publishing JUnit Reports
default: false
workflow-slug:
required: false
type: string
description: Which workflow is running.
default: ci
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
generate-matrix:
name: Test Matrix
runs-on: ubuntu-latest
outputs:
matrix-include: ${{ steps.generate-matrix.outputs.matrix }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Test Matrix
id: generate-matrix
run: |
tools ci matrix --workflow=${{ inputs.workflow-slug }} ${{ fromJSON(inputs.testrun)['type'] == 'full' && '--full ' || '' }}${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }}
test:
name: Test
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: ${{ inputs.timeout-minutes }}
needs:
- generate-matrix
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include) }}
env:
SALT_TRANSPORT: ${{ matrix.transport }}
TEST_GROUP: ${{ matrix.test-group || 1 }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Setup Salt Version
run: |
echo "${{ inputs.salt-version }}" > salt/_version.txt
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Download cached nox.windows.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: PyPi Proxy
run: |
sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Download testrun-changed-files.txt
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }}
uses: actions/download-artifact@v3
with:
name: testrun-changed-files.txt
- name: Get Salt Project GitHub Actions Bot Environment
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
id: spin-up-vm
env:
TESTS_CHUNK: ${{ matrix.tests-chunk }}
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
- name: List Free Space
run: |
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
run: |
tools --timestamps vm rsync ${{ inputs.distro-slug }}
- name: Decompress .nox Directory
run: |
tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }}
- name: Show System Info & Test Plan
run: |
tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }}
- name: Run Fast/Changed Tests
id: run-fast-changed-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['fast'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
- name: Run Slow/Changed Tests
id: run-slow-changed-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['slow'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
- name: Run Core/Changed Tests
id: run-core-changed-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['core'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
- name: Run Fast Tests
id: run-fast-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['fast'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }}
- name: Run Slow Tests
id: run-slow-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['slow'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests
- name: Run Core Tests
id: run-core-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['core'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests
- name: Run Flaky Tests
id: run-flaky-tests
if: ${{ fromJSON(inputs.testrun)['selected_tests']['flaky'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --flaky-jail
- name: Run Full Tests
id: run-full-tests
if: ${{ fromJSON(inputs.testrun)['type'] == 'full' }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
-E TEST_GROUP ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} -- --slow-tests --core-tests \
--test-group-count=${{ matrix.test-group-count || 1 }} --test-group=${{ matrix.test-group || 1 }}
- name: Combine Coverage Reports
if: always() && inputs.skip-code-coverage == false && steps.spin-up-vm.outcome == 'success'
run: |
tools --timestamps vm combine-coverage ${{ inputs.distro-slug }}
- name: Download Test Run Artifacts
id: download-artifacts-from-vm
if: always() && steps.spin-up-vm.outcome == 'success'
run: |
tools --timestamps vm download-artifacts ${{ inputs.distro-slug }}
# Delete the salt onedir, we won't need it anymore and it will prevent
# from it showing in the tree command below
rm -rf artifacts/salt*
tree -a artifacts
if [ "${{ inputs.skip-code-coverage }}" != "true" ]; then
mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ inputs.nox-session }}.${{ matrix.transport }}.${{ matrix.tests-chunk }}.grp${{ matrix.test-group || '1' }}
fi
- name: Destroy VM
if: always()
run: |
tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true
- name: Upload Code Coverage Test Run Artifacts
if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled'
uses: actions/upload-artifact@v3
with:
name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: |
artifacts/coverage/
- name: Upload JUnit XML Test Run Artifacts
if: always() && steps.download-artifacts-from-vm.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
path: |
artifacts/xml-unittests-output/
- name: Upload Test Run Log Artifacts
if: always() && steps.download-artifacts-from-vm.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ matrix.transport }}
path: |
artifacts/logs
- name: Publish Test Report
uses: mikepenz/action-junit-report@v3
# always run even if the previous steps fails
if: always() && inputs.skip-junit-reports == false && job.status != 'cancelled'
with:
check_name: Test Results(${{ inputs.distro-slug }}, transport=${{ matrix.transport }}, tests-chunk=${{ matrix.tests-chunk }}, group=${{ matrix.test-group || '1' }})
report_paths: 'artifacts/xml-unittests-output/*.xml'
annotate_only: true
report:
name: Test Reports
if: always() && inputs.skip-code-coverage == false && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
runs-on: ubuntu-latest
needs:
- test
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Download Code Coverage Test Run Artifacts
uses: actions/download-artifact@v3
if: ${{ inputs.skip-code-coverage == false }}
id: download-coverage-artifacts
with:
name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ inputs.nox-session }}
path: artifacts/coverage/
- name: Show Downloaded Test Run Artifacts
run: |
tree -a artifacts
- name: Install Nox
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Create XML Coverage Reports
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' && job.status != 'cancelled'
run: |
nox --force-color -e create-xml-coverage-reports
mv artifacts/coverage/salt.xml artifacts/coverage/salt..${{ inputs.distro-slug }}..${{ inputs.nox-session }}.xml
mv artifacts/coverage/tests.xml artifacts/coverage/tests..${{ inputs.distro-slug }}..${{ inputs.nox-session }}.xml
- name: Report Salt Code Coverage
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
continue-on-error: true
run: |
nox --force-color -e report-coverage -- salt
- name: Report Combined Code Coverage
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
continue-on-error: true
run: |
nox --force-color -e report-coverage
- name: Rename Code Coverage DB
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
continue-on-error: true
run: |
mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ inputs.nox-session }}
- name: Upload Code Coverage DB
if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: all-testrun-coverage-artifacts
path: artifacts/coverage

65
.github/workflows/test-package-downloads-action.yml vendored
View file

@ -23,6 +23,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -131,17 +135,20 @@ jobs:
- distro-slug: debian-10
arch: x86_64
pkg-type: package
- distro-slug: debian-10-arm64
arch: arm64
pkg-type: package
- distro-slug: debian-11
arch: x86_64
pkg-type: package
- distro-slug: debian-11-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: debian-12
arch: x86_64
pkg-type: package
- distro-slug: debian-12-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: fedora-37
arch: x86_64
@ -192,20 +199,26 @@ jobs:
arch: x86_64
pkg-type: package
- distro-slug: ubuntu-20.04-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: ubuntu-22.04
arch: x86_64
pkg-type: package
- distro-slug: ubuntu-22.04-arm64
arch: aarch64
pkg-type: package
- distro-slug: ubuntu-22.04
arch: x86_64
pkg-type: onedir
- distro-slug: ubuntu-22.04-arm64
arch: aarch64
arch: arm64
pkg-type: package
- distro-slug: ubuntu-22.04-arm64
arch: arm64
pkg-type: onedir
- distro-slug: ubuntu-23.04
arch: x86_64
pkg-type: package
- distro-slug: ubuntu-23.04-arm64
arch: arm64
pkg-type: package
steps:
@ -220,7 +233,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -228,15 +241,13 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
@ -445,7 +456,7 @@ jobs:
arch: arm64
pkg-type: package
- distro-slug: macos-13-xlarge
arch: aarch64
arch: arm64
pkg-type: onedir
steps:
@ -461,7 +472,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
path: artifacts/
- name: Install System Dependencies
@ -473,10 +484,10 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-macos-${{ matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
update-environment: true
@ -485,19 +496,17 @@ jobs:
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ matrix.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ matrix.arch }}
- name: Show System Info & Test Plan
env:
@ -692,13 +701,11 @@ jobs:
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.windows.${{ matrix.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.windows.${{ matrix.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true

19
.github/workflows/test-packages-action.yml → .github/workflows/test-packages-action-linux.yml vendored
View file

@ -35,6 +35,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -78,6 +82,8 @@ jobs:
generate-matrix:
name: Generate Matrix
runs-on:
# We need to run on our self-hosted runners because we need proper credentials
# for boto3 to scan through our repositories.
- self-hosted
- linux
- x86_64
@ -152,13 +158,11 @@ jobs:
run: |
tree artifacts/pkg/
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.linux.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.linux.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|linux|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
@ -236,10 +240,7 @@ jobs:
report:
name: Report
runs-on:
- self-hosted
- linux
- x86_64
runs-on: ubuntu-latest
if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
needs:
- test

22
.github/workflows/test-packages-action-macos.yml vendored
View file

@ -35,6 +35,10 @@ on:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
@ -71,6 +75,8 @@ jobs:
generate-matrix:
name: Generate Matrix
runs-on:
# We need to run on our self-hosted runners because we need proper credentials
# for boto3 to scan through our repositories.
- self-hosted
- linux
- x86_64
@ -146,7 +152,7 @@ jobs:
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
@ -154,19 +160,17 @@ jobs:
run: |
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
- name: Download cached nox.macos.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
path: nox.macos.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|macos|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Decompress .nox Directory
run: |
nox --force-color -e decompress-dependencies -- ${{ inputs.distro-slug }}
nox --force-color -e decompress-dependencies -- macos ${{ inputs.arch }}
- name: Show System Info & Test Plan
env:
@ -220,7 +224,7 @@ jobs:
report:
name: Report
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
needs:
- test
@ -247,7 +251,7 @@ jobs:
tree -a artifacts
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"

276
.github/workflows/test-packages-action-windows.yml vendored Normal file
View file

@ -0,0 +1,276 @@
name: Test Artifact
on:
workflow_call:
inputs:
distro-slug:
required: true
type: string
description: The OS slug to run tests against
platform:
required: true
type: string
description: The platform being tested
arch:
required: true
type: string
description: The platform arch being tested
pkg-type:
required: true
type: string
description: The platform arch being tested
salt-version:
type: string
required: true
description: The Salt version of the packages to install and test
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
testing-releases:
required: true
type: string
description: A JSON list of releases to test upgrades against
nox-version:
required: true
type: string
description: The nox version to install
nox-archive-hash:
required: true
type: string
description: Nox Tarball Cache Hash
python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
fips:
required: false
type: boolean
default: false
description: Test run with FIPS enabled
package-name:
required: false
type: string
description: The onedir package name to use
default: salt
nox-session:
required: false
type: string
description: The nox session to run
default: ci-test-onedir
skip-code-coverage:
required: false
type: boolean
description: Skip code coverage
default: false
skip-junit-reports:
required: false
type: boolean
description: Skip Publishing JUnit Reports
default: false
env:
COLUMNS: 190
AWS_MAX_ATTEMPTS: "10"
AWS_RETRY_MODE: "adaptive"
PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
PIP_EXTRA_INDEX_URL: https://pypi.org/simple
jobs:
generate-matrix:
name: Generate Matrix
runs-on:
# We need to run on our self-hosted runners because we need proper credentials
# for boto3 to scan through our repositories.
- self-hosted
- linux
- x86_64
outputs:
pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(shuf -i 1-30 -n 1); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Package Test Matrix
id: generate-pkg-matrix
run: |
tools ci pkg-matrix ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ inputs.pkg-type }} --testing-releases ${{ join(fromJSON(inputs.testing-releases), ' ') }}
test:
name: Test
runs-on:
- self-hosted
- linux
- bastion
timeout-minutes: 120 # 2 Hours - More than this and something is wrong
needs:
- generate-matrix
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
t=$(python3 -c 'import random, sys; sys.stdout.write(str(random.randint(1, 15)))'); echo "Sleeping $t seconds"; sleep "$t"
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Download Packages
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-${{ inputs.arch }}-${{ inputs.pkg-type }}
path: artifacts/pkg/
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
shell: bash
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: List Packages
run: |
tree artifacts/pkg/
- name: Download cached nox.windows.${{ inputs.arch }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3.3.1
with:
path: nox.windows.${{ inputs.arch }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|windows|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{ inputs.nox-archive-hash }}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Start VM
id: spin-up-vm
run: |
tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }}
- name: List Free Space
run: |
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true
- name: Upload Checkout To VM
run: |
tools --timestamps vm rsync ${{ inputs.distro-slug }}
- name: Decompress .nox Directory
run: |
tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }}
- name: Downgrade importlib-metadata
if: ${{ contains(fromJSON('["amazonlinux-2", "centos-7", "debian-10"]'), inputs.distro-slug) && contains(fromJSON('["upgrade-classic", "downgrade-classic"]'), matrix.tests-chunk) }}
run: |
# This step can go away once we stop testing classic packages upgrade/downgrades to/from 3005.x
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- "sudo python3 -m pip install -U 'importlib-metadata<=4.13.0' 'virtualenv<=20.21.1'"
- name: Show System Info & Test Plan
run: |
tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \
--nox-session=${{ inputs.nox-session }}-pkgs ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Run Package Tests
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install ${{ matrix.fips && '--fips ' || '' }}\
--nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Download Test Run Artifacts
id: download-artifacts-from-vm
if: always() && steps.spin-up-vm.outcome == 'success'
run: |
tools --timestamps vm download-artifacts ${{ inputs.distro-slug }}
# Delete the salt onedir, we won't need it anymore and it will prevent
# from it showing in the tree command below
rm -rf artifacts/salt*
tree -a artifacts
- name: Destroy VM
if: always()
run: |
tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true
- name: Upload Test Run Artifacts
if: always() && steps.download-artifacts-from-vm.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: |
artifacts
!artifacts/pkg/*
!artifacts/salt/*
!artifacts/salt-*.tar.*
report:
name: Report
runs-on: ubuntu-latest
if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped'
needs:
- test
- generate-matrix
strategy:
fail-fast: false
matrix:
include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }}
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
- name: Download Test Run Artifacts
id: download-test-run-artifacts
uses: actions/download-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: artifacts
- name: Show Test Run Artifacts
if: always() && steps.download-test-run-artifacts.outcome == 'success'
run: |
tree -a artifacts
- name: Publish Test Report
uses: mikepenz/action-junit-report@v3
# always run even if the previous steps fails
if: always() && inputs.skip-junit-reports == false && steps.download-test-run-artifacts.outcome == 'success'
with:
check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.tests-chunk }})
report_paths: 'artifacts/xml-unittests-output/*.xml'
annotate_only: true

4
.github/workflows/triage.yml vendored
View file

@ -22,13 +22,13 @@ jobs:
issues: write
pull-requests: read # for dawidd6/action-download-artifact to query commit hash
name: Triage New Issue
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: 3.8

172
CHANGELOG.md
View file

@ -7,6 +7,178 @@ Versions are `MAJOR.PATCH`.
# Changelog
## 3007.0rc1 (2024-01-02)
### Removed
- Removed RHEL 5 support since long since end-of-lifed [#62520](https://github.com/saltstack/salt/issues/62520)
- Removing Azure-Cloud modules from the code base. [#64322](https://github.com/saltstack/salt/issues/64322)
- Dropped Python 3.7 support since it's EOL in 27 Jun 2023 [#64417](https://github.com/saltstack/salt/issues/64417)
- Remove salt.payload.Serial [#64459](https://github.com/saltstack/salt/issues/64459)
- Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod [#64460](https://github.com/saltstack/salt/issues/64460)
- Removed 'transport' arg from salt.utils.event.get_event [#64461](https://github.com/saltstack/salt/issues/64461)
- Removed the usage of retired Linode API v3 from Salt Cloud [#64517](https://github.com/saltstack/salt/issues/64517)
### Deprecated
- Deprecate all Proxmox cloud modules [#64224](https://github.com/saltstack/salt/issues/64224)
- Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. [#64893](https://github.com/saltstack/salt/issues/64893)
- Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. [#64894](https://github.com/saltstack/salt/issues/64894)
- Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. [#64896](https://github.com/saltstack/salt/issues/64896)
- Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. [#64909](https://github.com/saltstack/salt/issues/64909)
- Deprecation warning for Salt's backport of ``OrderedDict`` class which will be removed in 3009 [#65542](https://github.com/saltstack/salt/issues/65542)
- Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 [#65565](https://github.com/saltstack/salt/issues/65565)
- Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 [#65567](https://github.com/saltstack/salt/issues/65567)
### Changed
- Masquerade property will not default to false turning off masquerade if not specified. [#53120](https://github.com/saltstack/salt/issues/53120)
- Addressed Python 3.11 deprecations:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stopped using the deprecated `cgi` module.
* Stopped using the deprecated `pipes` module
* Stopped using the deprecated `imp` module [#64457](https://github.com/saltstack/salt/issues/64457)
- changed 'gpg_decrypt_must_succeed' default from False to True [#64462](https://github.com/saltstack/salt/issues/64462)
### Fixed
- When an NFS or FUSE mount fails to unmount when mount options have changed, try again with a lazy umount before mounting again. [#18907](https://github.com/saltstack/salt/issues/18907)
- fix autoaccept gpg keys by supporting it in refresh_db module [#42039](https://github.com/saltstack/salt/issues/42039)
- Made cmd.script work with files from the fileserver via salt-ssh [#48067](https://github.com/saltstack/salt/issues/48067)
- Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
- Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
- Fix extfs.mkfs missing parameter handling for -C, -d, and -e [#51858](https://github.com/saltstack/salt/issues/51858)
- Fixed Salt master does not renew token [#51986](https://github.com/saltstack/salt/issues/51986)
- Fixed salt-ssh continues state/pillar rendering with incorrect data when an exception is raised by a module on the target [#52452](https://github.com/saltstack/salt/issues/52452)
- Fix extfs.tune has 'reserved' documented twice and is missing the 'reserved_percentage' keyword argument [#54426](https://github.com/saltstack/salt/issues/54426)
- Fix the ability of the 'selinux.port_policy_present' state to modify. [#55687](https://github.com/saltstack/salt/issues/55687)
- Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
- Removed an unused assignment in file.patch [#57204](https://github.com/saltstack/salt/issues/57204)
- Fixed vault module fetching more than one secret in one run with single-use tokens [#57561](https://github.com/saltstack/salt/issues/57561)
- Use brew path from which in mac_brew_pkg module and rely on _homebrew_bin() everytime [#57946](https://github.com/saltstack/salt/issues/57946)
- Fixed Vault verify option to work on minions when only specified in master config [#58174](https://github.com/saltstack/salt/issues/58174)
- Fixed vault command errors configured locally [#58580](https://github.com/saltstack/salt/issues/58580)
- Fixed issue with basic auth causing invalid header error and 401 Bad Request, by using HTTPBasicAuthHandler instead of header. [#58936](https://github.com/saltstack/salt/issues/58936)
- Make the LXD module work with pyLXD > 2.10 [#59514](https://github.com/saltstack/salt/issues/59514)
- Return error if patch file passed to state file.patch is malformed. [#59806](https://github.com/saltstack/salt/issues/59806)
- Handle failure and error information from tuned module/state [#60500](https://github.com/saltstack/salt/issues/60500)
- Fixed sdb.get_or_set_hash with Vault single-use tokens [#60779](https://github.com/saltstack/salt/issues/60779)
- Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
- Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
- Allow all primitive grain types for autosign_grains [#61416](https://github.com/saltstack/salt/issues/61416), [#63708](https://github.com/saltstack/salt/issues/63708)
- `ipset.new_set` no longer fails when creating a set type that uses the `family` create option [#61620](https://github.com/saltstack/salt/issues/61620)
- Fixed Vault session storage to allow unlimited use tokens [#62380](https://github.com/saltstack/salt/issues/62380)
- fix the efi grain on FreeBSD [#63052](https://github.com/saltstack/salt/issues/63052)
- Fixed gpg.receive_keys returns success on failed import [#63144](https://github.com/saltstack/salt/issues/63144)
- Fixed GPG state module always reports success without changes [#63153](https://github.com/saltstack/salt/issues/63153)
- Fixed GPG state module does not respect test mode [#63156](https://github.com/saltstack/salt/issues/63156)
- Fixed gpg.absent with gnupghome/user, fixed gpg.delete_key with gnupghome [#63159](https://github.com/saltstack/salt/issues/63159)
- Fixed service module does not handle enable/disable if systemd service is an alias [#63214](https://github.com/saltstack/salt/issues/63214)
- Made x509_v2 compound match detection use new runner instead of peer publishing [#63278](https://github.com/saltstack/salt/issues/63278)
- Need to make sure we update __pillar__ during a pillar refresh to ensure that process_beacons has the updated beacons loaded from pillar. [#63583](https://github.com/saltstack/salt/issues/63583)
- This implements the vpc_uuid parameter when creating a droplet. This parameter selects the correct virtual private cloud (private network interface). [#63714](https://github.com/saltstack/salt/issues/63714)
- pkg.installed no longer reports failure when installing packages that are installed via the task manager [#63767](https://github.com/saltstack/salt/issues/63767)
- mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
- Fix aptpkg.latest_version performance, reducing number of times to 'shell out' [#63982](https://github.com/saltstack/salt/issues/63982)
- Added option to use a fresh connection for mysql cache [#63991](https://github.com/saltstack/salt/issues/63991)
- [lxd] Fixed a bug in `container_create` which prevented devices which are not of type `disk` to be correctly created and added to the container when passed via the `devices` parameter. [#63996](https://github.com/saltstack/salt/issues/63996)
- Skipped the `isfile` check to greatly increase speed of reading minion keys for systems with a large number of minions on slow file storage [#64260](https://github.com/saltstack/salt/issues/64260)
- Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
- Upgade tornado to 6.3.2 [#64305](https://github.com/saltstack/salt/issues/64305)
- Prevent errors due missing 'transactional_update.apply' on SLE Micro and MicroOS. [#64369](https://github.com/saltstack/salt/issues/64369)
- Fix 'unable to unmount' failure to return False result instead of None [#64420](https://github.com/saltstack/salt/issues/64420)
- Fixed issue uninstalling duplicate packages in ``win_appx`` execution module [#64450](https://github.com/saltstack/salt/issues/64450)
- Clean up tech debt, IPC now uses tcp transport. [#64488](https://github.com/saltstack/salt/issues/64488)
- Made salt-ssh more strict when handling unexpected situations and state.* wrappers treat a remote exception as failure, excluded salt-ssh error returns from mine [#64531](https://github.com/saltstack/salt/issues/64531)
- Fix flaky test for LazyLoader with isolated mocking of threading.RLock [#64567](https://github.com/saltstack/salt/issues/64567)
- Fix possible `KeyError` exceptions in `salt.utils.user.get_group_dict`
while reading improper duplicated GID assigned for the user. [#64599](https://github.com/saltstack/salt/issues/64599)
- changed vm_config() to deep-merge vm_overrides of specific VM, instead of simple-merging the whole vm_overrides [#64610](https://github.com/saltstack/salt/issues/64610)
- Fix the way Salt tries to get the Homebrew's prefix
The first attempt to get the Homebrew's prefix is to look for
the `HOMEBREW_PREFIX` environment variable. If it's not set, then
Salt tries to get the prefix from the `brew` command. However, the
`brew` command can fail. So a last attempt is made to get the
prefix by guessing the installation path. [#64924](https://github.com/saltstack/salt/issues/64924)
- Add missing MySQL Grant SERVICE_CONNECTION_ADMIN to mysql module. [#64934](https://github.com/saltstack/salt/issues/64934)
- Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
- Keep track when an included file only includes sls files but is a requisite. [#65080](https://github.com/saltstack/salt/issues/65080)
- Fixed `gpg.present` succeeds when the keyserver is unreachable [#65169](https://github.com/saltstack/salt/issues/65169)
- Fix issue with openscap when the error was outside the expected scope. It now
returns failed with the error code and the error [#65193](https://github.com/saltstack/salt/issues/65193)
- Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
- Dereference symlinks to set proper __cli opt [#65435](https://github.com/saltstack/salt/issues/65435)
- Made salt-ssh merge master top returns for the same environment [#65480](https://github.com/saltstack/salt/issues/65480)
- Account for situation where the metadata grain fails because the AWS environment requires an authentication token to query the metadata URL. [#65513](https://github.com/saltstack/salt/issues/65513)
- Improve the condition of overriding target for pip with VENV_PIP_TARGET environment variable. [#65562](https://github.com/saltstack/salt/issues/65562)
- Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
- Include changes in the results when schedule.present state is run with test=True. [#65652](https://github.com/saltstack/salt/issues/65652)
- Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when called via saltutil.cmd or in an orchestration [#65670](https://github.com/saltstack/salt/issues/65670)
- Fix extfs.tune doesn't pass retcode to module.run [#65686](https://github.com/saltstack/salt/issues/65686)
- Fix boto execution module loading [#65691](https://github.com/saltstack/salt/issues/65691)
- Removed PR 65185 changes since incomplete solution [#65692](https://github.com/saltstack/salt/issues/65692)
- Return an error message when the DNS plugin is not supported [#65739](https://github.com/saltstack/salt/issues/65739)
### Added
- Allowed publishing to regular minions from the SSH wrapper [#40943](https://github.com/saltstack/salt/issues/40943)
- Added syncing of custom salt-ssh wrappers [#45450](https://github.com/saltstack/salt/issues/45450)
- Made salt-ssh sync custom utils [#53666](https://github.com/saltstack/salt/issues/53666)
- Add ability to use file.managed style check_cmd in file.serialize [#53982](https://github.com/saltstack/salt/issues/53982)
- Revised use of deprecated net-tools and added support for ip neighbour with IPv4 ip_neighs, IPv6 ip_neighs6 [#57541](https://github.com/saltstack/salt/issues/57541)
- Added password support to Redis returner. [#58044](https://github.com/saltstack/salt/issues/58044)
- Added keyring param to gpg modules [#59783](https://github.com/saltstack/salt/issues/59783)
- Added new grain to detect the Salt package type: onedir, pip or system [#62589](https://github.com/saltstack/salt/issues/62589)
- Added Vault AppRole and identity issuance to minions [#62823](https://github.com/saltstack/salt/issues/62823)
- Added Vault AppRole auth mount path configuration option [#62825](https://github.com/saltstack/salt/issues/62825)
- Added distribution of Vault authentication details via response wrapping [#62828](https://github.com/saltstack/salt/issues/62828)
- Add salt package type information. Either onedir, pip or system. [#62961](https://github.com/saltstack/salt/issues/62961)
- Added signature verification to file.managed/archive.extracted [#63143](https://github.com/saltstack/salt/issues/63143)
- Added signed_by_any/signed_by_all parameters to gpg.verify [#63166](https://github.com/saltstack/salt/issues/63166)
- Added match runner [#63278](https://github.com/saltstack/salt/issues/63278)
- Added Vault token lifecycle management [#63406](https://github.com/saltstack/salt/issues/63406)
- adding new call for openscap xccdf eval supporting new parameters [#63416](https://github.com/saltstack/salt/issues/63416)
- Added Vault lease management utility [#63440](https://github.com/saltstack/salt/issues/63440)
- implement removal of ptf packages in zypper pkg module [#63442](https://github.com/saltstack/salt/issues/63442)
- add JUnit output for saltcheck [#63463](https://github.com/saltstack/salt/issues/63463)
- Add ability for file.keyvalue to create a file if it doesn't exist [#63545](https://github.com/saltstack/salt/issues/63545)
- added cleanup of temporary mountpoint dir for macpackage installed state [#63905](https://github.com/saltstack/salt/issues/63905)
- Add pkg.installed show installable version in test mode [#63985](https://github.com/saltstack/salt/issues/63985)
- Added patch option to Vault SDB driver [#64096](https://github.com/saltstack/salt/issues/64096)
- Added flags to create local users and groups [#64256](https://github.com/saltstack/salt/issues/64256)
- Added inline specification of trusted CA root certificate for Vault [#64379](https://github.com/saltstack/salt/issues/64379)
- Add ability to return False result in test mode of configurable_test_state [#64418](https://github.com/saltstack/salt/issues/64418)
- Switched Salt's onedir Python version to 3.11 [#64457](https://github.com/saltstack/salt/issues/64457)
- Added support for dnf5 and its new command syntax [#64532](https://github.com/saltstack/salt/issues/64532)
- Adding a new decorator to indicate when a module is deprecated in favor of a Salt extension. [#64569](https://github.com/saltstack/salt/issues/64569)
- Add jq-esque to_entries and from_entries functions [#64600](https://github.com/saltstack/salt/issues/64600)
- Added ability to use PYTHONWARNINGS=ignore to silence deprecation warnings. [#64660](https://github.com/saltstack/salt/issues/64660)
- Add follow_symlinks to file.symlink exec module to switch to os.path.lexists when False [#64665](https://github.com/saltstack/salt/issues/64665)
- Added win_appx state and execution modules for managing Microsoft Store apps and deprovisioning them from systems [#64978](https://github.com/saltstack/salt/issues/64978)
- Add support for show_jid to salt-run
Adds support for show_jid master config option to salt-run, so its behaviour matches the salt cli command. [#65008](https://github.com/saltstack/salt/issues/65008)
- Add ability to remove packages by wildcard via apt execution module [#65220](https://github.com/saltstack/salt/issues/65220)
- Added support for master top modules on masterless minions [#65479](https://github.com/saltstack/salt/issues/65479)
- Allowed accessing the regular mine from the SSH wrapper [#65645](https://github.com/saltstack/salt/issues/65645)
- Allow enabling backup for Linode in Salt Cloud [#65697](https://github.com/saltstack/salt/issues/65697)
- Add a backup schedule setter fFunction for Linode VMs [#65713](https://github.com/saltstack/salt/issues/65713)
- Add acme support for manual plugin hooks [#65744](https://github.com/saltstack/salt/issues/65744)
### Security
- Upgrade to `tornado>=6.3.3` due to https://github.com/advisories/GHSA-qppv-j76h-2rpx [#64989](https://github.com/saltstack/salt/issues/64989)
- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65137](https://github.com/saltstack/salt/issues/65137)
## 3006.5 (2023-12-12)

1
changelog/48067.fixed.md Normal file
View file

@ -0,0 +1 @@
Made cmd.script work with files from the fileserver via salt-ssh

1
changelog/50196.fixed.md Normal file
View file

@ -0,0 +1 @@
Made slsutil.renderer work with salt-ssh

1
changelog/51605.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed defaults.merge is not available when using salt-ssh

1
changelog/56441.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed config.get does not support merge option with salt-ssh

1
changelog/61100.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed state.test does not work with salt-ssh

1
changelog/61143.fixed.md Normal file
View file

@ -0,0 +1 @@
Made slsutil.findup work with salt-ssh

1
changelog/63063.fixed.md Normal file
View file

@ -0,0 +1 @@
Corrected encoding of credentials for use with Artifactory

1
changelog/65067.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed slsutil.update with salt-ssh during template rendering

1
changelog/65630.fixed.md Normal file
View file

@ -0,0 +1 @@
Added SSH wrapper for logmod

1
changelog/65752.fixed.md Normal file
View file

@ -0,0 +1 @@
Fix nonsensical time in fileclient timeout error.

1
changelog/65759.fixed.md Normal file
View file

@ -0,0 +1 @@
Fix un-closed transport in tornado netapi

2
cicd/shared-gh-workflows-context.yml
View file

@ -1,6 +1,6 @@
nox_version: "2022.8.7"
python_version: "3.10.13"
relenv_version: "0.14.2"
release-branches:
release_branches:
- "3006.x"
- "3007.x"

4
doc/man/salt-api.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-API" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-API" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-api \- salt-api Command
.sp
@ -109,6 +109,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-call.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CALL" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-CALL" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-call \- salt-call Documentation
.SH SYNOPSIS
@ -262,6 +262,6 @@ output. Set to True or False. Default: none.
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-cloud.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CLOUD" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-CLOUD" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-cloud \- Salt Cloud Command
.sp
@ -380,6 +380,6 @@ salt\-cloud \-m /path/to/cloud.map \-Q
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-cp.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CP" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-CP" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-cp \- salt-cp Documentation
.sp
@ -207,6 +207,6 @@ New in version 2016.3.7,2016.11.6,2017.7.0.
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-key.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-KEY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-KEY" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-key \- salt-key Documentation
.SH SYNOPSIS
@ -332,6 +332,6 @@ Auto\-create a signing key\-pair if it does not yet exist
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-master.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MASTER" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-MASTER" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-master \- salt-master Documentation
.sp
@ -114,6 +114,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-minion.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MINION" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-MINION" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-minion \- salt-minion Documentation
.sp
@ -115,6 +115,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-proxy.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-PROXY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-PROXY" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-proxy \- salt-proxy Documentation
.sp
@ -123,6 +123,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-run.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-RUN" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-RUN" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-run \- salt-run Documentation
.sp
@ -120,6 +120,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-ssh.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SSH" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-SSH" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-ssh \- salt-ssh Documentation
.SH SYNOPSIS
@ -365,6 +365,6 @@ to a JSON parser, use \fB\-\-static\fP as well.
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt-syndic.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SYNDIC" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-SYNDIC" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt-syndic \- salt-syndic Documentation
.sp
@ -116,6 +116,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

4
doc/man/salt.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
salt \- salt
.SH SYNOPSIS
@ -354,6 +354,6 @@ to a JSON parser, use \fB\-\-static\fP as well.
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

31231
doc/man/salt.7
View file

File diff suppressed because it is too large Load diff

4
doc/man/spm.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SPM" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SPM" "1" "Generated on January 02, 2024 at 09:39:27 PM UTC." "3007.0" "Salt"
.SH NAME
spm \- Salt Package Manager Command
.sp
@ -138,6 +138,6 @@ in that directory which describes them.
.SH AUTHOR
Thomas S. Hatch <thatch45@gmail.com> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.

250
doc/topics/releases/3007.0.md Normal file
View file

@ -0,0 +1,250 @@
(release-3007.0)=
# Salt 3007.0 release notes
<!---
Do not edit this file. This is auto generated.
Edit the templates in doc/topics/releases/templates/
for a given release.
-->
<!--
Add release specific details below
-->
## Salt's ``setup.py`` customizations
> :warning: **Deprecation Notice**: <br>
In Salt 3009, the ``setup.py`` file will be stripped of it's custom additions and migrated to a plain ``pyproject.toml`` python package
or whatever is found best during the process of removing the customizations. <br>
**If you're relying on these customizations please stop as your workflow will break in the future**.
## Python 3.7 Support Dropped
Support for python 3.7 has been dropped since it reached end-of-line in 27 Jun 2023.
## Azure Salt Extension
Starting from Salt version 3007.0, the Azure functionality previously available in the Salt code base is fully removed. To continue using Salt's features for interacting with Azure resources, users are required to utilize the Azure Salt extension. For more information, refer to the [Azure Salt Extension GitHub repository](https://github.com/salt-extensions/saltext-azurerm).
## New Package Grain
A new ``package`` grain was added in 3007.0 This detects how Salt was installed using the ``_pkg.txt`` in the root of
the directory. If you are building packages of Salt you need to ensure this file is set to the correct package type
that you are building. The options are ``pip``, ``onedir``, or ``system``. By default this file is already set to ``pip``.
## Improved Vault integration
This release features a much deeper integration with HashiCorp Vault, for which
many parts of the implementation core were improved. Among other things, the Salt
daemons now attempt to renew/revoke their access tokens and can manage long-lived leases,
while the Salt master now distributes authentication secrets using response wrapping.
An important new feature concerns the way Vault policies can be managed.
In versions before 3006, the Salt master only issued tokens to minions, whose policies
could be templated with the minion ID and (insecure) grain values.
3006 introduced secure templating of those policies with pillar values, as well as
templating of Vault external pillar paths with pillar values. These improvements reduced the
overhead of managing Vault policies securely.
In addition, the Salt master can now be configured to issue AppRoles
to minions and manage their metadata using a similar templating approach.
Since this metadata can be taken advantage of in templated policies on the Vault side,
the need for many boilerplate policies is reduced even further:
```vaultpolicy
path "salt/data/minions/{{identity.entity.metadata.minion-id}}" {
capabilities = ["create", "read", "write", "delete", "patch"]
}
path "salt/data/roles/{{identity.entity.metadata.role}}" {
capabilities = ["read"]
}
```
Although existing configurations will keep working without intervention after upgrading
the Salt master, it is strongly recommended to adjust the `peer_run` configuration to
include the new issuance endpoints in order to avoid unnecessary overhead:
```yaml
peer_run:
.*:
- vault.get_config
- vault.generate_new_token
```
Please see the [Vault execution module docs](https://docs.saltproject.io/en/3007.0/ref/modules/all/salt.modules.vault.html) for
details and setup instructions regarding AppRole issuance.
Note: The Vault modules are being moved to a [Salt extension](https://github.com/salt-extensions/saltext-vault),
but this improvement has still been merged into core for a smoother transition.
<!--
Do not edit the changelog below.
This is auto generated
-->
## Changelog
### Removed
- Removed RHEL 5 support since long since end-of-lifed [#62520](https://github.com/saltstack/salt/issues/62520)
- Removing Azure-Cloud modules from the code base. [#64322](https://github.com/saltstack/salt/issues/64322)
- Dropped Python 3.7 support since it's EOL in 27 Jun 2023 [#64417](https://github.com/saltstack/salt/issues/64417)
- Remove salt.payload.Serial [#64459](https://github.com/saltstack/salt/issues/64459)
- Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod [#64460](https://github.com/saltstack/salt/issues/64460)
- Removed 'transport' arg from salt.utils.event.get_event [#64461](https://github.com/saltstack/salt/issues/64461)
- Removed the usage of retired Linode API v3 from Salt Cloud [#64517](https://github.com/saltstack/salt/issues/64517)
### Deprecated
- Deprecate all Proxmox cloud modules [#64224](https://github.com/saltstack/salt/issues/64224)
- Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. [#64893](https://github.com/saltstack/salt/issues/64893)
- Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. [#64894](https://github.com/saltstack/salt/issues/64894)
- Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. [#64896](https://github.com/saltstack/salt/issues/64896)
- Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. [#64909](https://github.com/saltstack/salt/issues/64909)
- Deprecation warning for Salt's backport of ``OrderedDict`` class which will be removed in 3009 [#65542](https://github.com/saltstack/salt/issues/65542)
- Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 [#65565](https://github.com/saltstack/salt/issues/65565)
- Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 [#65567](https://github.com/saltstack/salt/issues/65567)
### Changed
- Masquerade property will not default to false turning off masquerade if not specified. [#53120](https://github.com/saltstack/salt/issues/53120)
- Addressed Python 3.11 deprecations:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stopped using the deprecated `cgi` module.
* Stopped using the deprecated `pipes` module
* Stopped using the deprecated `imp` module [#64457](https://github.com/saltstack/salt/issues/64457)
- changed 'gpg_decrypt_must_succeed' default from False to True [#64462](https://github.com/saltstack/salt/issues/64462)
### Fixed
- When an NFS or FUSE mount fails to unmount when mount options have changed, try again with a lazy umount before mounting again. [#18907](https://github.com/saltstack/salt/issues/18907)
- fix autoaccept gpg keys by supporting it in refresh_db module [#42039](https://github.com/saltstack/salt/issues/42039)
- Made cmd.script work with files from the fileserver via salt-ssh [#48067](https://github.com/saltstack/salt/issues/48067)
- Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
- Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
- Fix extfs.mkfs missing parameter handling for -C, -d, and -e [#51858](https://github.com/saltstack/salt/issues/51858)
- Fixed Salt master does not renew token [#51986](https://github.com/saltstack/salt/issues/51986)
- Fixed salt-ssh continues state/pillar rendering with incorrect data when an exception is raised by a module on the target [#52452](https://github.com/saltstack/salt/issues/52452)
- Fix extfs.tune has 'reserved' documented twice and is missing the 'reserved_percentage' keyword argument [#54426](https://github.com/saltstack/salt/issues/54426)
- Fix the ability of the 'selinux.port_policy_present' state to modify. [#55687](https://github.com/saltstack/salt/issues/55687)
- Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
- Removed an unused assignment in file.patch [#57204](https://github.com/saltstack/salt/issues/57204)
- Fixed vault module fetching more than one secret in one run with single-use tokens [#57561](https://github.com/saltstack/salt/issues/57561)
- Use brew path from which in mac_brew_pkg module and rely on _homebrew_bin() everytime [#57946](https://github.com/saltstack/salt/issues/57946)
- Fixed Vault verify option to work on minions when only specified in master config [#58174](https://github.com/saltstack/salt/issues/58174)
- Fixed vault command errors configured locally [#58580](https://github.com/saltstack/salt/issues/58580)
- Fixed issue with basic auth causing invalid header error and 401 Bad Request, by using HTTPBasicAuthHandler instead of header. [#58936](https://github.com/saltstack/salt/issues/58936)
- Make the LXD module work with pyLXD > 2.10 [#59514](https://github.com/saltstack/salt/issues/59514)
- Return error if patch file passed to state file.patch is malformed. [#59806](https://github.com/saltstack/salt/issues/59806)
- Handle failure and error information from tuned module/state [#60500](https://github.com/saltstack/salt/issues/60500)
- Fixed sdb.get_or_set_hash with Vault single-use tokens [#60779](https://github.com/saltstack/salt/issues/60779)
- Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
- Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
- Allow all primitive grain types for autosign_grains [#61416](https://github.com/saltstack/salt/issues/61416), [#63708](https://github.com/saltstack/salt/issues/63708)
- `ipset.new_set` no longer fails when creating a set type that uses the `family` create option [#61620](https://github.com/saltstack/salt/issues/61620)
- Fixed Vault session storage to allow unlimited use tokens [#62380](https://github.com/saltstack/salt/issues/62380)
- fix the efi grain on FreeBSD [#63052](https://github.com/saltstack/salt/issues/63052)
- Fixed gpg.receive_keys returns success on failed import [#63144](https://github.com/saltstack/salt/issues/63144)
- Fixed GPG state module always reports success without changes [#63153](https://github.com/saltstack/salt/issues/63153)
- Fixed GPG state module does not respect test mode [#63156](https://github.com/saltstack/salt/issues/63156)
- Fixed gpg.absent with gnupghome/user, fixed gpg.delete_key with gnupghome [#63159](https://github.com/saltstack/salt/issues/63159)
- Fixed service module does not handle enable/disable if systemd service is an alias [#63214](https://github.com/saltstack/salt/issues/63214)
- Made x509_v2 compound match detection use new runner instead of peer publishing [#63278](https://github.com/saltstack/salt/issues/63278)
- Need to make sure we update __pillar__ during a pillar refresh to ensure that process_beacons has the updated beacons loaded from pillar. [#63583](https://github.com/saltstack/salt/issues/63583)
- This implements the vpc_uuid parameter when creating a droplet. This parameter selects the correct virtual private cloud (private network interface). [#63714](https://github.com/saltstack/salt/issues/63714)
- pkg.installed no longer reports failure when installing packages that are installed via the task manager [#63767](https://github.com/saltstack/salt/issues/63767)
- mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
- Fix aptpkg.latest_version performance, reducing number of times to 'shell out' [#63982](https://github.com/saltstack/salt/issues/63982)
- Added option to use a fresh connection for mysql cache [#63991](https://github.com/saltstack/salt/issues/63991)
- [lxd] Fixed a bug in `container_create` which prevented devices which are not of type `disk` to be correctly created and added to the container when passed via the `devices` parameter. [#63996](https://github.com/saltstack/salt/issues/63996)
- Skipped the `isfile` check to greatly increase speed of reading minion keys for systems with a large number of minions on slow file storage [#64260](https://github.com/saltstack/salt/issues/64260)
- Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
- Upgade tornado to 6.3.2 [#64305](https://github.com/saltstack/salt/issues/64305)
- Prevent errors due missing 'transactional_update.apply' on SLE Micro and MicroOS. [#64369](https://github.com/saltstack/salt/issues/64369)
- Fix 'unable to unmount' failure to return False result instead of None [#64420](https://github.com/saltstack/salt/issues/64420)
- Fixed issue uninstalling duplicate packages in ``win_appx`` execution module [#64450](https://github.com/saltstack/salt/issues/64450)
- Clean up tech debt, IPC now uses tcp transport. [#64488](https://github.com/saltstack/salt/issues/64488)
- Made salt-ssh more strict when handling unexpected situations and state.* wrappers treat a remote exception as failure, excluded salt-ssh error returns from mine [#64531](https://github.com/saltstack/salt/issues/64531)
- Fix flaky test for LazyLoader with isolated mocking of threading.RLock [#64567](https://github.com/saltstack/salt/issues/64567)
- Fix possible `KeyError` exceptions in `salt.utils.user.get_group_dict`
while reading improper duplicated GID assigned for the user. [#64599](https://github.com/saltstack/salt/issues/64599)
- changed vm_config() to deep-merge vm_overrides of specific VM, instead of simple-merging the whole vm_overrides [#64610](https://github.com/saltstack/salt/issues/64610)
- Fix the way Salt tries to get the Homebrew's prefix
The first attempt to get the Homebrew's prefix is to look for
the `HOMEBREW_PREFIX` environment variable. If it's not set, then
Salt tries to get the prefix from the `brew` command. However, the
`brew` command can fail. So a last attempt is made to get the
prefix by guessing the installation path. [#64924](https://github.com/saltstack/salt/issues/64924)
- Add missing MySQL Grant SERVICE_CONNECTION_ADMIN to mysql module. [#64934](https://github.com/saltstack/salt/issues/64934)
- Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
- Keep track when an included file only includes sls files but is a requisite. [#65080](https://github.com/saltstack/salt/issues/65080)
- Fixed `gpg.present` succeeds when the keyserver is unreachable [#65169](https://github.com/saltstack/salt/issues/65169)
- Fix issue with openscap when the error was outside the expected scope. It now
returns failed with the error code and the error [#65193](https://github.com/saltstack/salt/issues/65193)
- Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
- Dereference symlinks to set proper __cli opt [#65435](https://github.com/saltstack/salt/issues/65435)
- Made salt-ssh merge master top returns for the same environment [#65480](https://github.com/saltstack/salt/issues/65480)
- Account for situation where the metadata grain fails because the AWS environment requires an authentication token to query the metadata URL. [#65513](https://github.com/saltstack/salt/issues/65513)
- Improve the condition of overriding target for pip with VENV_PIP_TARGET environment variable. [#65562](https://github.com/saltstack/salt/issues/65562)
- Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
- Include changes in the results when schedule.present state is run with test=True. [#65652](https://github.com/saltstack/salt/issues/65652)
- Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when called via saltutil.cmd or in an orchestration [#65670](https://github.com/saltstack/salt/issues/65670)
- Fix extfs.tune doesn't pass retcode to module.run [#65686](https://github.com/saltstack/salt/issues/65686)
- Fix boto execution module loading [#65691](https://github.com/saltstack/salt/issues/65691)
- Removed PR 65185 changes since incomplete solution [#65692](https://github.com/saltstack/salt/issues/65692)
- Return an error message when the DNS plugin is not supported [#65739](https://github.com/saltstack/salt/issues/65739)
### Added
- Allowed publishing to regular minions from the SSH wrapper [#40943](https://github.com/saltstack/salt/issues/40943)
- Added syncing of custom salt-ssh wrappers [#45450](https://github.com/saltstack/salt/issues/45450)
- Made salt-ssh sync custom utils [#53666](https://github.com/saltstack/salt/issues/53666)
- Add ability to use file.managed style check_cmd in file.serialize [#53982](https://github.com/saltstack/salt/issues/53982)
- Revised use of deprecated net-tools and added support for ip neighbour with IPv4 ip_neighs, IPv6 ip_neighs6 [#57541](https://github.com/saltstack/salt/issues/57541)
- Added password support to Redis returner. [#58044](https://github.com/saltstack/salt/issues/58044)
- Added keyring param to gpg modules [#59783](https://github.com/saltstack/salt/issues/59783)
- Added new grain to detect the Salt package type: onedir, pip or system [#62589](https://github.com/saltstack/salt/issues/62589)
- Added Vault AppRole and identity issuance to minions [#62823](https://github.com/saltstack/salt/issues/62823)
- Added Vault AppRole auth mount path configuration option [#62825](https://github.com/saltstack/salt/issues/62825)
- Added distribution of Vault authentication details via response wrapping [#62828](https://github.com/saltstack/salt/issues/62828)
- Add salt package type information. Either onedir, pip or system. [#62961](https://github.com/saltstack/salt/issues/62961)
- Added signature verification to file.managed/archive.extracted [#63143](https://github.com/saltstack/salt/issues/63143)
- Added signed_by_any/signed_by_all parameters to gpg.verify [#63166](https://github.com/saltstack/salt/issues/63166)
- Added match runner [#63278](https://github.com/saltstack/salt/issues/63278)
- Added Vault token lifecycle management [#63406](https://github.com/saltstack/salt/issues/63406)
- adding new call for openscap xccdf eval supporting new parameters [#63416](https://github.com/saltstack/salt/issues/63416)
- Added Vault lease management utility [#63440](https://github.com/saltstack/salt/issues/63440)
- implement removal of ptf packages in zypper pkg module [#63442](https://github.com/saltstack/salt/issues/63442)
- add JUnit output for saltcheck [#63463](https://github.com/saltstack/salt/issues/63463)
- Add ability for file.keyvalue to create a file if it doesn't exist [#63545](https://github.com/saltstack/salt/issues/63545)
- added cleanup of temporary mountpoint dir for macpackage installed state [#63905](https://github.com/saltstack/salt/issues/63905)
- Add pkg.installed show installable version in test mode [#63985](https://github.com/saltstack/salt/issues/63985)
- Added patch option to Vault SDB driver [#64096](https://github.com/saltstack/salt/issues/64096)
- Added flags to create local users and groups [#64256](https://github.com/saltstack/salt/issues/64256)
- Added inline specification of trusted CA root certificate for Vault [#64379](https://github.com/saltstack/salt/issues/64379)
- Add ability to return False result in test mode of configurable_test_state [#64418](https://github.com/saltstack/salt/issues/64418)
- Switched Salt's onedir Python version to 3.11 [#64457](https://github.com/saltstack/salt/issues/64457)
- Added support for dnf5 and its new command syntax [#64532](https://github.com/saltstack/salt/issues/64532)
- Adding a new decorator to indicate when a module is deprecated in favor of a Salt extension. [#64569](https://github.com/saltstack/salt/issues/64569)
- Add jq-esque to_entries and from_entries functions [#64600](https://github.com/saltstack/salt/issues/64600)
- Added ability to use PYTHONWARNINGS=ignore to silence deprecation warnings. [#64660](https://github.com/saltstack/salt/issues/64660)
- Add follow_symlinks to file.symlink exec module to switch to os.path.lexists when False [#64665](https://github.com/saltstack/salt/issues/64665)
- Added win_appx state and execution modules for managing Microsoft Store apps and deprovisioning them from systems [#64978](https://github.com/saltstack/salt/issues/64978)
- Add support for show_jid to salt-run
Adds support for show_jid master config option to salt-run, so its behaviour matches the salt cli command. [#65008](https://github.com/saltstack/salt/issues/65008)
- Add ability to remove packages by wildcard via apt execution module [#65220](https://github.com/saltstack/salt/issues/65220)
- Added support for master top modules on masterless minions [#65479](https://github.com/saltstack/salt/issues/65479)
- Allowed accessing the regular mine from the SSH wrapper [#65645](https://github.com/saltstack/salt/issues/65645)
- Allow enabling backup for Linode in Salt Cloud [#65697](https://github.com/saltstack/salt/issues/65697)
- Add a backup schedule setter fFunction for Linode VMs [#65713](https://github.com/saltstack/salt/issues/65713)
- Add acme support for manual plugin hooks [#65744](https://github.com/saltstack/salt/issues/65744)
### Security
- Upgrade to `tornado>=6.3.3` due to https://github.com/advisories/GHSA-qppv-j76h-2rpx [#64989](https://github.com/saltstack/salt/issues/64989)
- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65137](https://github.com/saltstack/salt/issues/65137)

3
doc/topics/releases/index.rst
View file

@ -19,7 +19,7 @@ Upcoming release
:maxdepth: 1
:glob:
3007.*
3008.*
See `Install a release candidate <https://docs.saltproject.io/salt/install-guide/en/latest/topics/release-candidate.html>`_
for more information about installing an RC when one is available.
@ -31,6 +31,7 @@ Previous releases
:maxdepth: 1
:glob:
3007.*
3006.*
3005*
3004*

59
noxfile.py
View file

@ -1230,14 +1230,29 @@ def coverage_report(session):
def decompress_dependencies(session):
if not session.posargs:
session.error(
"Please pass the distro-slug to run tests against. "
"Check cicd/images.yml for what's available."
"The 'decompress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
distro_slug = session.posargs.pop(0)
if "windows" in distro_slug:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.gz"
try:
platform = session.posargs.pop(0)
arch = session.posargs.pop(0)
if session.posargs:
session.error(
"The 'decompress-dependencies' session target only accepts "
"two arguments, '<platform> <arch>'."
)
except IndexError:
session.error(
"The 'decompress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
if platform == "windows":
extension = "tar.gz"
scripts_dir_name = "Scripts"
else:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.xz"
extension = "tar.xz"
scripts_dir_name = "bin"
nox_dependencies_tarball = f"nox.{platform}.{arch}.{extension}"
nox_dependencies_tarball_path = REPO_ROOT / nox_dependencies_tarball
if not nox_dependencies_tarball_path.exists():
session.error(
@ -1251,10 +1266,7 @@ def decompress_dependencies(session):
session.log("Finding broken 'python' symlinks under '.nox/' ...")
for dirname in os.scandir(REPO_ROOT / ".nox"):
if "windows" not in distro_slug:
scan_path = REPO_ROOT.joinpath(".nox", dirname, "bin")
else:
scan_path = REPO_ROOT.joinpath(".nox", dirname, "Scripts")
scan_path = REPO_ROOT.joinpath(".nox", dirname, scripts_dir_name)
script_paths = {str(p): p for p in os.scandir(scan_path)}
fixed_shebang = f"#!{scan_path / 'python'}"
for key in sorted(script_paths):
@ -1285,7 +1297,7 @@ def decompress_dependencies(session):
continue
if not path.is_file():
continue
if "windows" not in distro_slug:
if platform != "windows":
# Let's try to fix shebang's
try:
fpath = pathlib.Path(path)
@ -1308,14 +1320,27 @@ def decompress_dependencies(session):
def compress_dependencies(session):
if not session.posargs:
session.error(
"Please pass the distro-slug to run tests against. "
"Check cicd/images.yml for what's available."
"The 'compress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
distro_slug = session.posargs.pop(0)
if IS_WINDOWS:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.gz"
try:
platform = session.posargs.pop(0)
arch = session.posargs.pop(0)
if session.posargs:
session.error(
"The 'compress-dependencies' session target only accepts "
"two arguments, '<platform> <arch>'."
)
except IndexError:
session.error(
"The 'compress-dependencies' session target needs "
"two arguments, '<platform> <arch>'."
)
if platform == "windows":
extension = "tar.gz"
else:
nox_dependencies_tarball = f"nox.{distro_slug}.tar.xz"
extension = "tar.xz"
nox_dependencies_tarball = f"nox.{platform}.{arch}.{extension}"
nox_dependencies_tarball_path = REPO_ROOT / nox_dependencies_tarball
if nox_dependencies_tarball_path.exists():
session_warn(

169
pkg/debian/changelog
View file

@ -1,3 +1,172 @@
salt (3007.0rc1) stable; urgency=medium
# Removed
* Removed RHEL 5 support since long since end-of-lifed [#62520](https://github.com/saltstack/salt/issues/62520)
* Removing Azure-Cloud modules from the code base. [#64322](https://github.com/saltstack/salt/issues/64322)
* Dropped Python 3.7 support since it's EOL in 27 Jun 2023 [#64417](https://github.com/saltstack/salt/issues/64417)
* Remove salt.payload.Serial [#64459](https://github.com/saltstack/salt/issues/64459)
* Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod [#64460](https://github.com/saltstack/salt/issues/64460)
* Removed 'transport' arg from salt.utils.event.get_event [#64461](https://github.com/saltstack/salt/issues/64461)
* Removed the usage of retired Linode API v3 from Salt Cloud [#64517](https://github.com/saltstack/salt/issues/64517)
# Deprecated
* Deprecate all Proxmox cloud modules [#64224](https://github.com/saltstack/salt/issues/64224)
* Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. [#64893](https://github.com/saltstack/salt/issues/64893)
* Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. [#64894](https://github.com/saltstack/salt/issues/64894)
* Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. [#64896](https://github.com/saltstack/salt/issues/64896)
* Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. [#64909](https://github.com/saltstack/salt/issues/64909)
* Deprecation warning for Salt's backport of ``OrderedDict`` class which will be removed in 3009 [#65542](https://github.com/saltstack/salt/issues/65542)
* Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 [#65565](https://github.com/saltstack/salt/issues/65565)
* Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 [#65567](https://github.com/saltstack/salt/issues/65567)
# Changed
* Masquerade property will not default to false turning off masquerade if not specified. [#53120](https://github.com/saltstack/salt/issues/53120)
* Addressed Python 3.11 deprecations:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stopped using the deprecated `cgi` module.
* Stopped using the deprecated `pipes` module
* Stopped using the deprecated `imp` module [#64457](https://github.com/saltstack/salt/issues/64457)
* changed 'gpg_decrypt_must_succeed' default from False to True [#64462](https://github.com/saltstack/salt/issues/64462)
# Fixed
* When an NFS or FUSE mount fails to unmount when mount options have changed, try again with a lazy umount before mounting again. [#18907](https://github.com/saltstack/salt/issues/18907)
* fix autoaccept gpg keys by supporting it in refresh_db module [#42039](https://github.com/saltstack/salt/issues/42039)
* Made cmd.script work with files from the fileserver via salt-ssh [#48067](https://github.com/saltstack/salt/issues/48067)
* Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
* Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
* Fix extfs.mkfs missing parameter handling for -C, -d, and -e [#51858](https://github.com/saltstack/salt/issues/51858)
* Fixed Salt master does not renew token [#51986](https://github.com/saltstack/salt/issues/51986)
* Fixed salt-ssh continues state/pillar rendering with incorrect data when an exception is raised by a module on the target [#52452](https://github.com/saltstack/salt/issues/52452)
* Fix extfs.tune has 'reserved' documented twice and is missing the 'reserved_percentage' keyword argument [#54426](https://github.com/saltstack/salt/issues/54426)
* Fix the ability of the 'selinux.port_policy_present' state to modify. [#55687](https://github.com/saltstack/salt/issues/55687)
* Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
* Removed an unused assignment in file.patch [#57204](https://github.com/saltstack/salt/issues/57204)
* Fixed vault module fetching more than one secret in one run with single-use tokens [#57561](https://github.com/saltstack/salt/issues/57561)
* Use brew path from which in mac_brew_pkg module and rely on _homebrew_bin() everytime [#57946](https://github.com/saltstack/salt/issues/57946)
* Fixed Vault verify option to work on minions when only specified in master config [#58174](https://github.com/saltstack/salt/issues/58174)
* Fixed vault command errors configured locally [#58580](https://github.com/saltstack/salt/issues/58580)
* Fixed issue with basic auth causing invalid header error and 401 Bad Request, by using HTTPBasicAuthHandler instead of header. [#58936](https://github.com/saltstack/salt/issues/58936)
* Make the LXD module work with pyLXD > 2.10 [#59514](https://github.com/saltstack/salt/issues/59514)
* Return error if patch file passed to state file.patch is malformed. [#59806](https://github.com/saltstack/salt/issues/59806)
* Handle failure and error information from tuned module/state [#60500](https://github.com/saltstack/salt/issues/60500)
* Fixed sdb.get_or_set_hash with Vault single-use tokens [#60779](https://github.com/saltstack/salt/issues/60779)
* Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
* Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
* Allow all primitive grain types for autosign_grains [#61416](https://github.com/saltstack/salt/issues/61416), [#63708](https://github.com/saltstack/salt/issues/63708)
* `ipset.new_set` no longer fails when creating a set type that uses the `family` create option [#61620](https://github.com/saltstack/salt/issues/61620)
* Fixed Vault session storage to allow unlimited use tokens [#62380](https://github.com/saltstack/salt/issues/62380)
* fix the efi grain on FreeBSD [#63052](https://github.com/saltstack/salt/issues/63052)
* Fixed gpg.receive_keys returns success on failed import [#63144](https://github.com/saltstack/salt/issues/63144)
* Fixed GPG state module always reports success without changes [#63153](https://github.com/saltstack/salt/issues/63153)
* Fixed GPG state module does not respect test mode [#63156](https://github.com/saltstack/salt/issues/63156)
* Fixed gpg.absent with gnupghome/user, fixed gpg.delete_key with gnupghome [#63159](https://github.com/saltstack/salt/issues/63159)
* Fixed service module does not handle enable/disable if systemd service is an alias [#63214](https://github.com/saltstack/salt/issues/63214)
* Made x509_v2 compound match detection use new runner instead of peer publishing [#63278](https://github.com/saltstack/salt/issues/63278)
* Need to make sure we update __pillar__ during a pillar refresh to ensure that process_beacons has the updated beacons loaded from pillar. [#63583](https://github.com/saltstack/salt/issues/63583)
* This implements the vpc_uuid parameter when creating a droplet. This parameter selects the correct virtual private cloud (private network interface). [#63714](https://github.com/saltstack/salt/issues/63714)
* pkg.installed no longer reports failure when installing packages that are installed via the task manager [#63767](https://github.com/saltstack/salt/issues/63767)
* mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
* Fix aptpkg.latest_version performance, reducing number of times to 'shell out' [#63982](https://github.com/saltstack/salt/issues/63982)
* Added option to use a fresh connection for mysql cache [#63991](https://github.com/saltstack/salt/issues/63991)
* [lxd] Fixed a bug in `container_create` which prevented devices which are not of type `disk` to be correctly created and added to the container when passed via the `devices` parameter. [#63996](https://github.com/saltstack/salt/issues/63996)
* Skipped the `isfile` check to greatly increase speed of reading minion keys for systems with a large number of minions on slow file storage [#64260](https://github.com/saltstack/salt/issues/64260)
* Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
* Upgade tornado to 6.3.2 [#64305](https://github.com/saltstack/salt/issues/64305)
* Prevent errors due missing 'transactional_update.apply' on SLE Micro and MicroOS. [#64369](https://github.com/saltstack/salt/issues/64369)
* Fix 'unable to unmount' failure to return False result instead of None [#64420](https://github.com/saltstack/salt/issues/64420)
* Fixed issue uninstalling duplicate packages in ``win_appx`` execution module [#64450](https://github.com/saltstack/salt/issues/64450)
* Clean up tech debt, IPC now uses tcp transport. [#64488](https://github.com/saltstack/salt/issues/64488)
* Made salt-ssh more strict when handling unexpected situations and state.* wrappers treat a remote exception as failure, excluded salt-ssh error returns from mine [#64531](https://github.com/saltstack/salt/issues/64531)
* Fix flaky test for LazyLoader with isolated mocking of threading.RLock [#64567](https://github.com/saltstack/salt/issues/64567)
* Fix possible `KeyError` exceptions in `salt.utils.user.get_group_dict`
while reading improper duplicated GID assigned for the user. [#64599](https://github.com/saltstack/salt/issues/64599)
* changed vm_config() to deep-merge vm_overrides of specific VM, instead of simple-merging the whole vm_overrides [#64610](https://github.com/saltstack/salt/issues/64610)
* Fix the way Salt tries to get the Homebrew's prefix
The first attempt to get the Homebrew's prefix is to look for
the `HOMEBREW_PREFIX` environment variable. If it's not set, then
Salt tries to get the prefix from the `brew` command. However, the
`brew` command can fail. So a last attempt is made to get the
prefix by guessing the installation path. [#64924](https://github.com/saltstack/salt/issues/64924)
* Add missing MySQL Grant SERVICE_CONNECTION_ADMIN to mysql module. [#64934](https://github.com/saltstack/salt/issues/64934)
* Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
* Keep track when an included file only includes sls files but is a requisite. [#65080](https://github.com/saltstack/salt/issues/65080)
* Fixed `gpg.present` succeeds when the keyserver is unreachable [#65169](https://github.com/saltstack/salt/issues/65169)
* Fix issue with openscap when the error was outside the expected scope. It now
returns failed with the error code and the error [#65193](https://github.com/saltstack/salt/issues/65193)
* Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
* Dereference symlinks to set proper __cli opt [#65435](https://github.com/saltstack/salt/issues/65435)
* Made salt-ssh merge master top returns for the same environment [#65480](https://github.com/saltstack/salt/issues/65480)
* Account for situation where the metadata grain fails because the AWS environment requires an authentication token to query the metadata URL. [#65513](https://github.com/saltstack/salt/issues/65513)
* Improve the condition of overriding target for pip with VENV_PIP_TARGET environment variable. [#65562](https://github.com/saltstack/salt/issues/65562)
* Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
* Include changes in the results when schedule.present state is run with test=True. [#65652](https://github.com/saltstack/salt/issues/65652)
* Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when called via saltutil.cmd or in an orchestration [#65670](https://github.com/saltstack/salt/issues/65670)
* Fix extfs.tune doesn't pass retcode to module.run [#65686](https://github.com/saltstack/salt/issues/65686)
* Fix boto execution module loading [#65691](https://github.com/saltstack/salt/issues/65691)
* Removed PR 65185 changes since incomplete solution [#65692](https://github.com/saltstack/salt/issues/65692)
* Return an error message when the DNS plugin is not supported [#65739](https://github.com/saltstack/salt/issues/65739)
# Added
* Allowed publishing to regular minions from the SSH wrapper [#40943](https://github.com/saltstack/salt/issues/40943)
* Added syncing of custom salt-ssh wrappers [#45450](https://github.com/saltstack/salt/issues/45450)
* Made salt-ssh sync custom utils [#53666](https://github.com/saltstack/salt/issues/53666)
* Add ability to use file.managed style check_cmd in file.serialize [#53982](https://github.com/saltstack/salt/issues/53982)
* Revised use of deprecated net-tools and added support for ip neighbour with IPv4 ip_neighs, IPv6 ip_neighs6 [#57541](https://github.com/saltstack/salt/issues/57541)
* Added password support to Redis returner. [#58044](https://github.com/saltstack/salt/issues/58044)
* Added keyring param to gpg modules [#59783](https://github.com/saltstack/salt/issues/59783)
* Added new grain to detect the Salt package type: onedir, pip or system [#62589](https://github.com/saltstack/salt/issues/62589)
* Added Vault AppRole and identity issuance to minions [#62823](https://github.com/saltstack/salt/issues/62823)
* Added Vault AppRole auth mount path configuration option [#62825](https://github.com/saltstack/salt/issues/62825)
* Added distribution of Vault authentication details via response wrapping [#62828](https://github.com/saltstack/salt/issues/62828)
* Add salt package type information. Either onedir, pip or system. [#62961](https://github.com/saltstack/salt/issues/62961)
* Added signature verification to file.managed/archive.extracted [#63143](https://github.com/saltstack/salt/issues/63143)
* Added signed_by_any/signed_by_all parameters to gpg.verify [#63166](https://github.com/saltstack/salt/issues/63166)
* Added match runner [#63278](https://github.com/saltstack/salt/issues/63278)
* Added Vault token lifecycle management [#63406](https://github.com/saltstack/salt/issues/63406)
* adding new call for openscap xccdf eval supporting new parameters [#63416](https://github.com/saltstack/salt/issues/63416)
* Added Vault lease management utility [#63440](https://github.com/saltstack/salt/issues/63440)
* implement removal of ptf packages in zypper pkg module [#63442](https://github.com/saltstack/salt/issues/63442)
* add JUnit output for saltcheck [#63463](https://github.com/saltstack/salt/issues/63463)
* Add ability for file.keyvalue to create a file if it doesn't exist [#63545](https://github.com/saltstack/salt/issues/63545)
* added cleanup of temporary mountpoint dir for macpackage installed state [#63905](https://github.com/saltstack/salt/issues/63905)
* Add pkg.installed show installable version in test mode [#63985](https://github.com/saltstack/salt/issues/63985)
* Added patch option to Vault SDB driver [#64096](https://github.com/saltstack/salt/issues/64096)
* Added flags to create local users and groups [#64256](https://github.com/saltstack/salt/issues/64256)
* Added inline specification of trusted CA root certificate for Vault [#64379](https://github.com/saltstack/salt/issues/64379)
* Add ability to return False result in test mode of configurable_test_state [#64418](https://github.com/saltstack/salt/issues/64418)
* Switched Salt's onedir Python version to 3.11 [#64457](https://github.com/saltstack/salt/issues/64457)
* Added support for dnf5 and its new command syntax [#64532](https://github.com/saltstack/salt/issues/64532)
* Adding a new decorator to indicate when a module is deprecated in favor of a Salt extension. [#64569](https://github.com/saltstack/salt/issues/64569)
* Add jq-esque to_entries and from_entries functions [#64600](https://github.com/saltstack/salt/issues/64600)
* Added ability to use PYTHONWARNINGS=ignore to silence deprecation warnings. [#64660](https://github.com/saltstack/salt/issues/64660)
* Add follow_symlinks to file.symlink exec module to switch to os.path.lexists when False [#64665](https://github.com/saltstack/salt/issues/64665)
* Added win_appx state and execution modules for managing Microsoft Store apps and deprovisioning them from systems [#64978](https://github.com/saltstack/salt/issues/64978)
* Add support for show_jid to salt-run
Adds support for show_jid master config option to salt*run, so its behaviour matches the salt cli command. [#65008](https://github.com/saltstack/salt/issues/65008)
* Add ability to remove packages by wildcard via apt execution module [#65220](https://github.com/saltstack/salt/issues/65220)
* Added support for master top modules on masterless minions [#65479](https://github.com/saltstack/salt/issues/65479)
* Allowed accessing the regular mine from the SSH wrapper [#65645](https://github.com/saltstack/salt/issues/65645)
* Allow enabling backup for Linode in Salt Cloud [#65697](https://github.com/saltstack/salt/issues/65697)
* Add a backup schedule setter fFunction for Linode VMs [#65713](https://github.com/saltstack/salt/issues/65713)
* Add acme support for manual plugin hooks [#65744](https://github.com/saltstack/salt/issues/65744)
# Security
* Upgrade to `tornado>=6.3.3` due to https://github.com/advisories/GHSA-qppv-j76h-2rpx [#64989](https://github.com/saltstack/salt/issues/64989)
* Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65137](https://github.com/saltstack/salt/issues/65137)
-- Salt Project Packaging <saltproject-packaging@vmware.com> Tue, 02 Jan 2024 21:36:56 +0000
salt (3006.5) stable; urgency=medium

4
pkg/debian/rules
View file

@ -24,8 +24,8 @@ override_dh_auto_build:
export FETCH_RELENV_VERSION=$${SALT_RELENV_VERSION}
export PY=$$(build/onedir/venv/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()') \
&& build/onedir/venv/bin/python3 -m pip install -r requirements/static/ci/py$${PY}/tools.txt
build/onedir/venv/bin/relenv fetch --arch=$${SALT_PACKAGE_ARCH} --python=$${SALT_PYTHON_VERSION}
build/onedir/venv/bin/relenv toolchain fetch --arch=$${SALT_PACKAGE_ARCH}
build/onedir/venv/bin/relenv fetch --python=$${SALT_PYTHON_VERSION}
build/onedir/venv/bin/relenv toolchain fetch
build/onedir/venv/bin/tools pkg build onedir-dependencies --arch $${SALT_PACKAGE_ARCH} --relenv-version=$${SALT_RELENV_VERSION} --python-version $${SALT_PYTHON_VERSION} --package-name build/onedir/salt --platform linux
# Fix any hardcoded paths to the relenv python binary on any of the scripts installed in the <onedir>/bin directory

172
pkg/rpm/salt.spec
View file

@ -31,7 +31,7 @@
%define fish_dir %{_datadir}/fish/vendor_functions.d
Name: salt
Version: 3006.5
Version: 3007.0~rc1
Release: 0
Summary: A parallel remote execution system
Group: System Environment/Daemons
@ -169,8 +169,8 @@ cd $RPM_BUILD_DIR
export FETCH_RELENV_VERSION=${SALT_RELENV_VERSION}
export PY=$(build/venv/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()')
build/venv/bin/python3 -m pip install -r %{_salt_src}/requirements/static/ci/py${PY}/tools.txt
build/venv/bin/relenv fetch --arch=${SALT_PACKAGE_ARCH} --python=${SALT_PYTHON_VERSION}
build/venv/bin/relenv toolchain fetch --arch=${SALT_PACKAGE_ARCH}
build/venv/bin/relenv fetch --python=${SALT_PYTHON_VERSION}
build/venv/bin/relenv toolchain fetch
cd %{_salt_src}
$RPM_BUILD_DIR/build/venv/bin/tools pkg build onedir-dependencies --arch ${SALT_PACKAGE_ARCH} --relenv-version=${SALT_RELENV_VERSION} --python-version ${SALT_PYTHON_VERSION} --package-name $RPM_BUILD_DIR/build/salt --platform linux
@ -583,6 +583,172 @@ fi
%changelog
* Tue Jan 02 2024 Salt Project Packaging <saltproject-packaging@vmware.com> - 3007.0~rc1
# Removed
- Removed RHEL 5 support since long since end-of-lifed [#62520](https://github.com/saltstack/salt/issues/62520)
- Removing Azure-Cloud modules from the code base. [#64322](https://github.com/saltstack/salt/issues/64322)
- Dropped Python 3.7 support since it's EOL in 27 Jun 2023 [#64417](https://github.com/saltstack/salt/issues/64417)
- Remove salt.payload.Serial [#64459](https://github.com/saltstack/salt/issues/64459)
- Remove netmiko_conn and pyeapi_conn from salt.modules.napalm_mod [#64460](https://github.com/saltstack/salt/issues/64460)
- Removed 'transport' arg from salt.utils.event.get_event [#64461](https://github.com/saltstack/salt/issues/64461)
- Removed the usage of retired Linode API v3 from Salt Cloud [#64517](https://github.com/saltstack/salt/issues/64517)
# Deprecated
- Deprecate all Proxmox cloud modules [#64224](https://github.com/saltstack/salt/issues/64224)
- Deprecate all the Vault modules in favor of the Vault Salt Extension https://github.com/salt-extensions/saltext-vault. The Vault modules will be removed in Salt core in 3009.0. [#64893](https://github.com/saltstack/salt/issues/64893)
- Deprecate all the Docker modules in favor of the Docker Salt Extension https://github.com/saltstack/saltext-docker. The Docker modules will be removed in Salt core in 3009.0. [#64894](https://github.com/saltstack/salt/issues/64894)
- Deprecate all the Zabbix modules in favor of the Zabbix Salt Extension https://github.com/salt-extensions/saltext-zabbix. The Zabbix modules will be removed in Salt core in 3009.0. [#64896](https://github.com/saltstack/salt/issues/64896)
- Deprecate all the Apache modules in favor of the Apache Salt Extension https://github.com/salt-extensions/saltext-apache. The Apache modules will be removed in Salt core in 3009.0. [#64909](https://github.com/saltstack/salt/issues/64909)
- Deprecation warning for Salt's backport of ``OrderedDict`` class which will be removed in 3009 [#65542](https://github.com/saltstack/salt/issues/65542)
- Deprecate Kubernetes modules for move to saltext-kubernetes in version 3009 [#65565](https://github.com/saltstack/salt/issues/65565)
- Deprecated all Pushover modules in favor of the Salt Extension at https://github.com/salt-extensions/saltext-pushover. The Pushover modules will be removed from Salt core in 3009.0 [#65567](https://github.com/saltstack/salt/issues/65567)
# Changed
- Masquerade property will not default to false turning off masquerade if not specified. [#53120](https://github.com/saltstack/salt/issues/53120)
- Addressed Python 3.11 deprecations:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stopped using the deprecated `cgi` module.
* Stopped using the deprecated `pipes` module
* Stopped using the deprecated `imp` module [#64457](https://github.com/saltstack/salt/issues/64457)
- changed 'gpg_decrypt_must_succeed' default from False to True [#64462](https://github.com/saltstack/salt/issues/64462)
# Fixed
- When an NFS or FUSE mount fails to unmount when mount options have changed, try again with a lazy umount before mounting again. [#18907](https://github.com/saltstack/salt/issues/18907)
- fix autoaccept gpg keys by supporting it in refresh_db module [#42039](https://github.com/saltstack/salt/issues/42039)
- Made cmd.script work with files from the fileserver via salt-ssh [#48067](https://github.com/saltstack/salt/issues/48067)
- Made slsutil.renderer work with salt-ssh [#50196](https://github.com/saltstack/salt/issues/50196)
- Fixed defaults.merge is not available when using salt-ssh [#51605](https://github.com/saltstack/salt/issues/51605)
- Fix extfs.mkfs missing parameter handling for -C, -d, and -e [#51858](https://github.com/saltstack/salt/issues/51858)
- Fixed Salt master does not renew token [#51986](https://github.com/saltstack/salt/issues/51986)
- Fixed salt-ssh continues state/pillar rendering with incorrect data when an exception is raised by a module on the target [#52452](https://github.com/saltstack/salt/issues/52452)
- Fix extfs.tune has 'reserved' documented twice and is missing the 'reserved_percentage' keyword argument [#54426](https://github.com/saltstack/salt/issues/54426)
- Fix the ability of the 'selinux.port_policy_present' state to modify. [#55687](https://github.com/saltstack/salt/issues/55687)
- Fixed config.get does not support merge option with salt-ssh [#56441](https://github.com/saltstack/salt/issues/56441)
- Removed an unused assignment in file.patch [#57204](https://github.com/saltstack/salt/issues/57204)
- Fixed vault module fetching more than one secret in one run with single-use tokens [#57561](https://github.com/saltstack/salt/issues/57561)
- Use brew path from which in mac_brew_pkg module and rely on _homebrew_bin() everytime [#57946](https://github.com/saltstack/salt/issues/57946)
- Fixed Vault verify option to work on minions when only specified in master config [#58174](https://github.com/saltstack/salt/issues/58174)
- Fixed vault command errors configured locally [#58580](https://github.com/saltstack/salt/issues/58580)
- Fixed issue with basic auth causing invalid header error and 401 Bad Request, by using HTTPBasicAuthHandler instead of header. [#58936](https://github.com/saltstack/salt/issues/58936)
- Make the LXD module work with pyLXD > 2.10 [#59514](https://github.com/saltstack/salt/issues/59514)
- Return error if patch file passed to state file.patch is malformed. [#59806](https://github.com/saltstack/salt/issues/59806)
- Handle failure and error information from tuned module/state [#60500](https://github.com/saltstack/salt/issues/60500)
- Fixed sdb.get_or_set_hash with Vault single-use tokens [#60779](https://github.com/saltstack/salt/issues/60779)
- Fixed state.test does not work with salt-ssh [#61100](https://github.com/saltstack/salt/issues/61100)
- Made slsutil.findup work with salt-ssh [#61143](https://github.com/saltstack/salt/issues/61143)
- Allow all primitive grain types for autosign_grains [#61416](https://github.com/saltstack/salt/issues/61416), [#63708](https://github.com/saltstack/salt/issues/63708)
- `ipset.new_set` no longer fails when creating a set type that uses the `family` create option [#61620](https://github.com/saltstack/salt/issues/61620)
- Fixed Vault session storage to allow unlimited use tokens [#62380](https://github.com/saltstack/salt/issues/62380)
- fix the efi grain on FreeBSD [#63052](https://github.com/saltstack/salt/issues/63052)
- Fixed gpg.receive_keys returns success on failed import [#63144](https://github.com/saltstack/salt/issues/63144)
- Fixed GPG state module always reports success without changes [#63153](https://github.com/saltstack/salt/issues/63153)
- Fixed GPG state module does not respect test mode [#63156](https://github.com/saltstack/salt/issues/63156)
- Fixed gpg.absent with gnupghome/user, fixed gpg.delete_key with gnupghome [#63159](https://github.com/saltstack/salt/issues/63159)
- Fixed service module does not handle enable/disable if systemd service is an alias [#63214](https://github.com/saltstack/salt/issues/63214)
- Made x509_v2 compound match detection use new runner instead of peer publishing [#63278](https://github.com/saltstack/salt/issues/63278)
- Need to make sure we update __pillar__ during a pillar refresh to ensure that process_beacons has the updated beacons loaded from pillar. [#63583](https://github.com/saltstack/salt/issues/63583)
- This implements the vpc_uuid parameter when creating a droplet. This parameter selects the correct virtual private cloud (private network interface). [#63714](https://github.com/saltstack/salt/issues/63714)
- pkg.installed no longer reports failure when installing packages that are installed via the task manager [#63767](https://github.com/saltstack/salt/issues/63767)
- mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779)
- Fix aptpkg.latest_version performance, reducing number of times to 'shell out' [#63982](https://github.com/saltstack/salt/issues/63982)
- Added option to use a fresh connection for mysql cache [#63991](https://github.com/saltstack/salt/issues/63991)
- [lxd] Fixed a bug in `container_create` which prevented devices which are not of type `disk` to be correctly created and added to the container when passed via the `devices` parameter. [#63996](https://github.com/saltstack/salt/issues/63996)
- Skipped the `isfile` check to greatly increase speed of reading minion keys for systems with a large number of minions on slow file storage [#64260](https://github.com/saltstack/salt/issues/64260)
- Fix utf8 handling in 'pass' renderer [#64300](https://github.com/saltstack/salt/issues/64300)
- Upgade tornado to 6.3.2 [#64305](https://github.com/saltstack/salt/issues/64305)
- Prevent errors due missing 'transactional_update.apply' on SLE Micro and MicroOS. [#64369](https://github.com/saltstack/salt/issues/64369)
- Fix 'unable to unmount' failure to return False result instead of None [#64420](https://github.com/saltstack/salt/issues/64420)
- Fixed issue uninstalling duplicate packages in ``win_appx`` execution module [#64450](https://github.com/saltstack/salt/issues/64450)
- Clean up tech debt, IPC now uses tcp transport. [#64488](https://github.com/saltstack/salt/issues/64488)
- Made salt-ssh more strict when handling unexpected situations and state.* wrappers treat a remote exception as failure, excluded salt-ssh error returns from mine [#64531](https://github.com/saltstack/salt/issues/64531)
- Fix flaky test for LazyLoader with isolated mocking of threading.RLock [#64567](https://github.com/saltstack/salt/issues/64567)
- Fix possible `KeyError` exceptions in `salt.utils.user.get_group_dict`
while reading improper duplicated GID assigned for the user. [#64599](https://github.com/saltstack/salt/issues/64599)
- changed vm_config() to deep-merge vm_overrides of specific VM, instead of simple-merging the whole vm_overrides [#64610](https://github.com/saltstack/salt/issues/64610)
- Fix the way Salt tries to get the Homebrew's prefix
The first attempt to get the Homebrew's prefix is to look for
the `HOMEBREW_PREFIX` environment variable. If it's not set, then
Salt tries to get the prefix from the `brew` command. However, the
`brew` command can fail. So a last attempt is made to get the
prefix by guessing the installation path. [#64924](https://github.com/saltstack/salt/issues/64924)
- Add missing MySQL Grant SERVICE_CONNECTION_ADMIN to mysql module. [#64934](https://github.com/saltstack/salt/issues/64934)
- Fixed slsutil.update with salt-ssh during template rendering [#65067](https://github.com/saltstack/salt/issues/65067)
- Keep track when an included file only includes sls files but is a requisite. [#65080](https://github.com/saltstack/salt/issues/65080)
- Fixed `gpg.present` succeeds when the keyserver is unreachable [#65169](https://github.com/saltstack/salt/issues/65169)
- Fix issue with openscap when the error was outside the expected scope. It now
returns failed with the error code and the error [#65193](https://github.com/saltstack/salt/issues/65193)
- Fix typo in nftables module to ensure unique nft family values [#65295](https://github.com/saltstack/salt/issues/65295)
- Dereference symlinks to set proper __cli opt [#65435](https://github.com/saltstack/salt/issues/65435)
- Made salt-ssh merge master top returns for the same environment [#65480](https://github.com/saltstack/salt/issues/65480)
- Account for situation where the metadata grain fails because the AWS environment requires an authentication token to query the metadata URL. [#65513](https://github.com/saltstack/salt/issues/65513)
- Improve the condition of overriding target for pip with VENV_PIP_TARGET environment variable. [#65562](https://github.com/saltstack/salt/issues/65562)
- Added SSH wrapper for logmod [#65630](https://github.com/saltstack/salt/issues/65630)
- Include changes in the results when schedule.present state is run with test=True. [#65652](https://github.com/saltstack/salt/issues/65652)
- Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when called via saltutil.cmd or in an orchestration [#65670](https://github.com/saltstack/salt/issues/65670)
- Fix extfs.tune doesn't pass retcode to module.run [#65686](https://github.com/saltstack/salt/issues/65686)
- Fix boto execution module loading [#65691](https://github.com/saltstack/salt/issues/65691)
- Removed PR 65185 changes since incomplete solution [#65692](https://github.com/saltstack/salt/issues/65692)
- Return an error message when the DNS plugin is not supported [#65739](https://github.com/saltstack/salt/issues/65739)
# Added
- Allowed publishing to regular minions from the SSH wrapper [#40943](https://github.com/saltstack/salt/issues/40943)
- Added syncing of custom salt-ssh wrappers [#45450](https://github.com/saltstack/salt/issues/45450)
- Made salt-ssh sync custom utils [#53666](https://github.com/saltstack/salt/issues/53666)
- Add ability to use file.managed style check_cmd in file.serialize [#53982](https://github.com/saltstack/salt/issues/53982)
- Revised use of deprecated net-tools and added support for ip neighbour with IPv4 ip_neighs, IPv6 ip_neighs6 [#57541](https://github.com/saltstack/salt/issues/57541)
- Added password support to Redis returner. [#58044](https://github.com/saltstack/salt/issues/58044)
- Added keyring param to gpg modules [#59783](https://github.com/saltstack/salt/issues/59783)
- Added new grain to detect the Salt package type: onedir, pip or system [#62589](https://github.com/saltstack/salt/issues/62589)
- Added Vault AppRole and identity issuance to minions [#62823](https://github.com/saltstack/salt/issues/62823)
- Added Vault AppRole auth mount path configuration option [#62825](https://github.com/saltstack/salt/issues/62825)
- Added distribution of Vault authentication details via response wrapping [#62828](https://github.com/saltstack/salt/issues/62828)
- Add salt package type information. Either onedir, pip or system. [#62961](https://github.com/saltstack/salt/issues/62961)
- Added signature verification to file.managed/archive.extracted [#63143](https://github.com/saltstack/salt/issues/63143)
- Added signed_by_any/signed_by_all parameters to gpg.verify [#63166](https://github.com/saltstack/salt/issues/63166)
- Added match runner [#63278](https://github.com/saltstack/salt/issues/63278)
- Added Vault token lifecycle management [#63406](https://github.com/saltstack/salt/issues/63406)
- adding new call for openscap xccdf eval supporting new parameters [#63416](https://github.com/saltstack/salt/issues/63416)
- Added Vault lease management utility [#63440](https://github.com/saltstack/salt/issues/63440)
- implement removal of ptf packages in zypper pkg module [#63442](https://github.com/saltstack/salt/issues/63442)
- add JUnit output for saltcheck [#63463](https://github.com/saltstack/salt/issues/63463)
- Add ability for file.keyvalue to create a file if it doesn't exist [#63545](https://github.com/saltstack/salt/issues/63545)
- added cleanup of temporary mountpoint dir for macpackage installed state [#63905](https://github.com/saltstack/salt/issues/63905)
- Add pkg.installed show installable version in test mode [#63985](https://github.com/saltstack/salt/issues/63985)
- Added patch option to Vault SDB driver [#64096](https://github.com/saltstack/salt/issues/64096)
- Added flags to create local users and groups [#64256](https://github.com/saltstack/salt/issues/64256)
- Added inline specification of trusted CA root certificate for Vault [#64379](https://github.com/saltstack/salt/issues/64379)
- Add ability to return False result in test mode of configurable_test_state [#64418](https://github.com/saltstack/salt/issues/64418)
- Switched Salt's onedir Python version to 3.11 [#64457](https://github.com/saltstack/salt/issues/64457)
- Added support for dnf5 and its new command syntax [#64532](https://github.com/saltstack/salt/issues/64532)
- Adding a new decorator to indicate when a module is deprecated in favor of a Salt extension. [#64569](https://github.com/saltstack/salt/issues/64569)
- Add jq-esque to_entries and from_entries functions [#64600](https://github.com/saltstack/salt/issues/64600)
- Added ability to use PYTHONWARNINGS=ignore to silence deprecation warnings. [#64660](https://github.com/saltstack/salt/issues/64660)
- Add follow_symlinks to file.symlink exec module to switch to os.path.lexists when False [#64665](https://github.com/saltstack/salt/issues/64665)
- Added win_appx state and execution modules for managing Microsoft Store apps and deprovisioning them from systems [#64978](https://github.com/saltstack/salt/issues/64978)
- Add support for show_jid to salt-run
Adds support for show_jid master config option to salt-run, so its behaviour matches the salt cli command. [#65008](https://github.com/saltstack/salt/issues/65008)
- Add ability to remove packages by wildcard via apt execution module [#65220](https://github.com/saltstack/salt/issues/65220)
- Added support for master top modules on masterless minions [#65479](https://github.com/saltstack/salt/issues/65479)
- Allowed accessing the regular mine from the SSH wrapper [#65645](https://github.com/saltstack/salt/issues/65645)
- Allow enabling backup for Linode in Salt Cloud [#65697](https://github.com/saltstack/salt/issues/65697)
- Add a backup schedule setter fFunction for Linode VMs [#65713](https://github.com/saltstack/salt/issues/65713)
- Add acme support for manual plugin hooks [#65744](https://github.com/saltstack/salt/issues/65744)
# Security
- Upgrade to `tornado>=6.3.3` due to https://github.com/advisories/GHSA-qppv-j76h-2rpx [#64989](https://github.com/saltstack/salt/issues/64989)
- Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c [#65137](https://github.com/saltstack/salt/issues/65137)
* Tue Dec 12 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.5
# Removed

2
requirements/static/ci/py3.10/darwin.txt
View file

@ -284,7 +284,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

2
requirements/static/ci/py3.10/freebsd.txt
View file

@ -287,7 +287,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.10/linux.txt
View file

@ -313,7 +313,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.11/darwin.txt
View file

@ -282,7 +282,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

2
requirements/static/ci/py3.11/freebsd.txt
View file

@ -285,7 +285,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.11/linux.txt
View file

@ -309,7 +309,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.12/cloud.txt
View file

@ -398,7 +398,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/static/ci/common.in

2
requirements/static/ci/py3.12/darwin.txt
View file

@ -276,7 +276,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

2
requirements/static/ci/py3.12/freebsd.txt
View file

@ -285,7 +285,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.12/lint.txt
View file

@ -423,7 +423,7 @@ packaging==23.1
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/base.txt
# ansible-core
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -c requirements/static/ci/py3.12/linux.txt
# -r requirements/static/ci/common.in

2
requirements/static/ci/py3.12/linux.txt
View file

@ -309,7 +309,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.8/freebsd.txt
View file

@ -291,7 +291,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.8/linux.txt
View file

@ -317,7 +317,7 @@ packaging==23.1
# ansible-core
# docker
# pytest
paramiko==3.3.1 ; sys_platform != "win32" and sys_platform != "darwin"
paramiko==3.4.0 ; sys_platform != "win32" and sys_platform != "darwin"
# via
# -r requirements/static/ci/common.in
# junos-eznc

2
requirements/static/ci/py3.9/darwin.txt
View file

@ -284,7 +284,7 @@ packaging==23.1
# -r requirements/base.txt
# docker
# pytest
paramiko==3.3.1
paramiko==3.4.0
# via
# junos-eznc
# napalm

Some files were not shown because too many files have changed in this diff Show more