From 9b1ba9eb691b4d2177bcb3424968a576f40d96ee Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Fri, 22 Nov 2024 17:38:57 -0700 Subject: [PATCH] No longer build and publish repositories --- .github/workflows/nightly.yml | 779 +----------------- .github/workflows/staging.yml | 753 ----------------- .github/workflows/templates/nightly.yml.jinja | 60 -- .github/workflows/test-packages-action.yml | 6 +- tools/ci.py | 53 +- 5 files changed, 43 insertions(+), 1608 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5df91aab685..6a3f2b5d10f 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -1285,717 +1285,24 @@ jobs: workflow-slug: nightly default-timeout: 360 - build-src-repo: - name: Build Repository - environment: nightly - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-source-tarball - - build-pkgs-src - strategy: - fail-fast: false - matrix: - pkg-type: - - src - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download Source Tarball - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create src --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Copy Files For Source Only Artifact Uploads - run: | - mkdir artifacts/src - find artifacts/pkgs/repo -type f -print -exec cp {} artifacts/src \; - - - name: Upload Standalone Repository As An Artifact - uses: actions/upload-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-src-repo - path: | - artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz - artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.* - artifacts/src/*-GPG-* - retention-days: 7 - if-no-files-found: error - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-src - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: src-repo - - build-deb-repo: - name: Build Repository - environment: nightly - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - include: - - pkg-type: deb - distro: debian - version: "11" - arch: x86_64 - - pkg-type: deb - distro: debian - version: "11" - arch: arm64 - - pkg-type: deb - distro: debian - version: "12" - arch: x86_64 - - pkg-type: deb - distro: debian - version: "12" - arch: arm64 - - pkg-type: deb - distro: ubuntu - version: "20.04" - arch: x86_64 - - pkg-type: deb - distro: ubuntu - version: "20.04" - arch: arm64 - - pkg-type: deb - distro: ubuntu - version: "22.04" - arch: x86_64 - - pkg-type: deb - distro: ubuntu - version: "22.04" - arch: arm64 - - pkg-type: deb - distro: ubuntu - version: "24.04" - arch: x86_64 - - pkg-type: deb - distro: ubuntu - version: "24.04" - arch: arm64 - - steps: - - uses: actions/checkout@v4 - - - name: Download System Dependencies - run: | - sudo apt update - sudo apt install -y devscripts apt-utils - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download DEB Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-deb - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create deb --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} --nightly-build-from=${{ github.ref_name }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }} - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo - - build-rpm-repo: - name: Build Repository - environment: nightly - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - include: - - pkg-type: rpm - distro: amazon - version: "2" - arch: x86_64 - - pkg-type: rpm - distro: amazon - version: "2" - arch: arm64 - - pkg-type: rpm - distro: amazon - version: "2" - arch: aarch64 - - pkg-type: rpm - distro: amazon - version: "2023" - arch: x86_64 - - pkg-type: rpm - distro: amazon - version: "2023" - arch: arm64 - - pkg-type: rpm - distro: amazon - version: "2023" - arch: aarch64 - - pkg-type: rpm - distro: fedora - version: "40" - arch: x86_64 - - pkg-type: rpm - distro: fedora - version: "40" - arch: arm64 - - pkg-type: rpm - distro: fedora - version: "40" - arch: aarch64 - - pkg-type: rpm - distro: photon - version: "4" - arch: x86_64 - - pkg-type: rpm - distro: photon - version: "4" - arch: arm64 - - pkg-type: rpm - distro: photon - version: "4" - arch: aarch64 - - pkg-type: rpm - distro: photon - version: "5" - arch: x86_64 - - pkg-type: rpm - distro: photon - version: "5" - arch: arm64 - - pkg-type: rpm - distro: photon - version: "5" - arch: aarch64 - - pkg-type: rpm - distro: redhat - version: "8" - arch: x86_64 - - pkg-type: rpm - distro: redhat - version: "8" - arch: arm64 - - pkg-type: rpm - distro: redhat - version: "8" - arch: aarch64 - - pkg-type: rpm - distro: redhat - version: "9" - arch: x86_64 - - pkg-type: rpm - distro: redhat - version: "9" - arch: arm64 - - pkg-type: rpm - distro: redhat - version: "9" - arch: aarch64 - - steps: - - uses: actions/checkout@v4 - - - name: Download System Dependencies - run: | - sudo apt update - sudo apt install -y rpm - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download RPM Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}-rpm - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - env: - SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} - SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} - run: | - tools pkg repo create rpm --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} --nightly-build-from=${{ github.ref_name }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }} - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo - - build-windows-repo: - name: Build Repository - environment: nightly - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - pkg-type: - - windows - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Get Salt Project GitHub Actions Bot Environment - run: | - TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - - name: Download Windows NSIS x86 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-NSIS - path: artifacts/pkgs/incoming - - - name: Download Windows MSI x86 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-MSI - path: artifacts/pkgs/incoming - - - name: Download Windows NSIS amd64 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-NSIS - path: artifacts/pkgs/incoming - - - name: Download Windows MSI amd64 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-MSI - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create windows --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-windows - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: windows-repo - - build-macos-repo: - name: Build Repository - environment: nightly - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - pkg-type: - - macos - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download macOS x86_64 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86_64-macos - path: artifacts/pkgs/incoming - - - name: Download macOS Arch64 Packages - if: ${{ ! github.event.repository.fork }} - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-arm64-macos - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create macos --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-macos - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: macos-repo - - build-onedir-repo: - name: Build Repository - environment: nightly - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-salt-onedir - strategy: - fail-fast: false - matrix: - pkg-type: - - onedir - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download Linux x86_64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-x86_64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Linux arm64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-arm64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download macOS x86_64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-x86_64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download macOS arm64 Onedir Archive - if: ${{ ! github.event.repository.fork }} - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-arm64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Windows amd64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Windows amd64 Onedir Archive(zip) - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.zip - path: artifacts/pkgs/incoming - - - name: Download Windows x86 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Windows amd64 Onedir Archive(zip) - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.zip - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create onedir --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-onedir - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: onedir-repo - - publish-repositories: - name: Publish Repositories - if: ${{ always() && ! failure() && ! cancelled() }} - runs-on: - - linux-x86_64 + set-pipeline-exit-status: + # This step is just so we can make github require this step, to pass checks + # on a pull request instead of requiring all + name: Set the ${{ github.workflow }} Pipeline Exit Status + if: always() + runs-on: ubuntu-latest environment: nightly needs: + - workflow-requirements + - trigger-branch-nightly-builds - prepare-workflow + - pre-commit + - lint + - nsis-tests - build-docs - - build-src-repo - - build-deb-repo - - build-rpm-repo - - build-windows-repo - - build-macos-repo - - build-onedir-repo + - build-deps-onedir + - build-salt-onedir + - build-pkgs-src - build-ci-deps - test-windows-2019 - test-windows-2022 @@ -2030,64 +1337,6 @@ jobs: - test-ubuntu-2204-arm64 - test-ubuntu-2404 - test-ubuntu-2404-arm64 - - steps: - - - uses: actions/checkout@v4 - - - name: Get Salt Project GitHub Actions Bot Environment - run: | - TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download Repository Artifact - uses: actions/download-artifact@v4 - with: - pattern: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo-* - merge-multiple: true - path: repo/ - - - name: Decompress Repository Artifacts - run: | - find repo/ -type f -name '*.tar.gz' -print -exec tar xvf {} \; - find repo/ -type f -name '*.tar.gz' -print -exec rm -f {} \; - - - name: Show Repository - run: | - tree -a artifacts/pkgs/repo/ - - - name: Upload Repository Contents (nightly) - env: - SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} - SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} - run: | - tools pkg repo publish nightly --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} artifacts/pkgs/repo/ - - set-pipeline-exit-status: - # This step is just so we can make github require this step, to pass checks - # on a pull request instead of requiring all - name: Set the ${{ github.workflow }} Pipeline Exit Status - if: always() - runs-on: ubuntu-latest - environment: nightly - needs: - - workflow-requirements - - trigger-branch-nightly-builds - - prepare-workflow - - pre-commit - - lint - - nsis-tests - - build-docs - - build-deps-onedir - - build-salt-onedir - - build-pkgs-src - - publish-repositories steps: - name: Get workflow information id: get-workflow-info diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index fe2f207013b..2f3e29c23b2 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -1271,758 +1271,6 @@ jobs: workflow-slug: staging default-timeout: 180 - build-src-repo: - name: Build Repository - environment: staging - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-source-tarball - - build-pkgs-src - strategy: - fail-fast: false - matrix: - pkg-type: - - src - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download Source Tarball - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create src --key-id=64CBBC8173D76B3F \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Copy Files For Source Only Artifact Uploads - run: | - mkdir artifacts/src - find artifacts/pkgs/repo -type f -print -exec cp {} artifacts/src \; - - - name: Upload Standalone Repository As An Artifact - uses: actions/upload-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-src-repo - path: | - artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz - artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.* - artifacts/src/*-GPG-* - retention-days: 7 - if-no-files-found: error - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-src - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: src-repo - - build-deb-repo: - name: Build Repository - environment: staging - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - include: - - pkg-type: deb - distro: debian - version: "11" - arch: x86_64 - - pkg-type: deb - distro: debian - version: "11" - arch: arm64 - - pkg-type: deb - distro: debian - version: "12" - arch: x86_64 - - pkg-type: deb - distro: debian - version: "12" - arch: arm64 - - pkg-type: deb - distro: ubuntu - version: "20.04" - arch: x86_64 - - pkg-type: deb - distro: ubuntu - version: "20.04" - arch: arm64 - - pkg-type: deb - distro: ubuntu - version: "22.04" - arch: x86_64 - - pkg-type: deb - distro: ubuntu - version: "22.04" - arch: arm64 - - pkg-type: deb - distro: ubuntu - version: "24.04" - arch: x86_64 - - pkg-type: deb - distro: ubuntu - version: "24.04" - arch: arm64 - - steps: - - uses: actions/checkout@v4 - - - name: Download System Dependencies - run: | - sudo apt update - sudo apt install -y devscripts apt-utils - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download DEB Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-deb - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create deb --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }} - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo - - build-rpm-repo: - name: Build Repository - environment: staging - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - include: - - pkg-type: rpm - distro: amazon - version: "2" - arch: x86_64 - - pkg-type: rpm - distro: amazon - version: "2" - arch: arm64 - - pkg-type: rpm - distro: amazon - version: "2" - arch: aarch64 - - pkg-type: rpm - distro: amazon - version: "2023" - arch: x86_64 - - pkg-type: rpm - distro: amazon - version: "2023" - arch: arm64 - - pkg-type: rpm - distro: amazon - version: "2023" - arch: aarch64 - - pkg-type: rpm - distro: fedora - version: "40" - arch: x86_64 - - pkg-type: rpm - distro: fedora - version: "40" - arch: arm64 - - pkg-type: rpm - distro: fedora - version: "40" - arch: aarch64 - - pkg-type: rpm - distro: photon - version: "4" - arch: x86_64 - - pkg-type: rpm - distro: photon - version: "4" - arch: arm64 - - pkg-type: rpm - distro: photon - version: "4" - arch: aarch64 - - pkg-type: rpm - distro: photon - version: "5" - arch: x86_64 - - pkg-type: rpm - distro: photon - version: "5" - arch: arm64 - - pkg-type: rpm - distro: photon - version: "5" - arch: aarch64 - - pkg-type: rpm - distro: redhat - version: "8" - arch: x86_64 - - pkg-type: rpm - distro: redhat - version: "8" - arch: arm64 - - pkg-type: rpm - distro: redhat - version: "8" - arch: aarch64 - - pkg-type: rpm - distro: redhat - version: "9" - arch: x86_64 - - pkg-type: rpm - distro: redhat - version: "9" - arch: arm64 - - pkg-type: rpm - distro: redhat - version: "9" - arch: aarch64 - - steps: - - uses: actions/checkout@v4 - - - name: Download System Dependencies - run: | - sudo apt update - sudo apt install -y rpm - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download RPM Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}-rpm - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - env: - SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} - SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} - SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} - SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} - run: | - tools pkg repo create rpm --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-${{ matrix.pkg-type }}-${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }} - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo - - build-windows-repo: - name: Build Repository - environment: staging - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - pkg-type: - - windows - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Get Salt Project GitHub Actions Bot Environment - run: | - TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - - name: Download Windows NSIS x86 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-NSIS - path: artifacts/pkgs/incoming - - - name: Download Windows MSI x86 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-MSI - path: artifacts/pkgs/incoming - - - name: Download Windows NSIS amd64 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-NSIS - path: artifacts/pkgs/incoming - - - name: Download Windows MSI amd64 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-MSI - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create windows --key-id=64CBBC8173D76B3F \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-windows - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: windows-repo - - build-macos-repo: - name: Build Repository - environment: staging - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-pkgs-onedir - strategy: - fail-fast: false - matrix: - pkg-type: - - macos - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download macOS x86_64 Packages - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86_64-macos - path: artifacts/pkgs/incoming - - - name: Download macOS Arch64 Packages - if: ${{ ! github.event.repository.fork }} - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-arm64-macos - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create macos --key-id=64CBBC8173D76B3F \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-macos - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: macos-repo - - build-onedir-repo: - name: Build Repository - environment: staging - runs-on: - - ubuntu-latest - env: - USE_S3_CACHE: 'false' - needs: - - prepare-workflow - - build-salt-onedir - strategy: - fail-fast: false - matrix: - pkg-type: - - onedir - - steps: - - uses: actions/checkout@v4 - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download Linux x86_64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-x86_64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Linux arm64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-arm64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download macOS x86_64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-x86_64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download macOS arm64 Onedir Archive - if: ${{ ! github.event.repository.fork }} - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-macos-arm64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Windows amd64 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Windows amd64 Onedir Archive(zip) - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.zip - path: artifacts/pkgs/incoming - - - name: Download Windows x86 Onedir Archive - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.tar.xz - path: artifacts/pkgs/incoming - - - name: Download Windows amd64 Onedir Archive(zip) - uses: actions/download-artifact@v4 - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.zip - path: artifacts/pkgs/incoming - - - name: Setup GnuPG - run: | - sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg - GNUPGHOME="$(mktemp -d -p /run/gpg)" - echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" - cat < "${GNUPGHOME}/gpg.conf" - batch - no-tty - pinentry-mode loopback - EOF - - - name: Get Secrets - env: - SECRETS_KEY: ${{ secrets.SECRETS_KEY }} - run: | - SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) - echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text | jq .default_key -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ - | gpg --import - - sync - aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ - --query SecretString --output text| jq .default_passphrase -r | base64 -d \ - | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - - sync - rm "$SECRETS_KEY_FILE" - echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" - - - name: Create Repository Path - run: | - mkdir -p artifacts/pkgs/repo - - - name: Create Repository - run: | - tools pkg repo create onedir --key-id=64CBBC8173D76B3F \ - --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ - --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo - - - name: Upload Repository As An Artifact - uses: ./.github/actions/upload-artifact - with: - name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-onedir - path: artifacts/pkgs/repo/* - retention-days: 7 - if-no-files-found: error - archive-name: onedir-repo - - publish-repositories: - name: Publish Repositories - if: ${{ always() && ! failure() && ! cancelled() }} - runs-on: - - linux-x86_64 - environment: staging - needs: - - prepare-workflow - - build-docs - - build-src-repo - - build-deb-repo - - build-rpm-repo - - build-windows-repo - - build-macos-repo - - build-onedir-repo - - steps: - - - uses: actions/checkout@v4 - - - name: Get Salt Project GitHub Actions Bot Environment - run: | - TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download Repository Artifact - uses: actions/download-artifact@v4 - with: - pattern: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo-* - merge-multiple: true - path: repo/ - - - name: Decompress Repository Artifacts - run: | - find repo/ -type f -name '*.tar.gz' -print -exec tar xvf {} \; - find repo/ -type f -name '*.tar.gz' -print -exec rm -f {} \; - - - name: Show Repository - run: | - tree -a artifacts/pkgs/repo/ - - - name: Upload Repository Contents (staging) - env: - SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} - SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} - run: | - tools pkg repo publish staging --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} artifacts/pkgs/repo/ - upload-release-artifacts: name: Upload Release Artifacts needs: @@ -2206,7 +1454,6 @@ jobs: - build-deps-onedir - build-salt-onedir - build-pkgs-src - - publish-repositories - upload-release-artifacts - pkg-download-tests - publish-pypi diff --git a/.github/workflows/templates/nightly.yml.jinja b/.github/workflows/templates/nightly.yml.jinja index c2157ff523e..3bf88c07a95 100644 --- a/.github/workflows/templates/nightly.yml.jinja +++ b/.github/workflows/templates/nightly.yml.jinja @@ -56,65 +56,5 @@ concurrency: <%- block jobs %> <{- super() }> - <%- if includes.get("build-repos", True) %> - <%- include "build-repos.yml.jinja" %> - <%- endif %> - - publish-repositories: - <%- do conclusion_needs.append('publish-repositories') %> - name: Publish Repositories - if: ${{ always() && ! failure() && ! cancelled() }} - runs-on: - - linux-x86_64 - environment: <{ gh_environment }> - needs: - - prepare-workflow - - build-docs - <%- for need in build_repo_needs.iter(consume=True) %> - - <{ need }> - <%- endfor %> - <%- if workflow_slug == "nightly" %> - <%- for need in test_salt_needs.iter(consume=True) %> - - <{ need }> - <%- endfor %> - <%- endif %> - - steps: - - - uses: actions/checkout@v4 - - - name: Get Salt Project GitHub Actions Bot Environment - run: | - TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") - SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) - echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" - - - name: Setup Python Tools Scripts - uses: ./.github/actions/setup-python-tools-scripts - with: - cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }} - - - name: Download Repository Artifact - uses: actions/download-artifact@v4 - with: - pattern: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo-* - merge-multiple: true - path: repo/ - - - name: Decompress Repository Artifacts - run: | - find repo/ -type f -name '*.tar.gz' -print -exec tar xvf {} \; - find repo/ -type f -name '*.tar.gz' -print -exec rm -f {} \; - - - name: Show Repository - run: | - tree -a artifacts/pkgs/repo/ - - - name: Upload Repository Contents (<{ gh_environment }>) - env: - SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} - SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} - run: | - tools pkg repo publish <{ gh_environment }> --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} artifacts/pkgs/repo/ <%- endblock jobs %> diff --git a/.github/workflows/test-packages-action.yml b/.github/workflows/test-packages-action.yml index f29dcb6da94..09fdb608377 100644 --- a/.github/workflows/test-packages-action.yml +++ b/.github/workflows/test-packages-action.yml @@ -58,7 +58,7 @@ env: jobs: test-linux: - name: ${{ matrix.slug }} + name: ${{ matrix.test-chunk }} ${{ matrix.slug }} runs-on: - ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'linux-arm64' }} container: @@ -190,7 +190,7 @@ jobs: include-hidden-files: true test-macos: - name: ${{ matrix.slug }} + name: ${{ matrix.test-chunk }} ${{ matrix.slug }} runs-on: ${{ matrix.runner }} timeout-minutes: 150 # 2 & 1/2 Hours - More than this and something is wrong (MacOS needs a little more time) strategy: @@ -308,7 +308,7 @@ jobs: test-windows: - name: ${{ matrix.slug }} + name: ${{ matrix.test-chunk }} ${{ matrix.slug }} runs-on: ${{ matrix.distro-slug }} timeout-minutes: 120 # 2 Hours - More than this and something is wrong strategy: diff --git a/tools/ci.py b/tools/ci.py index 4853446ed1a..c8b82858761 100644 --- a/tools/ci.py +++ b/tools/ci.py @@ -1537,7 +1537,6 @@ def workflow_config( ctx.info(f"{pprint.pformat(gh_event)}") ctx.info(f"{'==== end github event ====':^80s}") - config = {} jobs = { "lint": True, @@ -1628,40 +1627,40 @@ def workflow_config( platforms = ["linux", "macos", "windows"] pkg_test_matrix = {} - for platform in platforms: - pkg_test_matrix[platform] = [ - dict( - { - "tests-chunk": "install", - "version": None, - }, - **_.as_dict(), - ) - for _ in TEST_SALT_PKG_LISTING[platform] # type: ignore - ] - for version in str_releases: + if not skip_pkg_tests: for platform in platforms: - pkg_test_matrix[platform] += [ + pkg_test_matrix[platform] = [ dict( { - "tests-chunk": "upgrade", - "version": version, + "tests-chunk": "install", + "version": None, }, **_.as_dict(), ) for _ in TEST_SALT_PKG_LISTING[platform] # type: ignore ] - pkg_test_matrix[platform] += [ - dict( - { - "tests-chunk": "downgrade", - "version": version, - }, - **_.as_dict(), - ) - for _ in TEST_SALT_PKG_LISTING[platform] # type: ignore - ] - + for version in str_releases: + for platform in platforms: + pkg_test_matrix[platform] += [ + dict( + { + "tests-chunk": "upgrade", + "version": version, + }, + **_.as_dict(), + ) + for _ in TEST_SALT_PKG_LISTING[platform] # type: ignore + ] + pkg_test_matrix[platform] += [ + dict( + { + "tests-chunk": "downgrade", + "version": version, + }, + **_.as_dict(), + ) + for _ in TEST_SALT_PKG_LISTING[platform] # type: ignore + ] ctx.info(f"{'==== pkg test matrix ====':^80s}") ctx.info(f"{pprint.pformat(pkg_test_matrix)}") ctx.info(f"{'==== end pkg test matrix ====':^80s}")