saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Some re-ordering, fixes, and pkg repo testing.

Browse source 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
This commit is contained in:
Pedro Algarvio 2023-02-27 13:01:21 +00:00 committed by Pedro Algarvio
parent 9de50684e6
commit 9b30cc129b
10 changed files with 643 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/actionlint.yaml vendored
View file

@ -5,6 +5,7 @@ self-hosted-runner:
- x86_64
- arm64
- aarch64
- amd64
- repo-nightly
- repo-staging
- repo-release

55
.github/workflows/release.yml vendored
View file

@ -93,8 +93,6 @@ jobs:
steps:
- name: Clone The Salt Repository
uses: actions/checkout@v3
with:
ssh-key: ${{ secrets.GHA_SSH_KEY }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
@ -103,7 +101,7 @@ jobs:
run: |
tools pkg repo backup-previous-releases
release:
publish-release-bucket:
name: Release v${{ needs.prepare-workflow.outputs.salt-version }}
runs-on:
- self-hosted
@ -114,6 +112,40 @@ jobs:
- backup
environment: release
steps:
- name: Clone The Salt Repository
uses: actions/checkout@v3
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
- name: Publish Release Repository
run: |
tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
test-repositories:
name: Test Staging Repository
needs:
- prepare-workflow
- publish-release-bucket
uses: ./.github/workflows/test-pkg-repo-uploads.yml
with:
environment: release
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
secrets:
salt-repo-domain: secrets.SALT_REPO_DOMAIN
release:
name: Release v${{ needs.prepare-workflow.outputs.salt-version }}
runs-on:
- self-hosted
- linux
- repo-release
needs:
- prepare-workflow
- backup
- test-repositories
environment: release
steps:
- name: Clone The Salt Repository
uses: actions/checkout@v3
@ -152,11 +184,11 @@ jobs:
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
TWINE_PASSWORD=$(aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/publishing/publish-pypi \
--query SecretString --output text | jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "$SECRETS_KEY_FILE" -d -)
echo "::add-mask::$TWINE_PASSWORD"
echo "twine-password=$TWINE_PASSWORD" >> "${GITHUB_OUTPUT}"
- name: Prepare Release
id: prepare-release
run: |
tools pkg repo publish github --repository ${{ github.repository }} --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Configure Git
shell: bash
@ -167,11 +199,6 @@ jobs:
git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true
- name: Prepare Release
id: prepare-release
run: |
tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Apply The Release Patch
run: |
git am --committer-date-is-author-date release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch
@ -218,6 +245,8 @@ jobs:
needs:
- check-requirements
- prepare-workflow
- publish-release-bucket
- test-repositories
- release
steps:
- name: Get workflow information

29
.github/workflows/staging.yml vendored
View file

@ -10,6 +10,10 @@ on:
type: string
required: true
description: The Salt version to set prior to building packages and staging the release.
skip-salt-test-suite:
type: boolean
default: false
description: Skip running the Salt test suite.
env:
COLUMNS: 190
@ -186,7 +190,7 @@ jobs:
- name: Define Jobs
id: define-jobs
run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json
tools ci define-jobs ${{ inputs.skip-salt-test-suite && '--skip-tests' || '' }} ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs
run: |
@ -888,7 +892,7 @@ jobs:
needs:
- prepare-workflow
- build-docs
- publish-repositories
- build-repositories
environment: staging
runs-on:
- self-hosted
@ -932,23 +936,22 @@ jobs:
name: Test Staging Repository
needs:
- prepare-workflow
- upload-release-artifacts
environment: staging
runs-on:
- self-hosted
- linux
- repo-staging
steps:
- name: Stub
run: |
echo "just a stub"
- publish-repositories
uses: ./.github/workflows/test-pkg-repo-uploads.yml
with:
environment: staging
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
secrets:
salt-repo-user: secrets.SALT_REPO_USER
salt-repo-pass: secrets.SALT_REPO_PASS
salt-repo-domain: secrets.SALT_REPO_DOMAIN
publish-pypi:
name: Publish to PyPi(test)
needs:
- prepare-workflow
- test-repositories
- upload-release-artifacts
environment: staging
runs-on:
- self-hosted

3
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -1,5 +1,6 @@
# Do not edit these workflows directly as the changes made will be overwritten.
# Instead, edit the template '<{ template }>'
<%- set prepare_workflow_skip_test_suite = prepare_workflow_skip_test_suite|default("") %>
<%- set prepare_workflow_salt_version_input = prepare_workflow_salt_version_input|default("") %>
<%- set python_version_linux = "3.10.10" %>
<%- set python_version_macos = "3.10.10" %>
@ -205,7 +206,7 @@ jobs:
- name: Define Jobs
id: define-jobs
run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json
tools ci define-jobs<{ prepare_workflow_skip_test_suite }> ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs
run: |

55
.github/workflows/templates/release.yml.jinja vendored
View file

@ -123,8 +123,6 @@ permissions:
steps:
- name: Clone The Salt Repository
uses: actions/checkout@v3
with:
ssh-key: ${{ secrets.GHA_SSH_KEY }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
@ -133,6 +131,42 @@ permissions:
run: |
tools pkg repo backup-previous-releases
publish-release-bucket:
<%- do conclusion_needs.append('publish-release-bucket') %>
name: Release v${{ needs.prepare-workflow.outputs.salt-version }}
runs-on:
- self-hosted
- linux
- repo-<{ gh_environment }>
needs:
- prepare-workflow
- backup
environment: <{ gh_environment }>
steps:
- name: Clone The Salt Repository
uses: actions/checkout@v3
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
- name: Publish Release Repository
run: |
tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
test-repositories:
<%- do conclusion_needs.append('test-repositories') %>
name: Test Staging Repository
needs:
- prepare-workflow
- publish-release-bucket
uses: ./.github/workflows/test-pkg-repo-uploads.yml
with:
environment: <{ gh_environment }>
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
secrets:
salt-repo-domain: secrets.SALT_REPO_DOMAIN
release:
<%- do conclusion_needs.append('release') %>
name: Release v${{ needs.prepare-workflow.outputs.salt-version }}
@ -143,8 +177,8 @@ permissions:
needs:
- prepare-workflow
- backup
- test-repositories
environment: <{ gh_environment }>
steps:
- name: Clone The Salt Repository
uses: actions/checkout@v3
@ -183,11 +217,11 @@ permissions:
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
TWINE_PASSWORD=$(aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/publishing/publish-pypi \
--query SecretString --output text | jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "$SECRETS_KEY_FILE" -d -)
echo "::add-mask::$TWINE_PASSWORD"
echo "twine-password=$TWINE_PASSWORD" >> "${GITHUB_OUTPUT}"
- name: Prepare Release
id: prepare-release
run: |
tools pkg repo publish github --repository ${{ github.repository }} --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Configure Git
shell: bash
@ -198,11 +232,6 @@ permissions:
git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true
- name: Prepare Release
id: prepare-release
run: |
tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Apply The Release Patch
run: |
git am --committer-date-is-author-date release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch

30
.github/workflows/templates/staging.yml.jinja vendored
View file

@ -1,4 +1,5 @@
<%- set prepare_workflow_salt_version_input = "${{ inputs.salt-version }}" %>
<%- set prepare_workflow_skip_test_suite = " ${{ inputs.skip-salt-test-suite && '--skip-tests' || '' }}" %>
<%- set gh_environment = "staging" %>
<%- set prepare_actual_release = True %>
<%- extends 'nightly.yml.jinja' %>
@ -12,6 +13,10 @@ on:
type: string
required: true
description: The Salt version to set prior to building packages and staging the release.
skip-salt-test-suite:
type: boolean
default: false
description: Skip running the Salt test suite.
<%- endblock on %>
@ -65,7 +70,7 @@ concurrency:
needs:
- prepare-workflow
- build-docs
- publish-repositories
- build-repositories
environment: <{ gh_environment }>
runs-on:
- self-hosted
@ -115,24 +120,20 @@ concurrency:
run: |
tools release upload-artifacts ${{ needs.prepare-workflow.outputs.salt-version }} artifacts/release
{#- We need the package upload tests against staging added here #}
test-repositories:
<%- do conclusion_needs.append('test-repositories') %>
name: Test Staging Repository
needs:
- prepare-workflow
- upload-release-artifacts
environment: <{ gh_environment }>
runs-on:
- self-hosted
- linux
- repo-<{ gh_environment }>
steps:
- name: Stub
run: |
echo "just a stub"
- publish-repositories
uses: ./.github/workflows/test-pkg-repo-uploads.yml
with:
environment: <{ gh_environment }>
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
secrets:
salt-repo-user: secrets.SALT_REPO_USER
salt-repo-pass: secrets.SALT_REPO_PASS
salt-repo-domain: secrets.SALT_REPO_DOMAIN
publish-pypi:
<%- do conclusion_needs.append('publish-pypi') %>
@ -140,6 +141,7 @@ concurrency:
needs:
- prepare-workflow
- test-repositories
- upload-release-artifacts
environment: <{ gh_environment }>
runs-on:
- self-hosted

427
.github/workflows/test-pkg-repo-uploads.yml vendored Normal file
View file

@ -0,0 +1,427 @@
---
name: Build Packaging Dependencies Onedir
on:
workflow_call:
inputs:
environment:
type: string
required: true
salt-version:
type: string
required: true
description: The Salt version to set prior to building packages.
secrets:
salt-repo-domain:
required: true
salt-repo-user:
required: false
salt-repo-pass:
required: false
jobs:
test-amazon-repo:
name: Amazon Linux
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
version:
- "2"
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
environment: ${{ inputs.environment }}
container: ghcr.io/saltstack/salt-ci-containers/amazonlinux:${{ matrix.version }}
steps:
- name: Setup Repo Base URL
run: |
if [ "${{ secrets.salt-repo-user }}" != "" ]; then
BASE_URL="https://${{ secrets.salt-repo-user }}:${{ secrets.salt-repo-pass }}@${{ secrets.salt-repo-domain }}"
else
BASE_URL="https://{{ secrets.salt-repo-domain }}"
fi
echo "REPO_BASE_URL=$BASE_URL" >> "${GITHUB_ENV}"
- name: Import GPG Key
run: |
rpm --import ${{ env.REPO_BASE_URL }}/amazon/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}/SALT-PROJECT-GPG-PUBKEY-2023.pub
- name: Import Repo File
run: |
curl -fsSL -o /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo ${{ env.REPO_BASE_URL }}/amazon/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}.repo
echo baseurl=${{ env.REPO_BASE_URL }}/amazon/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }} >> /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo
echo gpgkey=${{ env.REPO_BASE_URL }}/amazon/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}/SALT-PROJECT-GPG-PUBKEY-2023.pub >> /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo
- name: Install Salt
run: |
yum clean expire-cache
yum install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api
- name: Test `salt-call --local test.versions`
run: |
salt-call --local test.versions
- name: Test `salt-call --local grains.items`
run: |
salt-call --local grains.items
- name: Test `salt --version`
run: |
salt --version
- name: Test `salt-master --version`
run: |
salt-master --version
- name: Test `salt-minion --version`
run: |
salt-minion --version
- name: Test `salt-ssh --version`
run: |
salt-ssh --version
- name: Test `salt-syndic --version`
run: |
salt-syndic --version
- name: Test `salt-api --version`
run: |
salt-api --version
- name: Test `salt-cloud --version`
run: |
salt-cloud --version
test-centos-repo:
name: Centos
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
version:
- "7"
- "stream8"
- "stream9"
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
environment: ${{ inputs.environment }}
container: ghcr.io/saltstack/salt-ci-containers/centos:${{ matrix.version }}
steps:
- name: Setup Repo Base URL
run: |
if [ "${{ secrets.salt-repo-user }}" != "" ]; then
BASE_URL="https://${{ secrets.salt-repo-user }}:${{ secrets.salt-repo-pass }}@${{ secrets.salt-repo-domain }}"
else
BASE_URL="https://{{ secrets.salt-repo-domain }}"
fi
echo "REPO_BASE_URL=$BASE_URL" >> "${GITHUB_ENV}"
- name: Import GPG Key
run: |
rpm --import ${{ env.REPO_BASE_URL }}/redhat/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}/SALT-PROJECT-GPG-PUBKEY-2023.pub
- name: Import Repo File
run: |
curl -fsSL -o /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo ${{ env.REPO_BASE_URL }}/redhat/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}.repo
echo baseurl=${{ env.REPO_BASE_URL }}/redhat/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }} >> /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo
echo gpgkey=${{ env.REPO_BASE_URL }}/redhat/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}/SALT-PROJECT-GPG-PUBKEY-2023.pub >> /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo
- name: Install Salt
run: |
yum clean expire-cache
yum install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api
- name: Test `salt-call --local test.versions`
run: |
salt-call --local test.versions
- name: Test `salt-call --local grains.items`
run: |
salt-call --local grains.items
- name: Test `salt --version`
run: |
salt --version
- name: Test `salt-master --version`
run: |
salt-master --version
- name: Test `salt-minion --version`
run: |
salt-minion --version
- name: Test `salt-ssh --version`
run: |
salt-ssh --version
- name: Test `salt-syndic --version`
run: |
salt-syndic --version
- name: Test `salt-api --version`
run: |
salt-api --version
- name: Test `salt-cloud --version`
run: |
salt-cloud --version
test-debian-repo:
name: Debian
strategy:
fail-fast: false
matrix:
include:
- {"version": "10", "codename": "buster", "arch": "amd64"}
- {"version": "10", "codename": "buster", "arch": "arm64"}
- {"version": "11", "codename": "bullseye", "arch": "amd64"}
- {"version": "11", "codename": "bullseye", "arch": "arm64"}
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
environment: ${{ inputs.environment }}
container: ghcr.io/saltstack/salt-ci-containers/debian:${{ matrix.version }}
steps:
- name: Setup Repo Base URL
run: |
if [ "${{ secrets.salt-repo-user }}" != "" ]; then
BASE_URL="https://${{ secrets.salt-repo-user }}:${{ secrets.salt-repo-pass }}@${{ secrets.salt-repo-domain }}"
else
BASE_URL="https://{{ secrets.salt-repo-domain }}"
fi
echo "REPO_BASE_URL=$BASE_URL" >> "${GITHUB_ENV}"
- name: Update System
run: |
apt-get update -y
apt-get install -y curl
- name: Download GPG Key
run: |
curl -fsSL -o /usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-2023.gpg \
${{ env.REPO_BASE_URL }}/debian/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version}}/SALT-PROJECT-GPG-PUBKEY-2023.gpg
- name: Setup Repo
run: |
echo "deb [signed-by=/usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-2023.gpg arch=${{ matrix.arch }}] ${{ env.REPO_BASE_URL }}/debian/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version}} ${{ matrix.codename }} main" | sudo tee /etc/apt/sources.list.d/salt.list
- name: Install Salt
run: |
apt-get update
apt-get install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api
yum install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api
- name: Test `salt-call --local test.versions`
run: |
salt-call --local test.versions
- name: Test `salt-call --local grains.items`
run: |
salt-call --local grains.items
- name: Test `salt --version`
run: |
salt --version
- name: Test `salt-master --version`
run: |
salt-master --version
- name: Test `salt-minion --version`
run: |
salt-minion --version
- name: Test `salt-ssh --version`
run: |
salt-ssh --version
- name: Test `salt-syndic --version`
run: |
salt-syndic --version
- name: Test `salt-api --version`
run: |
salt-api --version
- name: Test `salt-cloud --version`
run: |
salt-cloud --version
test-fedora-repo:
name: Fedora
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- arm64
version:
- "36"
- "37"
- "38"
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
environment: ${{ inputs.environment }}
container: ghcr.io/saltstack/salt-ci-containers/fedora:${{ matrix.version }}
steps:
- name: Setup Repo Base URL
run: |
if [ "${{ secrets.salt-repo-user }}" != "" ]; then
BASE_URL="https://${{ secrets.salt-repo-user }}:${{ secrets.salt-repo-pass }}@${{ secrets.salt-repo-domain }}"
else
BASE_URL="https://{{ secrets.salt-repo-domain }}"
fi
echo "REPO_BASE_URL=$BASE_URL" >> "${GITHUB_ENV}"
- name: Import GPG Key
run: |
rpm --import ${{ env.REPO_BASE_URL }}/fedora/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}/SALT-PROJECT-GPG-PUBKEY-2023.pub
- name: Import Repo File
run: |
curl -fsSL -o /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo ${{ env.REPO_BASE_URL }}/fedora/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}.repo
echo baseurl=${{ env.REPO_BASE_URL }}/fedora/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }} >> /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo
echo gpgkey=${{ env.REPO_BASE_URL }}/fedora/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version }}/SALT-PROJECT-GPG-PUBKEY-2023.pub >> /etc/yum.repos.d/salt-${{ inputs.salt-version }}.repo
- name: Install Salt
run: |
yum clean expire-cache
yum install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api
- name: Test `salt-call --local test.versions`
run: |
salt-call --local test.versions
- name: Test `salt-call --local grains.items`
run: |
salt-call --local grains.items
- name: Test `salt --version`
run: |
salt --version
- name: Test `salt-master --version`
run: |
salt-master --version
- name: Test `salt-minion --version`
run: |
salt-minion --version
- name: Test `salt-ssh --version`
run: |
salt-ssh --version
- name: Test `salt-syndic --version`
run: |
salt-syndic --version
- name: Test `salt-api --version`
run: |
salt-api --version
- name: Test `salt-cloud --version`
run: |
salt-cloud --version
test-ubuntu-repo:
name: Ubuntu
strategy:
fail-fast: false
matrix:
include:
- {"version": "20.04", "codename": "focal", "arch": "amd64"}
- {"version": "20.04", "codename": "focal", "arch": "arm64"}
- {"version": "22.04", "codename": "jammy", "arch": "amd64"}
- {"version": "22.04", "codename": "jammy", "arch": "arm64"}
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
environment: ${{ inputs.environment }}
container: ghcr.io/saltstack/salt-ci-containers/ubuntu:${{ matrix.version }}
steps:
- name: Setup Repo Base URL
run: |
if [ "${{ secrets.salt-repo-user }}" != "" ]; then
BASE_URL="https://${{ secrets.salt-repo-user }}:${{ secrets.salt-repo-pass }}@${{ secrets.salt-repo-domain }}"
else
BASE_URL="https://{{ secrets.salt-repo-domain }}"
fi
echo "REPO_BASE_URL=$BASE_URL" >> "${GITHUB_ENV}"
- name: Update System
run: |
apt-get update -y
apt-get install -y curl
- name: Download GPG Key
run: |
curl -fsSL -o /usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-2023.gpg \
${{ env.REPO_BASE_URL }}/ubuntu/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version}}/SALT-PROJECT-GPG-PUBKEY-2023.gpg
- name: Setup Repo
run: |
echo "deb [signed-by=/usr/share/keyrings/SALT-PROJECT-GPG-PUBKEY-2023.gpg arch=${{ matrix.arch }}] ${{ env.REPO_BASE_URL }}/ubuntu/${{ matrix.version }}/${{ matrix.arch }}/minor/${{ inputs.salt-version}} ${{ matrix.codename }} main" | sudo tee /etc/apt/sources.list.d/salt.list
- name: Install Salt
run: |
apt-get update
apt-get install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api
yum install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api
- name: Test `salt-call --local test.versions`
run: |
salt-call --local test.versions
- name: Test `salt-call --local grains.items`
run: |
salt-call --local grains.items
- name: Test `salt --version`
run: |
salt --version
- name: Test `salt-master --version`
run: |
salt-master --version
- name: Test `salt-minion --version`
run: |
salt-minion --version
- name: Test `salt-ssh --version`
run: |
salt-ssh --version
- name: Test `salt-syndic --version`
run: |
salt-syndic --version
- name: Test `salt-api --version`
run: |
salt-api --version
- name: Test `salt-cloud --version`
run: |
salt-cloud --version

13
tools/ci.py
View file

@ -220,6 +220,9 @@ def runner_types(ctx: Context, event_name: str):
"event_name": {
"help": "The name of the GitHub event being processed.",
},
"skip_tests": {
"help": "Skip running the Salt tests",
},
"changed_files": {
"help": (
"Path to '.json' file containing the payload of changed files "
@ -228,7 +231,9 @@ def runner_types(ctx: Context, event_name: str):
},
},
)
def define_jobs(ctx: Context, event_name: str, changed_files: pathlib.Path):
def define_jobs(
ctx: Context, event_name: str, changed_files: pathlib.Path, skip_tests: bool = False
):
"""
Set GH Actions 'jobs' output to know which jobs should run.
"""
@ -258,6 +263,10 @@ def define_jobs(ctx: Context, event_name: str, changed_files: pathlib.Path):
"build-salt-onedir": True,
"build-pkgs": True,
}
if skip_tests:
jobs["test"] = False
if event_name != "pull_request":
# In this case, all defined jobs should run
ctx.info("Writing 'jobs' to the github outputs file")
@ -309,7 +318,7 @@ def define_jobs(ctx: Context, event_name: str, changed_files: pathlib.Path):
changed_files_contents["workflows"],
changed_files_contents["golden_images"],
}
if required_test_changes == {"false"}:
if jobs["test"] and required_test_changes == {"false"}:
with open(github_step_summary, "a", encoding="utf-8") as wfh:
wfh.write("De-selecting the 'test' jobs.\n")
jobs["test"] = False

4
tools/pkg.py
View file

@ -420,8 +420,10 @@ def pypi_upload(ctx: Context, files: list[pathlib.Path], test: bool = False):
"upload",
f"--repository-url={repository_url}",
"--username=__token__",
*[str(fpath) for fpath in files],
]
if test is True:
cmdline.append("--skip-existing")
cmdline.extend([str(fpath) for fpath in files])
ctx.info(f"Running '{' '.join(cmdline)}' ...")
ret = ctx.run(*cmdline, check=False)
if ret.returncode:

99
tools/pkgrepo.py
View file

@ -1184,7 +1184,43 @@ def release(
Callback=tools.utils.UpdateProgress(progress, task),
)
# Let's now download the release artifacts stored in staging
@publish.command(
arguments={
"salt_version": {
"help": "The salt version to release.",
},
"rc_build": {
"help": "Release Candidate repository target",
},
"key_id": {
"help": "The GnuPG key ID used to sign.",
"required": True,
},
"repository": {
"help": (
"The full repository name, ie, 'saltstack/salt' on GitHub "
"to run the checks against."
)
},
}
)
def github(
ctx: Context,
salt_version: str,
key_id: str = None,
rc_build: bool = False,
repository: str = "saltstack/salt",
):
"""
Publish the release on GitHub releases.
"""
if TYPE_CHECKING:
assert key_id is not None
s3 = boto3.client("s3")
# Let's download the release artifacts stored in staging
artifacts_path = pathlib.Path.cwd() / "release-artifacts"
artifacts_path.mkdir(exist_ok=True)
release_artifacts_listing: dict[pathlib.Path, int] = {}
@ -1226,6 +1262,7 @@ def release(
if artifact.suffix == ".patch":
continue
tools.utils.gpg_sign(ctx, key_id, artifact)
# Export the GPG key in use
tools.utils.export_gpg_key(ctx, key_id, artifacts_path)
@ -1257,8 +1294,13 @@ def release(
with open(github_output, "a", encoding="utf-8") as wfh:
wfh.write(f"release-messsage-file={release_message_path.resolve()}\n")
releases = _get_salt_releases(ctx, repository)
if Version(salt_version) >= releases[-1]:
make_latest = True
else:
make_latest = False
with open(github_output, "a", encoding="utf-8") as wfh:
wfh.write(f"make-latest={json.dumps(update_latest)}\n")
wfh.write(f"make-latest={json.dumps(make_latest)}\n")
artifacts_to_upload = []
for artifact in artifacts_path.iterdir():
@ -1293,6 +1335,19 @@ def confirm_unreleased(
"""
Confirm that the passed version is not yet tagged and/or released.
"""
releases = _get_salt_releases(ctx, repository)
if Version(salt_version) in releases:
ctx.error(f"There's already a '{salt_version}' tag or github release.")
ctx.exit(1)
ctx.info(f"Could not find a release for Salt Version '{salt_version}'")
ctx.exit(0)
def _get_salt_releases(ctx: Context, repository: str) -> list[Version]:
"""
Return a list of salt versions
"""
versions = set()
with ctx.web as web:
web.headers.update({"Accept": "application/vnd.github+json"})
ret = web.get(f"https://api.github.com/repos/{repository}/tags")
@ -1302,26 +1357,38 @@ def confirm_unreleased(
)
ctx.exit(1)
for tag in ret.json():
if tag["name"] in (salt_version, f"v{salt_version}"):
ctx.error(f"There's already a '{tag['name']}' tag.")
ctx.exit(1)
# Maybe there's a release but no tag?!
name = tag["name"]
if name.startswith("v"):
name = name[1:]
if "-" in name:
# We're not going to parse dash tags
continue
if "docs" in name:
# We're not going to consider doc tags
continue
versions.add(Version(name))
# Now let's go through the github releases
ret = web.get(f"https://api.github.com/repos/{repository}/releases")
if ret.status_code != 200:
ctx.error(
f"Failed to get the tags for repository {repository!r}: {ret.reason}"
f"Failed to get the releases for repository {repository!r}: {ret.reason}"
)
ctx.exit(1)
for release in ret.json():
if release["name"] in (salt_version, f"v{salt_version}"):
ctx.error(f"There's already a '{release['name']}' release.")
ctx.exit(1)
if release["tag_name"] in (salt_version, f"v{salt_version}"):
ctx.error(f"There's already a '{release['tag_name']}' release.")
ctx.exit(1)
ctx.info(f"Could not find a release for Salt Version '{salt_version}'")
ctx.exit(0)
name = release["name"]
if name.startswith("v"):
name = name[1:]
if not name:
print(123, release)
if name and "-" not in name and "docs" not in name:
# We're not going to parse dash or docs releases
versions.add(Version(name))
name = release["tag_name"]
if "-" not in name and "docs" not in name:
# We're not going to parse dash or docs releases
versions.add(Version(name))
return sorted(versions)
def _get_repo_detailed_file_list(