saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Some workflow fixes

Browse source 
Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
This commit is contained in:
Pedro Algarvio 2023-02-11 07:50:48 +00:00 committed by Pedro Algarvio
parent f9e24f6caa
commit bfc77d0c66
14 changed files with 76 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build-deb-repo.yml vendored
View file

@ -99,9 +99,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-macos-repo.yml vendored
View file

@ -66,9 +66,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-onedir-repo.yml vendored
View file

@ -102,9 +102,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-rpm-repo.yml vendored
View file

@ -96,9 +96,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-src-repo.yml vendored
View file

@ -66,9 +66,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

2
.github/workflows/build-windows-repo.yml vendored
View file

@ -72,9 +72,11 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

18
.github/workflows/ci.yml vendored
View file

@ -139,44 +139,44 @@ jobs:
- name: Process Changed Files
id: process-changed-files
run:
run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }}
run:
run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types
id: runner-types
run:
run: |
tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners
run:
run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs
id: define-jobs
run:
run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs
run:
run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun
id: define-testrun
run:
run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run
run:
run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run:
run: |
cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt

18
.github/workflows/nightly.yml vendored
View file

@ -137,44 +137,44 @@ jobs:
- name: Process Changed Files
id: process-changed-files
run:
run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }}
run:
run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types
id: runner-types
run:
run: |
tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners
run:
run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs
id: define-jobs
run:
run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs
run:
run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun
id: define-testrun
run:
run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run
run:
run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run:
run: |
cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt

16
.github/workflows/release.yml vendored
View file

@ -91,7 +91,6 @@ jobs:
uses: actions/checkout@v3
with:
ssh-key: ${{ secrets.GHA_SSH_KEY }}
fetch-depth: 0 # Full clone to also get the tags
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
@ -117,24 +116,27 @@ jobs:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git
shell: bash
run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com
git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true
- name: Setup Salt Release
id: release
- name: Prepare Release
id: prepare-release
run: |
tools pkg repo publish release ${{ needs.prepare-workflow.outputs.salt-version }}
tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Apply The Release Patch
run: |
@ -156,11 +158,11 @@ jobs:
uses: ncipollo/release-action@v1.12.0
with:
artifactErrorsFailBuild: true
artifacts: ${{ steps.release.outputs.release-artifacts }}
bodyFile: ${{ steps.release.outputs.release-messsage-file }}
artifacts: ${{ steps.prepare-release.outputs.release-artifacts }}
bodyFile: ${{ steps.prepare-release.outputs.release-messsage-file }}
draft: false
generateReleaseNotes: false
makeLatest: ${{ steps.release.outputs.make-latest }}
makeLatest: fromJSON(${{ steps.prepare-release.outputs.make-latest }})
name: v${{ needs.prepare-workflow.outputs.salt-version }}
prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }}
removeArtifacts: true

18
.github/workflows/scheduled.yml vendored
View file

@ -137,44 +137,44 @@ jobs:
- name: Process Changed Files
id: process-changed-files
run:
run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }}
run:
run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types
id: runner-types
run:
run: |
tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners
run:
run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs
id: define-jobs
run:
run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs
run:
run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun
id: define-testrun
run:
run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run
run:
run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run:
run: |
cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt

18
.github/workflows/staging.yml vendored
View file

@ -162,44 +162,44 @@ jobs:
- name: Process Changed Files
id: process-changed-files
run:
run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }}
run:
run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types
id: runner-types
run:
run: |
tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners
run:
run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs
id: define-jobs
run:
run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs
run:
run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun
id: define-testrun
run:
run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run
run:
run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run:
run: |
cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt

18
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -176,44 +176,44 @@ jobs:
- name: Process Changed Files
id: process-changed-files
run:
run: |
tools ci process-changed-files ${{ github.event_name }} changed-files.json
- name: Check Collected Changed Files
if: ${{ github.event_name == 'pull_request' }}
run:
run: |
echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.'
- name: Define Runner Types
id: runner-types
run:
run: |
tools ci runner-types ${{ github.event_name }}
- name: Check Defined Runners
run:
run: |
echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.'
- name: Define Jobs
id: define-jobs
run:
run: |
tools ci define-jobs ${{ github.event_name }} changed-files.json
- name: Check Defined Jobs
run:
run: |
echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
- name: Define Testrun
id: define-testrun
run:
run: |
tools ci define-testrun ${{ github.event_name }} changed-files.json
- name: Check Defined Test Run
run:
run: |
echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.'
- name: Check Contents of generated testrun-changed-files.txt
if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }}
run:
run: |
cat testrun-changed-files.txt || true
- name: Upload testrun-changed-files.txt

16
.github/workflows/templates/release.yml.jinja vendored
View file

@ -122,7 +122,6 @@ permissions:
uses: actions/checkout@v3
with:
ssh-key: ${{ secrets.GHA_SSH_KEY }}
fetch-depth: 0 # Full clone to also get the tags
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
@ -148,24 +147,27 @@ permissions:
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Configure Git
shell: bash
run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging"
git config --global user.email saltproject-packaging@vmware.com
git config --global user.signingkey 64CBBC8173D76B3F
git config --global commit.gpgsign true
- name: Setup Salt Release
id: release
- name: Prepare Release
id: prepare-release
run: |
tools pkg repo publish release ${{ needs.prepare-workflow.outputs.salt-version }}
tools pkg repo publish release --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }}
- name: Apply The Release Patch
run: |
@ -187,11 +189,11 @@ permissions:
uses: ncipollo/release-action@v1.12.0
with:
artifactErrorsFailBuild: true
artifacts: ${{ steps.release.outputs.release-artifacts }}
bodyFile: ${{ steps.release.outputs.release-messsage-file }}
artifacts: ${{ steps.prepare-release.outputs.release-artifacts }}
bodyFile: ${{ steps.prepare-release.outputs.release-messsage-file }}
draft: false
generateReleaseNotes: false
makeLatest: ${{ steps.release.outputs.make-latest }}
makeLatest: fromJSON(${{ steps.prepare-release.outputs.make-latest }})
name: v${{ needs.prepare-workflow.outputs.salt-version }}
prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }}
removeArtifacts: true

2
tools/changelog.py
View file

@ -252,7 +252,7 @@ def update_rpm(ctx: Context, salt_version: str, draft: bool = False):
if salt_version is None:
salt_version = _get_salt_version(ctx)
changes = _get_pkg_changelog_contents(ctx, salt_version)
ctx.info("Salt version is %s", salt_version)
ctx.info(f"Salt version is {salt_version}")
orig = ctx.run(
"sed",
f"s/Version: .*/Version: {salt_version}/g",