saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #65553 from s0undt3ch/hotfix/merge-forward

Browse source 
[master] Merge 3006.x into master
This commit is contained in:
Daniel Wozniak 2023-12-07 16:35:19 -07:00 committed by GitHub
commit c9afe46ad9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
375 changed files with 21996 additions and 10745 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/actionlint.yaml vendored
View file

@ -11,3 +11,4 @@ self-hosted-runner:
- repo-release
- medium
- large
- macos-13-xlarge

2
.github/actions/build-onedir-deps/action.yml vendored
View file

@ -39,7 +39,7 @@ runs:
- name: Cache Deps Onedir Package Directory
id: onedir-pkg-cache
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: artifacts/${{ inputs.package-name }}
key: >

2
.github/actions/build-onedir-salt/action.yml vendored
View file

@ -43,7 +43,7 @@ runs:
- name: Download Cached Deps Onedir Package Directory
id: onedir-bare-cache
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: artifacts/${{ inputs.package-name }}
key: >

38
.github/actions/cached-virtualenv/action.yml vendored
View file

@ -42,19 +42,29 @@ runs:
run: |
echo "cache-key=${{ inputs.cache-seed }}|${{ runner.os }}|${{ runner.arch }}|cached-venv|${{ steps.get-python-version.outputs.version }}|${{ inputs.name }}" >> "${GITHUB_OUTPUT}"
- name: Define VirtualEnv path
shell: bash
id: virtualenv-path
run: |
cd ${{ github.workspace }} > /dev/null 2>&1 || true
VENVS_PATH=$(echo ".venvs/py${{ steps.get-python-version.outputs.version }}" | python3 -c 'import sys, pathlib; sys.stdout.write(pathlib.Path.cwd().joinpath(sys.stdin.read()).as_posix())')
echo "venvs-path=$VENVS_PATH" | tee -a "$GITHUB_OUTPUT"
VENV_PATH=$(echo ".venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }}" | python3 -c 'import sys, pathlib; sys.stdout.write(pathlib.Path.cwd().joinpath(sys.stdin.read()).as_posix())')
echo "venv-path=$VENV_PATH" | tee -a "$GITHUB_OUTPUT"
- name: Cache VirtualEnv
id: cache-virtualenv
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
key: ${{ steps.setup-cache-key.outputs.cache-key }}
path: ${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }}
path: ${{ steps.virtualenv-path.outputs.venv-path }}
- name: Create Virtualenv
shell: bash
if: ${{ steps.cache-virtualenv.outputs.cache-hit != 'true' }}
run: |
mkdir -p ${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}
python3 -m venv --upgrade ${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }}
mkdir -p ${{ steps.virtualenv-path.outputs.venvs-path }}
python3 -m venv --upgrade ${{ steps.virtualenv-path.outputs.venv-path }}
- name: Define python executable output
shell: bash
@ -62,10 +72,22 @@ runs:
run: |
shopt -s nocasematch
if [[ "${{ runner.os }}" =~ "win" ]]; then
BIN_DIR="${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }}/Scripts"
BIN_DIR="${{ steps.virtualenv-path.outputs.venv-path }}/Scripts"
PY_EXE="$BIN_DIR/python.exe"
else
BIN_DIR="${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }}/bin"
BIN_DIR="${{ steps.virtualenv-path.outputs.venv-path }}/bin"
PY_EXE="$BIN_DIR/python3"
if [ ! -f "$PY_EXE" ]; then
echo "The '${PY_EXE}' binary does not exist. Setting it to '$BIN_DIR/python' ..."
PY_EXE="$BIN_DIR/python"
fi
if [ ! -f "$PY_EXE" ]; then
echo "The '${PY_EXE}' binary does not exist. Showing the tree output for '${BIN_DIR}' ..."
tree -a "$BIN_DIR"
exit 1
fi
fi
shopt -u nocasematch
echo "python-executable=$BIN_DIR/python" >> "${GITHUB_OUTPUT}"
echo "${BIN_DIR}" >> "${GITHUB_PATH}"
$PY_EXE --version
echo "python-executable=$PY_EXE" | tee -a "${GITHUB_OUTPUT}"
echo "${BIN_DIR}" | tee -a "${GITHUB_PATH}"

14
.github/actions/get-python-version/action.yml vendored
View file

@ -13,6 +13,8 @@ outputs:
value: ${{ steps.get-python-version.outputs.version }}
full-version:
value: ${{ steps.get-python-version.outputs.full-version }}
version-sha256sum:
value: ${{ steps.get-python-version.outputs.version-sha256sum }}
runs:
@ -20,12 +22,24 @@ runs:
steps:
- name: Install System Packages
if: ${{ runner.os == 'macOS' }}
shell: bash
run: |
brew install coreutils
- name: Get Python Version
id: get-python-version
shell: bash
run: |
echo "Python Binary: ${{ inputs.python-binary }}"
echo "binary=${{ inputs.python-binary }}" >> "$GITHUB_OUTPUT"
PY_VERSION=$(${{ inputs.python-binary }} -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info))")
echo "PY_VERSION=$PY_VERSION"
echo "version=$PY_VERSION" >> "$GITHUB_OUTPUT"
PY_FULL_VERSION=$(${{ inputs.python-binary }} -c "import sys; sys.stdout.write('{}.{}.{}'.format(*sys.version_info))")
echo "PY_FULL_VERSION=$PY_FULL_VERSION"
echo "full-version=$PY_FULL_VERSION" >> "$GITHUB_OUTPUT"
VERSION_SHA256SUM=$(${{ inputs.python-binary }} --version --version | sha256sum | cut -d ' ' -f 1)
echo "VERSION_SHA256SUM=$VERSION_SHA256SUM"
echo "version-sha256sum=$VERSION_SHA256SUM" >> "$GITHUB_OUTPUT"

2
.github/actions/setup-actionlint/action.yml vendored
View file

@ -15,7 +15,7 @@ runs:
steps:
- name: Cache actionlint Binary
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: /usr/local/bin/actionlint
key: ${{ inputs.cache-seed }}|${{ runner.os }}|${{ runner.arch }}|actionlint|${{ inputs.version }}

2
.github/actions/setup-pre-commit/action.yml vendored
View file

@ -36,7 +36,7 @@ runs:
${{ steps.pre-commit-virtualenv.outputs.python-executable }} -m pip install pre-commit==${{ inputs.version }}
- name: Cache Pre-Commit Hooks
uses: actions/cache@v3
uses: actions/cache@v3.3.1
id: pre-commit-hooks-cache
with:
key: ${{ steps.pre-commit-virtualenv.outputs.cache-key }}|${{ inputs.version }}|${{ hashFiles('.pre-commit-config.yaml') }}

37
.github/actions/setup-python-tools-scripts/action.yml vendored
View file

@ -3,6 +3,10 @@ name: setup-python-tools-scripts
description: Setup 'python-tools-scripts'
inputs:
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
cwd:
type: string
description: The directory the salt checkout is located in
@ -29,15 +33,38 @@ runs:
with:
python-binary: python3
- name: Define Cache Hash
id: venv-hash
shell: bash
run: |
VENV_NAME_HASH=$(echo "${{ inputs.cache-prefix }}|${{ github.workflow }}|${{
steps.get-python-version.outputs.version-sha256sum }}|${{
hashFiles('requirements/**/*.txt', 'tools/**/*.py') }}" | sha256sum | cut -d ' ' -f 1)
echo "TOOLS_VIRTUALENV_CACHE_SEED=$VENV_NAME_HASH" | tee -a "${GITHUB_ENV}"
echo "venv-hash=$VENV_NAME_HASH" | tee -a "${GITHUB_OUTPUT}"
- uses: ./.github/actions/cached-virtualenv
id: tools-virtualenv
with:
name: tools.${{ steps.venv-hash.outputs.venv-hash }}
cache-seed: tools|${{ steps.venv-hash.outputs.venv-hash }}
- name: Restore Python Tools Virtualenvs Cache
uses: actions/cache@v3.3.1
with:
path: ${{ inputs.cwd }}/.tools-venvs
key: ${{ inputs.cache-prefix }}|${{ steps.venv-hash.outputs.venv-hash }}
- name: Install 'python-tools-scripts'
shell: bash
working-directory: ${{ inputs.cwd }}
run: |
(python3 -m pip install --help | grep break-system-packages > /dev/null 2>&1) && exitcode=0 || exitcode=1
PYTHON_EXE=${{ steps.tools-virtualenv.outputs.python-executable }}
(${PYTHON_EXE} -m pip install --help | grep break-system-packages > /dev/null 2>&1) && exitcode=0 || exitcode=1
if [ $exitcode -eq 0 ]; then
python3 -m pip install --break-system-packages -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt
${PYTHON_EXE} -m pip install --break-system-packages -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt
else
python3 -m pip install -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt
${PYTHON_EXE} -m pip install -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt
fi
- name: Get 'python-tools-scripts' Version
@ -45,5 +72,7 @@ runs:
shell: bash
working-directory: ${{ inputs.cwd }}
run: |
VERSION=$(tools --version)
# The first time `tools` runs with newer virtual enviroments we need to disregard the output
tools --debug --version
VERSION=$(tools --version | tail -n 1)
echo "version=$VERSION" >> "${GITHUB_OUTPUT}"

2
.github/actions/setup-relenv/action.yml vendored
View file

@ -45,7 +45,7 @@ runs:
python3 -m pip install relenv==${{ inputs.version }}
- name: Cache Relenv Data Directory
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: ${{ github.workspace }}/.relenv
key: ${{ inputs.cache-seed }}|relenv|${{ inputs.version }}|${{ inputs.python-version }}|${{ inputs.platform }}|${{ inputs.arch }}

2
.github/actions/setup-shellcheck/action.yml vendored
View file

@ -15,7 +15,7 @@ runs:
steps:
- name: Cache shellcheck Binary
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: /usr/local/bin/shellcheck
key: ${{ inputs.cache-seed }}|${{ runner.os }}|${{ runner.arch }}|shellcheck|${{ inputs.version }}

5
.github/workflows/build-deb-packages.yml vendored
View file

@ -20,6 +20,10 @@ on:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
@ -75,6 +79,7 @@ jobs:
uses: ./.github/actions/setup-python-tools-scripts
with:
cwd: pkgs/checkout/
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version

2
.github/workflows/build-deps-ci-action-macos.yml vendored
View file

@ -68,7 +68,7 @@ jobs:
- name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{

4
.github/workflows/build-deps-ci-action.yml vendored
View file

@ -72,7 +72,7 @@ jobs:
- name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
id: nox-dependencies-cache
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
@ -102,6 +102,8 @@ jobs:
- name: Setup Python Tools Scripts
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-build-deps-ci
- name: Get Salt Project GitHub Actions Bot Environment
if: steps.nox-dependencies-cache.outputs.cache-hit != 'true'

8
.github/workflows/build-deps-onedir-linux.yml vendored
View file

@ -59,6 +59,11 @@ jobs:
- uses: actions/checkout@v4
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-linux-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
@ -69,9 +74,6 @@ jobs:
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:

15
.github/workflows/build-deps-onedir-macos.yml vendored
View file

@ -46,7 +46,10 @@ jobs:
matrix:
arch:
- x86_64
runs-on: macos-12
- aarch64
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
@ -61,19 +64,21 @@ jobs:
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-macos
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
with:
platform: darwin
arch: ${{ matrix.arch }}
arch: ${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:

8
.github/workflows/build-deps-onedir-windows.yml vendored
View file

@ -62,6 +62,11 @@ jobs:
with:
python-version: "3.10"
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-deps-windows-${{ matrix.arch }}
- name: Setup Relenv
id: setup-relenv
uses: ./.github/actions/setup-relenv
@ -72,9 +77,6 @@ jobs:
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
- name: Install Salt Packaging Dependencies into Relenv Onedir
uses: ./.github/actions/build-onedir-deps
with:

4
.github/workflows/build-docs.yml vendored
View file

@ -56,6 +56,8 @@ jobs:
- name: Setup Python Tools Scripts
id: python-tools-scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}
- name: Configure Git
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
@ -69,7 +71,7 @@ jobs:
- name: Cache Python Tools Docs Virtualenv
id: tools-venvs-dependencies-cache
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: .tools-venvs/docs
key: ${{ inputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }}

13
.github/workflows/build-macos-packages.yml vendored
View file

@ -28,6 +28,10 @@ on:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
@ -44,13 +48,14 @@ jobs:
matrix:
arch:
- x86_64
- aarch64
source:
- ${{ inputs.source }}
runs-on:
- macos-12
steps:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: Check Package Signing Enabled
shell: bash
id: check-pkg-sign
@ -77,10 +82,12 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.9
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version

6
.github/workflows/build-rpm-packages.yml vendored
View file

@ -20,6 +20,10 @@ on:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
@ -64,6 +68,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version

2
.github/workflows/build-salt-onedir-linux.yml vendored
View file

@ -61,6 +61,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-windows
- name: Setup Salt Version
id: setup-salt-version

10
.github/workflows/build-salt-onedir-macos.yml vendored
View file

@ -46,9 +46,11 @@ jobs:
matrix:
arch:
- x86_64
runs-on: macos-12
steps:
- aarch64
runs-on:
- ${{ matrix.arch == 'aarch64' && 'macos-13-xlarge' || 'macos-12' }}
steps:
- name: "Throttle Builds"
shell: bash
run: |
@ -65,13 +67,15 @@ jobs:
uses: ./.github/actions/setup-relenv
with:
platform: darwin
arch: ${{ matrix.arch }}
arch: ${{ matrix.arch == 'aarch64' && 'arm64' || matrix.arch }}
version: ${{ inputs.relenv-version }}
cache-seed: ${{ inputs.cache-seed }}
python-version: ${{ inputs.python-version }}
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version

2
.github/workflows/build-salt-onedir-windows.yml vendored
View file

@ -74,6 +74,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-seed }}-build-salt-onedir-macos
- name: Setup Salt Version
id: setup-salt-version

8
.github/workflows/build-windows-packages.yml vendored
View file

@ -28,6 +28,10 @@ on:
required: true
type: string
description: The backend to build the packages with
cache-prefix:
required: true
type: string
description: Seed used to invalidate caches
env:
COLUMNS: 190
@ -88,10 +92,12 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: 3.9
python-version: 3.11
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Setup Salt Version
id: setup-salt-version

476
.github/workflows/ci.yml vendored
View file

File diff suppressed because it is too large Load diff

556
.github/workflows/nightly.yml vendored
View file

File diff suppressed because it is too large Load diff

5
.github/workflows/pre-commit-action.yml vendored
View file

@ -26,12 +26,15 @@ jobs:
container:
image: ghcr.io/saltstack/salt-ci-containers/python:3.10
env:
PRE_COMMIT_COLOR: always
steps:
- name: Install System Deps
run: |
apt-get update
apt-get install -y wget curl enchant-2 git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev
apt-get install -y wget curl enchant-2 git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev rustc
- name: Add Git Safe Directory
run: |

2
.github/workflows/release-upload-virustotal.yml vendored
View file

@ -43,6 +43,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: virus-total
- name: Upload to VirusTotal
env:

68
.github/workflows/release.yml vendored
View file

@ -21,7 +21,7 @@ on:
env:
COLUMNS: 190
CACHE_SEED: SEED-3 # Bump the number to invalidate all caches
CACHE_SEED: SEED-7 # Bump the number to invalidate all caches
RELENV_DATA: "${{ github.workspace }}/.relenv"
permissions:
@ -70,6 +70,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ env.CACHE_SEED }}
- name: Pretty Print The GH Actions Event
run:
@ -142,6 +144,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -241,6 +245,22 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
macos-13-xlarge-ci-deps:
name: macOS 13 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action-macos.yml
with:
distro-slug: macos-13-xlarge
nox-session: ci-test-onedir
platform: darwin
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
almalinux-8-ci-deps:
name: Alma Linux 8 Deps
needs:
@ -337,6 +357,38 @@ jobs:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2023-ci-deps:
name: Amazon Linux 2023 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2023
nox-session: ci-test-onedir
platform: linux
arch: x86_64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
amazonlinux-2023-arm64-ci-deps:
name: Amazon Linux 2023 Arm64 Deps
needs:
- prepare-workflow
- download-onedir-artifact
uses: ./.github/workflows/build-deps-ci-action.yml
with:
distro-slug: amazonlinux-2023-arm64
nox-session: ci-test-onedir
platform: linux
arch: aarch64
nox-version: 2022.8.7
python-version: "3.10"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.13
archlinux-lts-ci-deps:
name: Arch Linux LTS Deps
needs:
@ -792,6 +844,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Backup Previous Releases
id: backup
@ -822,6 +876,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Publish Release Repository
env:
@ -842,6 +898,8 @@ jobs:
- almalinux-9-ci-deps
- amazonlinux-2-arm64-ci-deps
- amazonlinux-2-ci-deps
- amazonlinux-2023-arm64-ci-deps
- amazonlinux-2023-ci-deps
- centos-7-arm64-ci-deps
- centos-7-ci-deps
- centosstream-8-arm64-ci-deps
@ -859,6 +917,7 @@ jobs:
- fedora-38-ci-deps
- macos-12-ci-deps
- macos-13-ci-deps
- macos-13-xlarge-ci-deps
- photonos-3-arm64-ci-deps
- photonos-3-ci-deps
- photonos-4-arm64-ci-deps
@ -904,6 +963,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Setup GnuPG
run: |
@ -1007,6 +1068,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Setup GnuPG
run: |
@ -1062,12 +1125,15 @@ jobs:
- windows-2022-ci-deps
- macos-12-ci-deps
- macos-13-ci-deps
- macos-13-xlarge-ci-deps
- almalinux-8-ci-deps
- almalinux-8-arm64-ci-deps
- almalinux-9-ci-deps
- almalinux-9-arm64-ci-deps
- amazonlinux-2-ci-deps
- amazonlinux-2-arm64-ci-deps
- amazonlinux-2023-ci-deps
- amazonlinux-2023-arm64-ci-deps
- archlinux-lts-ci-deps
- centos-7-ci-deps
- centos-7-arm64-ci-deps

476
.github/workflows/scheduled.yml vendored
View file

File diff suppressed because it is too large Load diff

553
.github/workflows/staging.yml vendored
View file

File diff suppressed because it is too large Load diff

2
.github/workflows/templates/build-ci-deps.yml.jinja vendored
View file

@ -48,7 +48,7 @@
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
arch: x86_64
arch: <{ arch }>
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"

2
.github/workflows/templates/build-deb-repo.yml.jinja vendored
View file

@ -31,6 +31,8 @@
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |

8
.github/workflows/templates/build-macos-repo.yml.jinja vendored
View file

@ -10,6 +10,8 @@
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -23,6 +25,12 @@
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86_64-macos
path: artifacts/pkgs/incoming
- name: Download macOS Arch64 Packages
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-aarch64-macos
path: artifacts/pkgs/incoming
- name: Setup GnuPG
run: |
sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg

8
.github/workflows/templates/build-onedir-repo.yml.jinja vendored
View file

@ -10,6 +10,8 @@
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -35,6 +37,12 @@
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-x86_64.tar.xz
path: artifacts/pkgs/incoming
- name: Download macOS arm64 Onedir Archive
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-aarch64.tar.xz
path: artifacts/pkgs/incoming
- name: Download Windows amd64 Onedir Archive
uses: actions/download-artifact@v3
with:

1
.github/workflows/templates/build-packages.yml.jinja vendored
View file

@ -20,6 +20,7 @@
uses: ./.github/workflows/build-<{ pkg_type }>-packages.yml
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
relenv-version: "<{ relenv_version }>"
python-version: "<{ python_version }>"
source: "<{ backend }>"

17
.github/workflows/templates/build-rpm-repo.yml.jinja vendored
View file

@ -5,24 +5,37 @@
include:
<%- for distro, version, arch in (
("amazon", "2", "x86_64"),
("amazon", "2", "arm64"),
("amazon", "2", "aarch64"),
("amazon", "2023", "x86_64"),
("amazon", "2023", "arm64"),
("amazon", "2023", "aarch64"),
("redhat", "7", "x86_64"),
("redhat", "7", "arm64"),
("redhat", "7", "aarch64"),
("redhat", "8", "x86_64"),
("redhat", "8", "arm64"),
("redhat", "8", "aarch64"),
("redhat", "9", "x86_64"),
("redhat", "9", "arm64"),
("redhat", "9", "aarch64"),
("fedora", "36", "x86_64"),
("fedora", "36", "arm64"),
("fedora", "36", "aarch64"),
("fedora", "37", "x86_64"),
("fedora", "37", "arm64"),
("fedora", "37", "aarch64"),
("fedora", "38", "x86_64"),
("fedora", "38", "arm64"),
("fedora", "38", "aarch64"),
("photon", "3", "x86_64"),
("photon", "3", "arm64"),
("photon", "3", "aarch64"),
("photon", "4", "x86_64"),
("photon", "4", "arm64"),
("photon", "4", "aarch64"),
("photon", "5", "x86_64"),
("photon", "5", "arm64"),
("photon", "5", "aarch64"),
) %>
- pkg-type: rpm
@ -41,6 +54,8 @@
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -51,7 +66,7 @@
- name: Download RPM Packages
uses: actions/download-artifact@v3
with:
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm
name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}-rpm
path: artifacts/pkgs/incoming
- name: Setup GnuPG

2
.github/workflows/templates/build-src-repo.yml.jinja vendored
View file

@ -10,6 +10,8 @@
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |

2
.github/workflows/templates/build-windows-repo.yml.jinja vendored
View file

@ -10,6 +10,8 @@
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |

43
.github/workflows/templates/ci.yml.jinja vendored
View file

@ -59,28 +59,19 @@
steps:
- uses: actions/checkout@v4
- name: Get Python Version
id: get-python-version
uses: ./.github/actions/get-python-version
<%- if not prepare_actual_release %>
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-binary: python3
python-version: "3.10"
<%- endif %>
- name: Setup Python Tools Scripts
id: python-tools-scripts
uses: ./.github/actions/setup-python-tools-scripts
- name: Cache Python Tools Docs Virtualenv
uses: actions/cache@v3
with:
path: .tools-venvs/docs
key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }}
- name: Cache Python Tools Changelog Virtualenv
uses: actions/cache@v3
with:
path: .tools-venvs/changelog
key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|changelog|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/changelog.txt') }}
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}-changelog
- name: Setup Salt Version
id: setup-salt-version
@ -168,6 +159,7 @@
if: ${{ startsWith(github.event.ref, 'refs/tags') == false }}
env:
SKIP: lint-salt,lint-tests
PRE_COMMIT_COLOR: always
run: |
# Run it twice so that pre-commit can fix anything that can be automatically fixed.
git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" || \
@ -227,15 +219,10 @@
with:
python-version: "3.10"
- name: Get Python Version
id: get-python-version
uses: ./.github/actions/get-python-version
with:
python-binary: python3
- name: Setup Python Tools Scripts
id: python-tools-scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}-build
- name: Setup Salt Version
id: setup-salt-version
@ -243,12 +230,6 @@
with:
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
- name: Cache Python Tools Build Virtualenv
uses: actions/cache@v3
with:
path: .tools-venvs/build
key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|build|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/build.txt') }}
- name: Build Source Tarball
uses: ./.github/actions/build-source-tarball
with:
@ -351,6 +332,8 @@
- name: Setup Python Tools Scripts
id: python-tools-scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}-coverage
- name: Install Nox
run: |

5
.github/workflows/templates/layout.yml.jinja vendored
View file

@ -34,7 +34,7 @@ on:
env:
COLUMNS: 190
CACHE_SEED: SEED-3 # Bump the number to invalidate all caches
CACHE_SEED: SEED-7 # Bump the number to invalidate all caches
RELENV_DATA: "${{ github.workspace }}/.relenv"
<%- endblock env %>
@ -148,6 +148,7 @@ jobs:
- .github/actions/**/action.yml
- .github/workflows/*.yml
- .github/workflows/templates/*.yml.jinja2
- tools/precommit/workflows.py
salt:
- added|modified: &salt_added_modified
- setup.py
@ -185,6 +186,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ env.CACHE_SEED }}
- name: Pretty Print The GH Actions Event
run:

2
.github/workflows/templates/nightly.yml.jinja vendored
View file

@ -167,6 +167,8 @@ concurrency:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Download Repository Artifact
uses: actions/download-artifact@v3

14
.github/workflows/templates/release.yml.jinja vendored
View file

@ -98,6 +98,8 @@ permissions:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ env.CACHE_SEED }}
- name: Pretty Print The GH Actions Event
run:
@ -176,6 +178,8 @@ permissions:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -220,6 +224,8 @@ permissions:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Backup Previous Releases
id: backup
@ -251,6 +257,8 @@ permissions:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Publish Release Repository
env:
@ -287,6 +295,8 @@ permissions:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Setup GnuPG
run: |
@ -403,6 +413,8 @@ permissions:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Restore Release Bucket
run: |
@ -427,6 +439,8 @@ permissions:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Setup GnuPG
run: |

4
.github/workflows/templates/staging.yml.jinja vendored
View file

@ -104,6 +104,8 @@ concurrency:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Download Release Patch
uses: actions/download-artifact@v3
@ -187,6 +189,8 @@ concurrency:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}
- name: Setup GnuPG
run: |

22
.github/workflows/templates/test-package-downloads-action.yml.jinja vendored
View file

@ -84,7 +84,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -92,13 +92,13 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
# If we get a cache miss here it means the dependencies step failed to save the cache
@ -106,6 +106,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-pkg-download-linux
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -316,7 +318,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
path: artifacts/
- name: Install System Dependencies
@ -328,7 +330,7 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
@ -341,10 +343,10 @@ jobs:
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
# If we get a cache miss here it means the dependencies step failed to save the cache
@ -544,7 +546,7 @@ jobs:
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
@ -555,6 +557,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-pkg-download-windows
- name: Get Salt Project GitHub Actions Bot Environment
run: |

6
.github/workflows/templates/test-salt-pkg.yml.jinja vendored
View file

@ -1,5 +1,4 @@
<%- for slug, display_name, arch, pkg_type in test_salt_pkg_listing["linux"] %>
<%- for slug, display_name, arch, pkg_type, fips in test_salt_pkg_listing["linux"] %>
<%- set job_name = "{}-pkg-tests".format(slug.replace(".", "")) %>
<{ job_name }>:
@ -24,6 +23,9 @@
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
testing-releases: ${{ needs.prepare-workflow.outputs.testing-releases }}
<%- if fips == "fips" %>
fips: true
<%- endif %>
<%- endfor %>

32
.github/workflows/templates/test-salt.yml.jinja vendored
View file

@ -1,8 +1,10 @@
<%- if workflow_slug in ("nightly", "scheduled") %>
<%- set timeout_value = 360 %>
<%- else %>
<%- set timeout_value = 180 %>
<%- endif %>
{#-
Full test runs. Each chunk should never take more than 2 hours. We allow 3, and on windows we add 30 more minutes.
Partial test runs(no chunk parallelization), 6 Hours
#}
<%- set full_testrun_timeout_value = 180 %>
<%- set partial_testrun_timeout_value = 360 %>
<%- set windows_full_testrun_timeout_value = full_testrun_timeout_value + 30 %>
<%- for slug, display_name, arch in test_salt_listing["windows"] %>
@ -20,14 +22,14 @@
platform: windows
arch: amd64
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
gh-actions-python-version: "<{ gh_actions_workflows_python_version }>"
testrun: ${{ needs.prepare-workflow.outputs.testrun }}
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
default-timeout: <{ timeout_value }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ windows_full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
<%- endfor %>
@ -46,21 +48,20 @@
distro-slug: <{ slug }>
nox-session: ci-test-onedir
platform: darwin
arch: x86_64
arch: <{ arch }>
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
gh-actions-python-version: "<{ gh_actions_workflows_python_version }>"
testrun: ${{ needs.prepare-workflow.outputs.testrun }}
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
default-timeout: <{ timeout_value }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
<%- endfor %>
<%- for slug, display_name, arch in test_salt_listing["linux"] %>
<%- for slug, display_name, arch, fips in test_salt_listing["linux"] %>
<{ slug.replace(".", "") }>:
<%- do test_salt_needs.append(slug.replace(".", "")) %>
@ -76,13 +77,16 @@
platform: linux
arch: <{ arch }>
nox-version: <{ nox_version }>
python-version: "<{ gh_actions_workflows_python_version }>"
gh-actions-python-version: "<{ gh_actions_workflows_python_version }>"
testrun: ${{ needs.prepare-workflow.outputs.testrun }}
salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version }>
skip-code-coverage: <{ skip_test_coverage_check }>
skip-junit-reports: <{ skip_junit_reports_check }>
workflow-slug: <{ workflow_slug }>
default-timeout: <{ timeout_value }>
timeout-minutes: ${{ fromJSON(needs.prepare-workflow.outputs.testrun)['type'] == 'full' && <{ full_testrun_timeout_value }> || <{ partial_testrun_timeout_value }> }}
<%- if fips == "fips" %>
fips: true
<%- endif %>
<%- endfor %>

29
.github/workflows/test-action-macos.yml vendored
View file

@ -16,7 +16,7 @@ on:
required: true
type: string
description: JSON string containing information about what and how to run the test suite
python-version:
gh-actions-python-version:
required: false
type: string
description: The python version to run tests with
@ -41,6 +41,10 @@ on:
required: true
type: string
description: The nox version to install
timeout-minutes:
required: true
type: number
description: Timeout, in minutes, for the test job
package-name:
required: false
type: string
@ -61,11 +65,6 @@ on:
type: string
description: Which workflow is running.
default: ci
default-timeout:
required: false
type: number
description: Timeout, in minutes, for the test job(Default 360, 6 hours).
default: 360
env:
COLUMNS: 190
@ -91,6 +90,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Test Matrix
id: generate-matrix
@ -100,9 +101,7 @@ jobs:
test:
name: Test
runs-on: ${{ inputs.distro-slug }}
# Full test runs. Each chunk should never take more than 2 hours.
# Partial test runs(no chunk parallelization), 6 Hours
timeout-minutes: ${{ fromJSON(inputs.testrun)['type'] == 'full' && inputs.default-timeout || 360 }}
timeout-minutes: ${{ inputs.timeout-minutes }}
needs:
- generate-matrix
strategy:
@ -144,19 +143,19 @@ jobs:
brew install tree
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
# If we get a cache miss here it means the dependencies step failed to save the cache
fail-on-cache-miss: true
- name: Set up Python ${{ inputs.python-version }}
- name: Set up Python ${{ inputs.gh-actions-python-version }}
uses: actions/setup-python@v4
with:
python-version: "${{ inputs.python-version }}"
python-version: "${{ inputs.gh-actions-python-version }}"
- name: Install Nox
run: |
@ -401,10 +400,10 @@ jobs:
run: |
tree -a artifacts
- name: Set up Python ${{ inputs.python-version }}
- name: Set up Python ${{ inputs.gh-actions-python-version }}
uses: actions/setup-python@v4
with:
python-version: "${{ inputs.python-version }}"
python-version: "${{ inputs.gh-actions-python-version }}"
- name: Install Nox
run: |

46
.github/workflows/test-action.yml vendored
View file

@ -36,11 +36,20 @@ on:
required: true
type: string
description: The nox version to install
python-version:
timeout-minutes:
required: true
type: number
description: Timeout, in minutes, for the test job
gh-actions-python-version:
required: false
type: string
description: The python version to run tests with
default: "3.10"
fips:
required: false
type: boolean
default: false
description: Test run with FIPS enabled
package-name:
required: false
type: string
@ -61,11 +70,6 @@ on:
type: string
description: Which workflow is running.
default: ci
default-timeout:
required: false
type: number
description: Timeout, in minutes, for the test job(Default 360, 6 hours).
default: 360
env:
COLUMNS: 190
@ -96,11 +100,13 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Test Matrix
id: generate-matrix
run: |
tools ci matrix --workflow=${{ inputs.workflow-slug }} ${{ fromJSON(inputs.testrun)['type'] == 'full' && '--full ' || '' }}${{ inputs.distro-slug }}
tools ci matrix --workflow=${{ inputs.workflow-slug }} ${{ fromJSON(inputs.testrun)['type'] == 'full' && '--full ' || '' }}${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }}
test:
name: Test
@ -108,9 +114,7 @@ jobs:
- self-hosted
- linux
- bastion
# Full test runs. Each chunk should never take more than 2 hours.
# Partial test runs(no chunk parallelization), 6 Hours
timeout-minutes: ${{ fromJSON(inputs.testrun)['type'] == 'full' && inputs.default-timeout || 360 }}
timeout-minutes: ${{ inputs.timeout-minutes }}
needs:
- generate-matrix
strategy:
@ -149,10 +153,10 @@ jobs:
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.gh-actions-python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
# If we get a cache miss here it means the dependencies step failed to save the cache
@ -164,6 +168,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Download testrun-changed-files.txt
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }}
@ -207,7 +213,7 @@ jobs:
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['fast'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.distro-slug }} \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
@ -216,7 +222,7 @@ jobs:
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['slow'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.distro-slug }} \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
@ -225,7 +231,7 @@ jobs:
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['core'] == false }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.distro-slug }} \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests --suppress-no-test-exit-code \
--from-filenames=testrun-changed-files.txt
@ -235,14 +241,14 @@ jobs:
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
${{ inputs.distro-slug }} ${{ matrix.tests-chunk }}
${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }}
- name: Run Slow Tests
id: run-slow-tests
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['slow'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.distro-slug }} \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests
- name: Run Core Tests
@ -250,7 +256,7 @@ jobs:
if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && fromJSON(inputs.testrun)['selected_tests']['core'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.distro-slug }} \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests
- name: Run Flaky Tests
@ -258,7 +264,7 @@ jobs:
if: ${{ fromJSON(inputs.testrun)['selected_tests']['flaky'] }}
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ inputs.distro-slug }} \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ matrix.tests-chunk }} -- --no-fast-tests --flaky-jail
- name: Run Full Tests
@ -267,7 +273,7 @@ jobs:
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }} --rerun-failures -E SALT_TRANSPORT ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \
-E TEST_GROUP ${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} -- --slow-tests --core-tests \
-E TEST_GROUP ${{ matrix.fips && '--fips ' || '' }}${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} -- --slow-tests --core-tests \
--test-group-count=${{ matrix.test-group-count || 1 }} --test-group=${{ matrix.test-group || 1 }}
- name: Combine Coverage Reports

71
.github/workflows/test-package-downloads-action.yml vendored
View file

@ -71,36 +71,63 @@ jobs:
- distro-slug: almalinux-8-arm64
arch: aarch64
pkg-type: package
- distro-slug: almalinux-8-arm64
arch: arm64
pkg-type: package
- distro-slug: almalinux-9
arch: x86_64
pkg-type: package
- distro-slug: almalinux-9-arm64
arch: aarch64
pkg-type: package
- distro-slug: almalinux-9-arm64
arch: arm64
pkg-type: package
- distro-slug: amazonlinux-2
arch: x86_64
pkg-type: package
- distro-slug: amazonlinux-2-arm64
arch: aarch64
pkg-type: package
- distro-slug: amazonlinux-2-arm64
arch: arm64
pkg-type: package
- distro-slug: amazonlinux-2023
arch: x86_64
pkg-type: package
- distro-slug: amazonlinux-2023-arm64
arch: aarch64
pkg-type: package
- distro-slug: amazonlinux-2023-arm64
arch: arm64
pkg-type: package
- distro-slug: centos-7
arch: x86_64
pkg-type: package
- distro-slug: centos-7-arm64
arch: aarch64
pkg-type: package
- distro-slug: centos-7-arm64
arch: arm64
pkg-type: package
- distro-slug: centosstream-8
arch: x86_64
pkg-type: package
- distro-slug: centosstream-8-arm64
arch: aarch64
pkg-type: package
- distro-slug: centosstream-8-arm64
arch: arm64
pkg-type: package
- distro-slug: centosstream-9
arch: x86_64
pkg-type: package
- distro-slug: centosstream-9-arm64
arch: aarch64
pkg-type: package
- distro-slug: centosstream-9-arm64
arch: arm64
pkg-type: package
- distro-slug: debian-10
arch: x86_64
pkg-type: package
@ -122,30 +149,45 @@ jobs:
- distro-slug: fedora-37-arm64
arch: aarch64
pkg-type: package
- distro-slug: fedora-37-arm64
arch: arm64
pkg-type: package
- distro-slug: fedora-38
arch: x86_64
pkg-type: package
- distro-slug: fedora-38-arm64
arch: aarch64
pkg-type: package
- distro-slug: fedora-38-arm64
arch: arm64
pkg-type: package
- distro-slug: photonos-3
arch: x86_64
pkg-type: package
- distro-slug: photonos-3-arm64
arch: aarch64
pkg-type: package
- distro-slug: photonos-3-arm64
arch: arm64
pkg-type: package
- distro-slug: photonos-4
arch: x86_64
pkg-type: package
- distro-slug: photonos-4-arm64
arch: aarch64
pkg-type: package
- distro-slug: photonos-4-arm64
arch: arm64
pkg-type: package
- distro-slug: photonos-5
arch: x86_64
pkg-type: package
- distro-slug: photonos-5-arm64
arch: aarch64
pkg-type: package
- distro-slug: photonos-5-arm64
arch: arm64
pkg-type: package
- distro-slug: ubuntu-20.04
arch: x86_64
pkg-type: package
@ -178,7 +220,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
path: artifacts/
- name: Decompress Onedir Tarball
@ -186,13 +228,13 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
# If we get a cache miss here it means the dependencies step failed to save the cache
@ -200,6 +242,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-pkg-download-linux
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -397,8 +441,11 @@ jobs:
- distro-slug: macos-13
arch: x86_64
pkg-type: package
- distro-slug: macos-13
arch: x86_64
- distro-slug: macos-13-xlarge
arch: arm64
pkg-type: package
- distro-slug: macos-13-xlarge
arch: aarch64
pkg-type: onedir
steps:
@ -414,7 +461,7 @@ jobs:
- name: Download Onedir Tarball as an Artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
path: artifacts/
- name: Install System Dependencies
@ -426,7 +473,7 @@ jobs:
run: |
python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
cd artifacts
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}.tar.xz
- name: Set up Python ${{ inputs.python-version }}
uses: actions/setup-python@v4
@ -439,10 +486,10 @@ jobs:
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch == 'arm64' && 'aarch64' || matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
hashFiles('requirements/**/*.txt', 'cicd/golden-images.json', 'noxfile.py')
}}
# If we get a cache miss here it means the dependencies step failed to save the cache
@ -646,7 +693,7 @@ jobs:
tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.tar.xz
- name: Download cached nox.${{ matrix.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ matrix.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ matrix.arch }}|${{ matrix.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
@ -657,6 +704,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}-pkg-download-windows
- name: Get Salt Project GitHub Actions Bot Environment
run: |

19
.github/workflows/test-packages-action-macos.yml vendored
View file

@ -70,7 +70,10 @@ jobs:
generate-matrix:
name: Generate Matrix
runs-on: ${{ github.event.repository.private && fromJSON('["self-hosted", "linux", "x86_64"]') || 'ubuntu-latest' }}
runs-on:
- self-hosted
- linux
- x86_64
outputs:
pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }}
steps:
@ -85,6 +88,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Package Test Matrix
id: generate-pkg-matrix
@ -150,7 +155,7 @@ jobs:
python3 -m pip install 'nox==${{ inputs.nox-version }}'
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
@ -172,7 +177,7 @@ jobs:
GITHUB_ACTIONS_PIPELINE: "1"
SKIP_INITIAL_GH_ACTIONS_FAILURES: "1"
run: |
sudo -E nox --force-color -e ${{ inputs.nox-session }}-pkgs -- ${{ matrix.test-chunk }} \
sudo -E nox --force-color -e ${{ inputs.nox-session }}-pkgs -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Run Package Tests
@ -186,7 +191,7 @@ jobs:
SKIP_INITIAL_GH_ACTIONS_FAILURES: "1"
COVERAGE_CONTEXT: ${{ inputs.distro-slug }}
run: |
sudo -E nox --force-color -e ${{ inputs.nox-session }}-pkgs -- ${{ matrix.test-chunk }} \
sudo -E nox --force-color -e ${{ inputs.nox-session }}-pkgs -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Fix file ownership
@ -206,7 +211,7 @@ jobs:
if: always()
uses: actions/upload-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }}
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: |
artifacts
!artifacts/salt/*
@ -232,7 +237,7 @@ jobs:
id: download-test-run-artifacts
uses: actions/download-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }}
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: artifacts
- name: Show Test Run Artifacts
@ -254,6 +259,6 @@ jobs:
# always run even if the previous steps fails
if: always() && inputs.skip-junit-reports == false && steps.download-test-run-artifacts.outcome == 'success'
with:
check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.test-chunk }})
check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.tests-chunk }})
report_paths: 'artifacts/xml-unittests-output/*.xml'
annotate_only: true

28
.github/workflows/test-packages-action.yml vendored
View file

@ -40,6 +40,11 @@ on:
type: string
description: The python version to run tests with
default: "3.10"
fips:
required: false
type: boolean
default: false
description: Test run with FIPS enabled
package-name:
required: false
type: string
@ -90,11 +95,14 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Generate Package Test Matrix
id: generate-pkg-matrix
run: |
tools ci pkg-matrix ${{ inputs.distro-slug }} ${{ inputs.pkg-type }} --testing-releases ${{ join(fromJSON(inputs.testing-releases), ' ') }}
tools ci pkg-matrix ${{ inputs.fips && '--fips ' || '' }}${{ inputs.distro-slug }} \
${{ inputs.pkg-type }} --testing-releases ${{ join(fromJSON(inputs.testing-releases), ' ') }}
test:
@ -145,7 +153,7 @@ jobs:
tree pkg/artifacts
- name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }}
uses: actions/cache@v3
uses: actions/cache@v3.3.1
with:
path: nox.${{ inputs.distro-slug }}.tar.*
key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ inputs.python-version }}|${{
@ -156,6 +164,8 @@ jobs:
- name: Setup Python Tools Scripts
uses: ./.github/actions/setup-python-tools-scripts
with:
cache-prefix: ${{ inputs.cache-prefix }}
- name: Get Salt Project GitHub Actions Bot Environment
run: |
@ -181,7 +191,7 @@ jobs:
tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }}
- name: Downgrade importlib-metadata
if: ${{ contains(fromJSON('["amazonlinux-2", "centos-7", "debian-10"]'), inputs.distro-slug) && contains(fromJSON('["upgrade-classic", "downgrade-classic"]'), matrix.test-chunk) }}
if: ${{ contains(fromJSON('["amazonlinux-2", "centos-7", "debian-10"]'), inputs.distro-slug) && contains(fromJSON('["upgrade-classic", "downgrade-classic"]'), matrix.tests-chunk) }}
run: |
# This step can go away once we stop testing classic packages upgrade/downgrades to/from 3005.x
tools --timestamps vm ssh ${{ inputs.distro-slug }} -- "sudo python3 -m pip install -U 'importlib-metadata<=4.13.0' 'virtualenv<=20.21.1'"
@ -189,13 +199,13 @@ jobs:
- name: Show System Info & Test Plan
run: |
tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \
--nox-session=${{ inputs.nox-session }}-pkgs ${{ inputs.distro-slug }} -- ${{ matrix.test-chunk }} \
--nox-session=${{ inputs.nox-session }}-pkgs ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Run Package Tests
run: |
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \
--nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.test-chunk }} \
tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install ${{ matrix.fips && '--fips ' || '' }}\
--nox-session=${{ inputs.nox-session }}-pkgs --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.tests-chunk }} \
${{ matrix.version && format('--prev-version {0}', matrix.version) || ''}}
- name: Download Test Run Artifacts
@ -217,7 +227,7 @@ jobs:
if: always() && steps.download-artifacts-from-vm.outcome == 'success'
uses: actions/upload-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }}
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: |
artifacts
!artifacts/salt/*
@ -246,7 +256,7 @@ jobs:
id: download-test-run-artifacts
uses: actions/download-artifact@v3
with:
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }}
name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.tests-chunk }}
path: artifacts
- name: Show Test Run Artifacts
@ -259,6 +269,6 @@ jobs:
# always run even if the previous steps fails
if: always() && inputs.skip-junit-reports == false && steps.download-test-run-artifacts.outcome == 'success'
with:
check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.test-chunk }})
check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.tests-chunk }})
report_paths: 'artifacts/xml-unittests-output/*.xml'
annotate_only: true

2
.gitignore vendored
View file

@ -147,3 +147,5 @@ nox.*.tar.xz
/pkg/debian/salt-ssh
/pkg/debian/salt-syndic
/pkg/debian/debhelper-build-stamp
.tools-venvs

555
.pre-commit-config.yaml
View file

@ -46,34 +46,26 @@ repos:
)$
- repo: https://github.com/s0undt3ch/python-tools-scripts
rev: "0.15.0"
rev: "0.18.6"
hooks:
- id: tools
alias: check-changelog-entries
name: Check Changelog Entries
args:
- pre-commit
- changelog
- pre-commit-checks
additional_dependencies:
- boto3==1.21.46
- pyyaml==6.0.1
- jinja2==3.1.2
- packaging==23.0
- virustotal3==1.0.8
- id: tools
alias: generate-workflows
name: Generate GitHub Workflow Templates
files: ^(cicd/shared-gh-workflows-context\.yml|tools/pre_commit\.py|.github/workflows/templates/.*)$
files: ^(cicd/shared-gh-workflows-context\.yml|tools/precommit/workflows\.py|.github/workflows/templates/.*)$
pass_filenames: false
args:
- pre-commit
- workflows
- generate-workflows
additional_dependencies:
- boto3==1.21.46
- pyyaml==6.0.1
- jinja2==3.1.2
- packaging==23.0
- virustotal3==1.0.8
- id: tools
alias: actionlint
name: Lint GitHub Actions Workflows
@ -82,19 +74,77 @@ repos:
- yaml
args:
- pre-commit
- workflows
- actionlint
additional_dependencies:
- boto3==1.21.46
- pyyaml==6.0.1
- jinja2==3.1.2
- packaging==23.0
- virustotal3==1.0.8
- id: tools
alias: check-docs
name: Check Docs
files: ^(salt/.*\.py|doc/ref/.*\.rst)$
args:
- pre-commit
- docs
- check
- id: tools
alias: check-docstrings
name: Check docstrings
files: salt/.*\.py$
exclude: >
(?x)^(
templates/.*|
salt/ext/.*|
)$
args:
- pre-commit
- docstrings
- check
- id: tools
alias: check-known-missing-docstrings
name: Check Known Missing Docstrings
stages: [manual]
files: salt/.*\.py$
exclude: >
(?x)^(
templates/.*|
salt/ext/.*|
)$
args:
- pre-commit
- docstrings
- check
- id: tools
alias: loader-check-virtual
name: Check loader modules __virtual__
files: salt/.*\.py$
exclude: >
(?x)^(
templates/.*|
salt/ext/.*|
)$
args:
- pre-commit
- salt-loaders
- check-virtual
- id: tools
alias: check-filemap
name: Check Filename Map Change Matching
files: ^tests/(filename_map\.yml|.*\.py)$
pass_filenames: false
args:
- pre-commit
- filemap
- check
# ----- Packaging Requirements ------------------------------------------------------------------------------------>
- repo: https://github.com/saltstack/pip-tools-compile-impersonate
rev: "4.8"
hooks:
# ----- Packaging Requirements ------------------------------------------------------------------------------------>
- id: pip-tools-compile
alias: compile-pkg-linux-3.8-zmq-requirements
name: Linux Packaging Py3.8 ZeroMQ Requirements
@ -155,6 +205,22 @@ repos:
- --no-emit-index-url
- requirements/static/pkg/linux.in
- id: pip-tools-compile
alias: compile-pkg-linux-3.12-zmq-requirements
name: Linux Packaging Py3.12 ZeroMQ Requirements
files: ^requirements/((base|zeromq|crypto)\.txt|static/pkg/(linux\.in|py3\.12/linux\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=linux
- --include=requirements/base.txt
- --include=requirements/zeromq.txt
- --no-emit-index-url
- requirements/static/pkg/linux.in
- id: pip-tools-compile
alias: compile-pkg-freebsd-3.8-zmq-requirements
name: FreeBSD Packaging Py3.8 ZeroMQ Requirements
@ -215,6 +281,21 @@ repos:
- --no-emit-index-url
- requirements/static/pkg/freebsd.in
- id: pip-tools-compile
alias: compile-pkg-freebsd-3.12-zmq-requirements
name: FreeBSD Packaging Py3.12 ZeroMQ Requirements
files: ^requirements/((base|zeromq|crypto)\.txt|static/pkg/(freebsd\.in|py3\.12/freebsd\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=freebsd
- --include=requirements/base.txt
- --include=requirements/zeromq.txt
- --no-emit-index-url
- requirements/static/pkg/freebsd.in
- id: pip-tools-compile
alias: compile-pkg-darwin-3.9-zmq-requirements
name: Darwin Packaging Py3.9 ZeroMQ Requirements
@ -258,6 +339,19 @@ repos:
- requirements/static/pkg/darwin.in
- id: pip-tools-compile
alias: compile-pkg-darwin-3.12-zmq-requirements
name: Darwin Packaging Py3.12 ZeroMQ Requirements
files: ^(requirements/((base|zeromq|crypto|darwin)\.txt|static/pkg/(darwin\.in|py3\.12/darwin\.txt)))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=darwin
- --include=requirements/darwin.txt
- --no-emit-index-url
- requirements/static/pkg/darwin.in
alias: compile-pkg-windows-3.8-zmq-requirements
name: Windows Packaging Py3.8 ZeroMQ Requirements
files: ^requirements/((base|zeromq|crypto|windows)\.txt|static/pkg/(windows\.in|py3\.8/windows\.txt))$
@ -313,6 +407,20 @@ repos:
- --no-emit-index-url
- requirements/static/pkg/windows.in
- id: pip-tools-compile
alias: compile-pkg-windows-3.12-zmq-requirements
name: Windows Packaging Py3.12 ZeroMQ Requirements
files: ^requirements/((base|zeromq|crypto|windows)\.txt|static/pkg/(windows\.in|py3\.12/windows\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=windows
- --include=requirements/windows.txt
- --no-emit-index-url
- requirements/static/pkg/windows.in
# <---- Packaging Requirements -------------------------------------------------------------------------------------
# ----- CI Requirements ------------------------------------------------------------------------------------------->
@ -388,6 +496,24 @@ repos:
- --no-emit-index-url
- requirements/static/ci/linux.in
- id: pip-tools-compile
alias: compile-ci-linux-3.12-zmq-requirements
name: Linux CI Py3.12 ZeroMQ Requirements
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|common\.in)|py3\.12/linux\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=linux
- --include=requirements/base.txt
- --include=requirements/zeromq.txt
- --include=requirements/pytest.txt
- --include=requirements/static/pkg/linux.in
- --include=requirements/static/ci/common.in
- --no-emit-index-url
- requirements/static/ci/linux.in
- id: pip-tools-compile
alias: compile-ci-linux-crypto-3.8-requirements
name: Linux CI Py3.8 Crypto Requirements
@ -433,6 +559,7 @@ repos:
- id: pip-tools-compile
alias: compile-ci-linux-crypto-3.11-requirements
name: Linux CI Py3.11 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.11/linux-crypto\.txt))$
pass_filenames: false
args:
@ -444,6 +571,22 @@ repos:
- --no-emit-index-url
- requirements/static/ci/crypto.in
- id: pip-tools-compile
alias: compile-ci-linux-crypto-3.12-requirements
name: Linux CI Py3.12 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/linux-crypto\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=linux
- --out-prefix=linux
- --no-emit-index-url
- requirements/static/ci/crypto.in
- id: pip-tools-compile
alias: compile-ci-freebsd-3.8-zmq-requirements
name: FreeBSD CI Py3.8 ZeroMQ Requirements
@ -516,6 +659,24 @@ repos:
- --no-emit-index-url
- requirements/static/ci/freebsd.in
- id: pip-tools-compile
alias: compile-ci-freebsd-3.12-zmq-requirements
name: FreeBSD CI Py3.12 ZeroMQ Requirements
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(freebsd|common)\.in|py3\.12/freebsd\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=freebsd
- --include=requirements/base.txt
- --include=requirements/zeromq.txt
- --include=requirements/pytest.txt
- --include=requirements/static/pkg/freebsd.in
- --include=requirements/static/ci/common.in
- --no-emit-index-url
- requirements/static/ci/freebsd.in
- id: pip-tools-compile
alias: compile-ci-freebsd-crypto-3.8-requirements
name: FreeBSD CI Py3.8 Crypto Requirements
@ -575,6 +736,21 @@ repos:
- --no-emit-index-url
- requirements/static/ci/crypto.in
- id: pip-tools-compile
alias: compile-ci-freebsd-crypto-3.12-requirements
name: FreeBSD CI Py3.12 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/freebsd-crypto\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=freebsd
- --out-prefix=freebsd
- --no-emit-index-url
- requirements/static/ci/crypto.in
- id: pip-tools-compile
alias: compile-ci-darwin-3.9-zmq-requirements
name: Darwin CI Py3.9 ZeroMQ Requirements
@ -626,6 +802,23 @@ repos:
- --no-emit-index-url
- requirements/static/ci/darwin.in
- id: pip-tools-compile
alias: compile-ci-darwin-3.12-zmq-requirements
name: Darwin CI Py3.12 ZeroMQ Requirements
files: ^(requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(darwin|common)\.in|py3\.12/darwin\.txt)))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=darwin
- --include=requirements/darwin.txt
- --include=requirements/pytest.txt
- --include=requirements/static/pkg/darwin.in
- --include=requirements/static/ci/common.in
- --no-emit-index-url
- requirements/static/ci/darwin.in
- id: pip-tools-compile
alias: compile-ci-darwin-crypto-3.9-requirements
name: Darwin CI Py3.9 Crypto Requirements
@ -668,6 +861,20 @@ repos:
- --no-emit-index-url
- requirements/static/ci/crypto.in
- id: pip-tools-compile
alias: compile-ci-darwin-crypto-3.12-requirements
name: Darwin CI Py3.12 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/darwin-crypto\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=darwin
- --out-prefix=darwin
- --no-emit-index-url
- requirements/static/ci/crypto.in
- id: pip-tools-compile
alias: compile-ci-windows-3.8-zmq-requirements
name: Windows CI Py3.8 ZeroMQ Requirements
@ -737,6 +944,22 @@ repos:
- requirements/static/ci/windows.in
- id: pip-tools-compile
alias: compile-ci-windows-3.12-zmq-requirements
name: Windows CI Py3.12 ZeroMQ Requirements
files: requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(windows|common)\.in|py3\.12/windows\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=windows
- --include=requirements/windows.txt
- --include=requirements/pytest.txt
- --include=requirements/static/pkg/windows.in
- --include=requirements/static/ci/common.in
- --no-emit-index-url
- requirements/static/ci/windows.in
alias: compile-ci-windows-crypto-3.8-requirements
name: Windows CI Py3.8 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.8/windows-crypto\.txt))$
@ -792,8 +1015,21 @@ repos:
- --no-emit-index-url
- requirements/static/ci/crypto.in
# <---- CI Requirements --------------------------------------------------------------------------------------------
- id: pip-tools-compile
alias: compile-ci-windows-crypto-3.12-requirements
name: Windows CI Py3.12 Crypto Requirements
files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.12/windows-crypto\.txt))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=windows
- --out-prefix=windows
- --no-emit-index-url
- requirements/static/ci/crypto.in
# <---- CI Requirements --------------------------------------------------------------------------------------------
# ----- Cloud CI Requirements ------------------------------------------------------------------------------------->
- id: pip-tools-compile
@ -843,6 +1079,23 @@ repos:
- --py-version=3.11
- --no-emit-index-url
- requirements/static/ci/cloud.in
- id: pip-tools-compile
alias: compile-ci-cloud-3.12-requirements
name: Cloud CI Py3.12 Requirements
files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((cloud|common)\.in|py3\.12/cloud\.txt)))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --include=requirements/base.txt
- --include=requirements/zeromq.txt
- --include=requirements/pytest.txt
- --include=requirements/static/pkg/linux.in
- --include=requirements/static/ci/common.in
- --no-emit-index-url
- requirements/static/ci/cloud.in
# <---- Cloud CI Requirements --------------------------------------------------------------------------------------
# ----- Doc CI Requirements --------------------------------------------------------------------------------------->
@ -897,6 +1150,22 @@ repos:
- --no-emit-index-url
- --platform=linux
- requirements/static/ci/docs.in
- id: pip-tools-compile
alias: compile-doc-requirements
name: Docs CI Py3.12 Requirements
files: ^requirements/((base|zeromq|pytest)\.txt|static/ci/(docs|common|linux)\.in|static/pkg/linux\.in|static/pkg/.*/linux\.txt)$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=linux
- --include=requirements/base.txt
- --include=requirements/zeromq.txt
- --no-emit-index-url
- requirements/static/ci/docs.in
# <---- Doc CI Requirements ----------------------------------------------------------------------------------------
# ----- Lint CI Requirements -------------------------------------------------------------------------------------->
@ -952,6 +1221,24 @@ repos:
- --no-emit-index-url
- requirements/static/ci/lint.in
- id: pip-tools-compile
alias: compile-ci-lint-3.12-requirements
name: Lint CI Py3.12 Requirements
files: ^requirements/((base|zeromq)\.txt|static/(pkg/linux\.in|ci/(linux\.in|common\.in|lint\.in|py3\.12/linux\.txt)))$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=linux
- --include=requirements/base.txt
- --include=requirements/zeromq.txt
- --include=requirements/static/pkg/linux.in
- --include=requirements/static/ci/linux.in
- --include=requirements/static/ci/common.in
- --no-emit-index-url
- requirements/static/ci/lint.in
# <---- Lint CI Requirements ---------------------------------------------------------------------------------------
# ----- Changelog ------------------------------------------------------------------------------------------------->
@ -1006,46 +1293,21 @@ repos:
- --platform=linux
- --no-emit-index-url
- requirements/static/ci/changelog.in
- id: pip-tools-compile
alias: compile-ci-changelog-3.12-requirements
name: Changelog CI Py3.12 Requirements
files: ^requirements/static/ci/(changelog\.in|py3\.12/(changelog|linux)\.txt)$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --platform=linux
- --no-emit-index-url
- requirements/static/ci/changelog.in
# <---- Changelog --------------------------------------------------------------------------------------------------
# ----- Invoke ---------------------------------------------------------------------------------------------------->
- id: pip-tools-compile
alias: compile-ci-invoke-3.8-requirements
name: Linux CI Py3.8 Invoke Requirements
files: ^requirements/static/ci/(invoke\.in|py3.8/(invoke|linux)\.txt)$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.8
- --no-emit-index-url
- requirements/static/ci/invoke.in
- id: pip-tools-compile
alias: compile-ci-invoke-3.9-requirements
name: Linux CI Py3.9 Invoke Requirements
files: ^requirements/static/ci/(invoke\.in|py3.9/(invoke|linux)\.txt)$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.9
- --no-emit-index-url
- requirements/static/ci/invoke.in
- id: pip-tools-compile
alias: compile-ci-invoke-3.10-requirements
name: Linux CI Py3.10 Invoke Requirements
files: ^requirements/static/ci/(invoke\.in|py3.10/(invoke|linux)\.txt)$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.10
- --no-emit-index-url
- requirements/static/ci/invoke.in
# <---- Invoke -----------------------------------------------------------------------------------------------------
# ----- Tools ---------------------------------------------------------------------------------------------------->
- id: pip-tools-compile
alias: compile-ci-tools-3.9-requirements
@ -1082,6 +1344,58 @@ repos:
- --py-version=3.11
- --no-emit-index-url
- requirements/static/ci/tools.in
- id: pip-tools-compile
alias: compile-ci-tools-3.12-requirements
name: Linux CI Py3.12 Tools Requirements
files: ^requirements/static/ci/(tools\.in|py3.12/(tools|linux)\.txt)$
pass_filenames: false
args:
- -v
- --build-isolation
- --py-version=3.12
- --no-emit-index-url
- requirements/static/ci/tools.in
- id: pip-tools-compile
alias: compile-ci-tools-virustotal-3.9-requirements
name: Linux CI Py3.9 Tools virustotal Requirements
files: ^requirements/static/ci/(tools(-virustotal)?\.in|py3.9/(tools(-virustotal)?|linux)\.txt)$
pass_filenames: false
args:
- -v
- --py-version=3.9
- requirements/static/ci/tools-virustotal.in
- id: pip-tools-compile
alias: compile-ci-tools-virustotal-3.10-requirements
name: Linux CI Py3.10 Tools virustotal Requirements
files: ^requirements/static/ci/(tools(-virustotal)?\.in|py3.10/(tools(-virustotal)?|linux)\.txt)$
pass_filenames: false
args:
- -v
- --py-version=3.10
- requirements/static/ci/tools-virustotal.in
- id: pip-tools-compile
alias: compile-ci-tools-virustotal-3.11-requirements
name: Linux CI Py3.11 Tools virustotal Requirements
files: ^requirements/static/ci/(tools(-virustotal)?\.in|py3.11/(tools(-virustotal)?|linux)\.txt)$
pass_filenames: false
args:
- -v
- --py-version=3.11
- requirements/static/ci/tools-virustotal.in
- id: pip-tools-compile
alias: compile-ci-tools-virustotal-3.12-requirements
name: Linux CI Py3.12 Tools virustotal Requirements
files: ^requirements/static/ci/(tools(-virustotal)?\.in|py3.12/(tools(-virustotal)?|linux)\.txt)$
pass_filenames: false
args:
- -v
- --py-version=3.12
- requirements/static/ci/tools-virustotal.in
# <---- Tools -----------------------------------------------------------------------------------------------------
# ----- Code Formatting ------------------------------------------------------------------------------------------->
@ -1191,132 +1505,25 @@ repos:
# <---- Security ---------------------------------------------------------------------------------------------------
# ----- Pre-Commit ------------------------------------------------------------------------------------------------>
- repo: https://github.com/saltstack/invoke-pre-commit
rev: v1.9.0
hooks:
- id: invoke
alias: check-docs
name: Check Docs
files: ^(salt/.*\.py|doc/ref/.*\.rst)$
args:
- docs.check
additional_dependencies:
- blessings==1.7
- pyyaml==6.0.1
- distro==1.7.0
- jinja2==3.0.3
- msgpack==1.0.3
- packaging
- looseversion
- tornado
- repo: https://github.com/saltstack/invoke-pre-commit
rev: v1.9.0
hooks:
- id: invoke
alias: check-filemap
name: Check Filename Map Change Matching
files: ^tests/(filename_map\.yml|.*\.py)$
pass_filenames: false
args:
- filemap.check
additional_dependencies:
- blessings==1.7
- pyyaml==6.0.1
- distro==1.7.0
- jinja2==3.0.3
- msgpack==1.0.3
- packaging
- looseversion
- tornado
- repo: https://github.com/saltstack/invoke-pre-commit
rev: v1.9.0
hooks:
- id: invoke
alias: loader-check-virtual
name: Check loader modules __virtual__
files: salt/.*\.py$
exclude: >
(?x)^(
templates/.*|
salt/ext/.*|
)$
args:
- loader.check-virtual
additional_dependencies:
- blessings==1.7
- pyyaml==6.0.1
- distro==1.7.0
- jinja2==3.0.3
- msgpack==1.0.3
- packaging
- looseversion
- tornado
- repo: https://github.com/saltstack/invoke-pre-commit
rev: v1.9.0
hooks:
- id: invoke
alias: check-docstrings
name: Check docstrings
files: salt/.*\.py$
exclude: >
(?x)^(
templates/.*|
salt/ext/.*|
)$
args:
- docstrings.check
additional_dependencies:
- blessings==1.7
- pyyaml==6.0.1
- distro==1.7.0
- jinja2==3.0.3
- msgpack==1.0.3
- packaging
- looseversion
- tornado
- repo: https://github.com/saltstack/invoke-pre-commit
rev: v1.9.0
hooks:
- id: invoke
alias: check-known-missing-docstrings
name: Check Known Missing Docstrings
stages: [manual]
files: salt/.*\.py$
exclude: >
(?x)^(
templates/.*|
salt/ext/.*|
)$
args:
- docstrings.check
- --error-on-known-failures
additional_dependencies:
- blessings==1.7
- pyyaml==6.0.1
- distro==1.7.0
- jinja2==3.0.3
- msgpack==1.0.3
- packaging
- looseversion
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.0.0
rev: v1.3.0
hooks:
- id: mypy
alias: mypy-tools
name: Run mypy against tools
files: ^tools/.*\.py$
#args: [--strict]
exclude: >
(?x)^(
templates/.*|
salt/.*|
)$
additional_dependencies:
- attrs
- rich
- types-attrs
- types-pyyaml
- types-requests
- python-tools-scripts>=0.18.6
- repo: https://github.com/saltstack/mirrors-nox
rev: v2021.6.12

3
.pylintrc
View file

@ -698,7 +698,8 @@ allowed-3rd-party-modules=msgpack,
ptscripts,
packaging,
looseversion,
pytestskipmarkers
pytestskipmarkers,
cryptography
[EXCEPTIONS]

6
SECURITY.md
View file

@ -1,7 +1,7 @@
# SaltStack's Security Disclosure Policy
**Email**
- security@saltstack.com
- saltproject-security.pdl@broadcom.com
**GPG key ID:**
- 4EA0793D
@ -78,7 +78,7 @@ vtBIWO4LPeGEvb2Gs65PL2eouOqU6yvBr5Y=
-----END PGP PUBLIC KEY BLOCK-----
```
The SaltStack Security Team is available at security@saltstack.com for
The SaltStack Security Team is available at saltproject-security.pdl@broadcom.com for
security-related bug reports or questions.
We request the disclosure of any security-related bugs or issues be reported
@ -92,7 +92,7 @@ SaltStack takes security and the trust of our customers and users very
seriously. Our disclosure policy is intended to resolve security issues as
quickly and safely as is possible.
1. A security report sent to security@saltstack.com is assigned to a team
1. A security report sent to saltproject-security.pdl@broadcom.com is assigned to a team
member. This person is the primary contact for questions and will
coordinate the fix, release, and announcement.

1
changelog/59802.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed merging of complex pillar overrides with salt-ssh states

1
changelog/60002.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed gpg pillar rendering with salt-ssh

1
changelog/62230.fixed.md Normal file
View file

@ -0,0 +1 @@
Made salt-ssh states not re-render pillars unnecessarily

1
changelog/64130.fixed.md Normal file
View file

@ -0,0 +1 @@
Made Salt maintain options in Debian package repo definitions

6
changelog/64374.fixed.md Normal file
View file

@ -0,0 +1,6 @@
Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts).
* `tasks/docs.py` -> `tools/precommit/docs.py`
* `tasks/docstrings.py` -> `tools/precommit/docstrings.py`
* `tasks/loader.py` -> `tools/precommit/loader.py`
* `tasks/filemap.py` -> `tools/precommit/filemap.py`

1
changelog/64455.added.md Normal file
View file

@ -0,0 +1 @@
Added Salt support for Amazon Linux 2023

1
changelog/64473.fixed.md Normal file
View file

@ -0,0 +1 @@
Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data

2
changelog/64497.fixed.md Normal file
View file

@ -0,0 +1,2 @@
Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword
argument was not being respected.

1
changelog/64575.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed salt-ssh stacktrace when retcode is not an integer

1
changelog/64588.fixed.md Normal file
View file

@ -0,0 +1 @@
Fixed SSH shell seldomly fails to report any exit code

1
changelog/65287.fixed.md Normal file
View file

@ -0,0 +1 @@
Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9

1
changelog/65288.fixed.md Normal file
View file

@ -0,0 +1 @@
Preserve ownership on log rotation

4
changelog/65316.fixed.md Normal file
View file

@ -0,0 +1,4 @@
Uprade relenv to 0.14.2
- Update openssl to address CVE-2023-5363.
- Fix bug in openssl setup when openssl binary can't be found.
- Add M1 mac support.

1
changelog/65340.fixed.md Normal file
View file

@ -0,0 +1 @@
Fix regex for filespec adding/deleting fcontext policy in selinux

1
changelog/65358.fixed.md Normal file
View file

@ -0,0 +1 @@
Ensure CLI options take priority over Saltfile options

1
changelog/65400.fixed.md Normal file
View file

@ -0,0 +1 @@
Client only process events which tag conforms to an event return.

1
changelog/65450.fixed.md Normal file
View file

@ -0,0 +1 @@
Fix regression in file module which was not re-using a file client.

1
changelog/65464.fixed.md Normal file
View file

@ -0,0 +1 @@
Publish channel connect callback method properly closes it's request channel.

1
changelog/65483.fixed.md Normal file
View file

@ -0,0 +1 @@
Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed

1
changelog/65554.fixed.md Normal file
View file

@ -0,0 +1 @@
Warn when an un-closed transport client is being garbage collected.

1
changelog/65581.fixed.md Normal file
View file

@ -0,0 +1 @@
Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist.

2
changelog/65584.fixed.md Normal file
View file

@ -0,0 +1,2 @@
Fixed an issue where Salt Cloud would fail if it could not delete lingering
PAexec binaries

1
changelog/65643.security.md Normal file
View file

@ -0,0 +1 @@
Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97

2
cicd/amis.yml
View file

@ -1 +1 @@
centosstream-9-x86_64: ami-0df4c4ee0d3a417e6
centosstream-9-x86_64: ami-0793e1741f291eaf9

164
cicd/golden-images.json
View file

@ -1,8 +1,8 @@
{
"almalinux-8-arm64": {
"ami": "ami-01701198f23cc656f",
"ami": "ami-0a2b327b74836f618",
"ami_description": "CI Image of AlmaLinux 8 arm64",
"ami_name": "salt-project/ci/almalinux/8/arm64/20231019.0610",
"ami_name": "salt-project/ci/almalinux/8/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -10,9 +10,9 @@
"ssh_username": "ec2-user"
},
"almalinux-8": {
"ami": "ami-0d1fa37788a762561",
"ami": "ami-03d4319831692a030",
"ami_description": "CI Image of AlmaLinux 8 x86_64",
"ami_name": "salt-project/ci/almalinux/8/x86_64/20231019.0610",
"ami_name": "salt-project/ci/almalinux/8/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -20,9 +20,9 @@
"ssh_username": "ec2-user"
},
"almalinux-9-arm64": {
"ami": "ami-0690d2b725982ad83",
"ami": "ami-01e0f60c59c6fe8f3",
"ami_description": "CI Image of AlmaLinux 9 arm64",
"ami_name": "salt-project/ci/almalinux/9/arm64/20231019.0610",
"ami_name": "salt-project/ci/almalinux/9/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -30,9 +30,9 @@
"ssh_username": "ec2-user"
},
"almalinux-9": {
"ami": "ami-0ffb222eea4b1c4ee",
"ami": "ami-0dbbac81b50ebb8b4",
"ami_description": "CI Image of AlmaLinux 9 x86_64",
"ami_name": "salt-project/ci/almalinux/9/x86_64/20231019.0610",
"ami_name": "salt-project/ci/almalinux/9/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -40,9 +40,9 @@
"ssh_username": "ec2-user"
},
"amazonlinux-2-arm64": {
"ami": "ami-0e9521385f61055a0",
"ami": "ami-05cc59dcbf59085f1",
"ami_description": "CI Image of AmazonLinux 2 arm64",
"ami_name": "salt-project/ci/amazonlinux/2/arm64/20231019.0610",
"ami_name": "salt-project/ci/amazonlinux/2/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -50,9 +50,9 @@
"ssh_username": "ec2-user"
},
"amazonlinux-2": {
"ami": "ami-038cc290cd0dd2fb3",
"ami": "ami-07f715092c8ed2451",
"ami_description": "CI Image of AmazonLinux 2 x86_64",
"ami_name": "salt-project/ci/amazonlinux/2/x86_64/20231019.0610",
"ami_name": "salt-project/ci/amazonlinux/2/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -60,9 +60,9 @@
"ssh_username": "ec2-user"
},
"amazonlinux-2023-arm64": {
"ami": "ami-00aadf98a51c60684",
"ami": "ami-074502af4314eb812",
"ami_description": "CI Image of AmazonLinux 2023 arm64",
"ami_name": "salt-project/ci/amazonlinux/2023/arm64/20231019.0611",
"ami_name": "salt-project/ci/amazonlinux/2023/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -70,9 +70,9 @@
"ssh_username": "ec2-user"
},
"amazonlinux-2023": {
"ami": "ami-0aeb34a1da784672c",
"ami": "ami-0a1059334d3373321",
"ami_description": "CI Image of AmazonLinux 2023 x86_64",
"ami_name": "salt-project/ci/amazonlinux/2023/x86_64/20231019.0611",
"ami_name": "salt-project/ci/amazonlinux/2023/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -80,9 +80,9 @@
"ssh_username": "ec2-user"
},
"archlinux-lts": {
"ami": "ami-0b4ab49118d17c567",
"ami": "ami-0430452d2dfbb8f4b",
"ami_description": "CI Image of ArchLinux lts x86_64",
"ami_name": "salt-project/ci/archlinux/lts/x86_64/20231019.0610",
"ami_name": "salt-project/ci/archlinux/lts/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "false",
"instance_type": "t3a.large",
@ -90,9 +90,9 @@
"ssh_username": "arch"
},
"centos-7-arm64": {
"ami": "ami-0712b87973da8b106",
"ami": "ami-0fc26a930a59d1417",
"ami_description": "CI Image of CentOS 7 arm64",
"ami_name": "salt-project/ci/centos/7/arm64/20231019.0611",
"ami_name": "salt-project/ci/centos/7/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -100,9 +100,9 @@
"ssh_username": "centos"
},
"centos-7": {
"ami": "ami-0432ac4d81ff9c6d7",
"ami": "ami-0532c2c5f18771fa8",
"ami_description": "CI Image of CentOS 7 x86_64",
"ami_name": "salt-project/ci/centos/7/x86_64/20231019.0610",
"ami_name": "salt-project/ci/centos/7/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -110,9 +110,9 @@
"ssh_username": "centos"
},
"centosstream-8-arm64": {
"ami": "ami-00819771fc6d6f37a",
"ami": "ami-0916df690c02e0af0",
"ami_description": "CI Image of CentOSStream 8 arm64",
"ami_name": "salt-project/ci/centosstream/8/arm64/20231019.0610",
"ami_name": "salt-project/ci/centosstream/8/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -120,9 +120,9 @@
"ssh_username": "centos"
},
"centosstream-8": {
"ami": "ami-00d0ebd1ad30509fc",
"ami": "ami-06cf36f0232c681e2",
"ami_description": "CI Image of CentOSStream 8 x86_64",
"ami_name": "salt-project/ci/centosstream/8/x86_64/20231019.0610",
"ami_name": "salt-project/ci/centosstream/8/x86_64/20231126.1416",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -130,9 +130,9 @@
"ssh_username": "centos"
},
"centosstream-9-arm64": {
"ami": "ami-08599182d0e9788f9",
"ami": "ami-094e17e254aa77811",
"ami_description": "CI Image of CentOSStream 9 arm64",
"ami_name": "salt-project/ci/centosstream/9/arm64/20231019.0610",
"ami_name": "salt-project/ci/centosstream/9/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -140,9 +140,9 @@
"ssh_username": "ec2-user"
},
"centosstream-9": {
"ami": "ami-0df4c4ee0d3a417e6",
"ami": "ami-0793e1741f291eaf9",
"ami_description": "CI Image of CentOSStream 9 x86_64",
"ami_name": "salt-project/ci/centosstream/9/x86_64/20231019.0610",
"ami_name": "salt-project/ci/centosstream/9/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -150,9 +150,9 @@
"ssh_username": "ec2-user"
},
"debian-10-arm64": {
"ami": "ami-0be576b80116655d6",
"ami": "ami-0c0b1bdab1b3c9733",
"ami_description": "CI Image of Debian 10 arm64",
"ami_name": "salt-project/ci/debian/10/arm64/20231019.0611",
"ami_name": "salt-project/ci/debian/10/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "false",
"instance_type": "m6g.large",
@ -160,9 +160,9 @@
"ssh_username": "admin"
},
"debian-10": {
"ami": "ami-0dc775a61113efde0",
"ami": "ami-082605fda5afd9131",
"ami_description": "CI Image of Debian 10 x86_64",
"ami_name": "salt-project/ci/debian/10/x86_64/20231019.0611",
"ami_name": "salt-project/ci/debian/10/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -170,9 +170,9 @@
"ssh_username": "admin"
},
"debian-11-arm64": {
"ami": "ami-086e42800d155779f",
"ami": "ami-0df6946d840d24ced",
"ami_description": "CI Image of Debian 11 arm64",
"ami_name": "salt-project/ci/debian/11/arm64/20231019.0611",
"ami_name": "salt-project/ci/debian/11/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "false",
"instance_type": "m6g.large",
@ -180,9 +180,9 @@
"ssh_username": "admin"
},
"debian-11": {
"ami": "ami-01b730ce9083afb7b",
"ami": "ami-0c2198080c953861d",
"ami_description": "CI Image of Debian 11 x86_64",
"ami_name": "salt-project/ci/debian/11/x86_64/20231019.0611",
"ami_name": "salt-project/ci/debian/11/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -190,9 +190,9 @@
"ssh_username": "admin"
},
"debian-12-arm64": {
"ami": "ami-0a8fb0c54e8ac78c3",
"ami": "ami-050b69eb0e0a66373",
"ami_description": "CI Image of Debian 12 arm64",
"ami_name": "salt-project/ci/debian/12/arm64/20231019.0611",
"ami_name": "salt-project/ci/debian/12/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "false",
"instance_type": "m6g.large",
@ -200,9 +200,9 @@
"ssh_username": "admin"
},
"debian-12": {
"ami": "ami-09736ea89f5625680",
"ami": "ami-032e397b97865f83e",
"ami_description": "CI Image of Debian 12 x86_64",
"ami_name": "salt-project/ci/debian/12/x86_64/20231019.0611",
"ami_name": "salt-project/ci/debian/12/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -210,9 +210,9 @@
"ssh_username": "admin"
},
"fedora-37-arm64": {
"ami": "ami-067631a1bb1d3d6e4",
"ami": "ami-0000739b5d4971ba1",
"ami_description": "CI Image of Fedora 37 arm64",
"ami_name": "salt-project/ci/fedora/37/arm64/20231019.0630",
"ami_name": "salt-project/ci/fedora/37/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -220,9 +220,9 @@
"ssh_username": "fedora"
},
"fedora-37": {
"ami": "ami-03dab52e75c1d7594",
"ami": "ami-086af8fe37696acd6",
"ami_description": "CI Image of Fedora 37 x86_64",
"ami_name": "salt-project/ci/fedora/37/x86_64/20231019.0630",
"ami_name": "salt-project/ci/fedora/37/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -230,9 +230,9 @@
"ssh_username": "fedora"
},
"fedora-38-arm64": {
"ami": "ami-0a67ad5dc0b4e67a9",
"ami": "ami-0a078cdd3a57ef342",
"ami_description": "CI Image of Fedora 38 arm64",
"ami_name": "salt-project/ci/fedora/38/arm64/20231019.0630",
"ami_name": "salt-project/ci/fedora/38/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -240,9 +240,9 @@
"ssh_username": "fedora"
},
"fedora-38": {
"ami": "ami-00e8299d247d3bfb9",
"ami": "ami-0566e7f93c5cf6afc",
"ami_description": "CI Image of Fedora 38 x86_64",
"ami_name": "salt-project/ci/fedora/38/x86_64/20231019.0630",
"ami_name": "salt-project/ci/fedora/38/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -250,9 +250,9 @@
"ssh_username": "fedora"
},
"opensuse-15": {
"ami": "ami-0fa4ce121739032e2",
"ami": "ami-0c64c574d488d33f6",
"ami_description": "CI Image of Opensuse 15 x86_64",
"ami_name": "salt-project/ci/opensuse/15/x86_64/20231019.0611",
"ami_name": "salt-project/ci/opensuse/15/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -260,9 +260,9 @@
"ssh_username": "ec2-user"
},
"photonos-3-arm64": {
"ami": "ami-09687bbdca9322cfd",
"ami": "ami-03ac724168ce02eed",
"ami_description": "CI Image of PhotonOS 3 arm64",
"ami_name": "salt-project/ci/photonos/3/arm64/20231019.0626",
"ami_name": "salt-project/ci/photonos/3/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -270,9 +270,9 @@
"ssh_username": "root"
},
"photonos-3": {
"ami": "ami-0e29021a535519231",
"ami": "ami-0072dfd1f7bc5f586",
"ami_description": "CI Image of PhotonOS 3 x86_64",
"ami_name": "salt-project/ci/photonos/3/x86_64/20231019.0626",
"ami_name": "salt-project/ci/photonos/3/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -280,9 +280,9 @@
"ssh_username": "root"
},
"photonos-4-arm64": {
"ami": "ami-06a0418b67a9ec332",
"ami": "ami-05a215fe4cf29227b",
"ami_description": "CI Image of PhotonOS 4 arm64",
"ami_name": "salt-project/ci/photonos/4/arm64/20231019.0626",
"ami_name": "salt-project/ci/photonos/4/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -290,9 +290,9 @@
"ssh_username": "root"
},
"photonos-4": {
"ami": "ami-08ae023a2755a60dc",
"ami": "ami-06addda42fc8c5db3",
"ami_description": "CI Image of PhotonOS 4 x86_64",
"ami_name": "salt-project/ci/photonos/4/x86_64/20231019.0626",
"ami_name": "salt-project/ci/photonos/4/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -300,9 +300,9 @@
"ssh_username": "root"
},
"photonos-5-arm64": {
"ami": "ami-05b3dd82b94e82736",
"ami": "ami-0e78012df225dbe96",
"ami_description": "CI Image of PhotonOS 5 arm64",
"ami_name": "salt-project/ci/photonos/5/arm64/20231019.0627",
"ami_name": "salt-project/ci/photonos/5/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -310,9 +310,9 @@
"ssh_username": "root"
},
"photonos-5": {
"ami": "ami-016991d4c267732c3",
"ami": "ami-0fc61f964bc262714",
"ami_description": "CI Image of PhotonOS 5 x86_64",
"ami_name": "salt-project/ci/photonos/5/x86_64/20231019.0627",
"ami_name": "salt-project/ci/photonos/5/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -320,9 +320,9 @@
"ssh_username": "root"
},
"ubuntu-20.04-arm64": {
"ami": "ami-0dc851d4db96c052b",
"ami": "ami-0cc504307b587cd77",
"ami_description": "CI Image of Ubuntu 20.04 arm64",
"ami_name": "salt-project/ci/ubuntu/20.04/arm64/20231019.0628",
"ami_name": "salt-project/ci/ubuntu/20.04/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -330,9 +330,9 @@
"ssh_username": "ubuntu"
},
"ubuntu-20.04": {
"ami": "ami-05c262fca2254d2cb",
"ami": "ami-03376fca39f6d9186",
"ami_description": "CI Image of Ubuntu 20.04 x86_64",
"ami_name": "salt-project/ci/ubuntu/20.04/x86_64/20231019.0627",
"ami_name": "salt-project/ci/ubuntu/20.04/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -340,9 +340,9 @@
"ssh_username": "ubuntu"
},
"ubuntu-22.04-arm64": {
"ami": "ami-007415ef606318020",
"ami": "ami-0be361d529bb46410",
"ami_description": "CI Image of Ubuntu 22.04 arm64",
"ami_name": "salt-project/ci/ubuntu/22.04/arm64/20231019.0628",
"ami_name": "salt-project/ci/ubuntu/22.04/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -350,9 +350,9 @@
"ssh_username": "ubuntu"
},
"ubuntu-22.04": {
"ami": "ami-04d01b95ca8570ed3",
"ami": "ami-0c9d29f29868da4ce",
"ami_description": "CI Image of Ubuntu 22.04 x86_64",
"ami_name": "salt-project/ci/ubuntu/22.04/x86_64/20231019.0628",
"ami_name": "salt-project/ci/ubuntu/22.04/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -360,9 +360,9 @@
"ssh_username": "ubuntu"
},
"ubuntu-23.04-arm64": {
"ami": "ami-0da01b22cca0f4281",
"ami": "ami-0b80ab7ead3c7d289",
"ami_description": "CI Image of Ubuntu 23.04 arm64",
"ami_name": "salt-project/ci/ubuntu/23.04/arm64/20231019.0629",
"ami_name": "salt-project/ci/ubuntu/23.04/arm64/20231126.1417",
"arch": "arm64",
"cloudwatch-agent-available": "true",
"instance_type": "m6g.large",
@ -370,9 +370,9 @@
"ssh_username": "ubuntu"
},
"ubuntu-23.04": {
"ami": "ami-03e32d8e9ccc6cd6a",
"ami": "ami-0d17dce1842e37811",
"ami_description": "CI Image of Ubuntu 23.04 x86_64",
"ami_name": "salt-project/ci/ubuntu/23.04/x86_64/20231019.0629",
"ami_name": "salt-project/ci/ubuntu/23.04/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.large",
@ -380,9 +380,9 @@
"ssh_username": "ubuntu"
},
"windows-2016": {
"ami": "ami-02fd868528f2c7a62",
"ami": "ami-043db64b3b46a804c",
"ami_description": "CI Image of Windows 2016 x86_64",
"ami_name": "salt-project/ci/windows/2016/x86_64/20231019.0610",
"ami_name": "salt-project/ci/windows/2016/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.xlarge",
@ -390,9 +390,9 @@
"ssh_username": "Administrator"
},
"windows-2019": {
"ami": "ami-0d6f2b5a109c98224",
"ami": "ami-0f7a8dc8862bff13f",
"ami_description": "CI Image of Windows 2019 x86_64",
"ami_name": "salt-project/ci/windows/2019/x86_64/20231019.0610",
"ami_name": "salt-project/ci/windows/2019/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.xlarge",
@ -400,9 +400,9 @@
"ssh_username": "Administrator"
},
"windows-2022": {
"ami": "ami-013e3141df4b2418f",
"ami": "ami-05a829f3649aa33d6",
"ami_description": "CI Image of Windows 2022 x86_64",
"ami_name": "salt-project/ci/windows/2022/x86_64/20231019.0610",
"ami_name": "salt-project/ci/windows/2022/x86_64/20231126.1417",
"arch": "x86_64",
"cloudwatch-agent-available": "true",
"instance_type": "t3a.xlarge",

2
cicd/shared-gh-workflows-context.yml
View file

@ -1,5 +1,5 @@
nox_version: "2022.8.7"
python_version: "3.10.13"
relenv_version: "0.13.11"
relenv_version: "0.14.2"
release-branches:
- "3006.x"

6
doc/man/salt.7
View file

@ -23710,7 +23710,7 @@ most secure setup, only connect syndics directly to master of masters.
.INDENT 0.0
.TP
.B email
\fI\%security@saltstack.com\fP
\fI\%saltproject-security.pdl@broadcom.com\fP
.TP
.B gpg key ID
4EA0793D
@ -23831,7 +23831,7 @@ fwPKmQ2cKnCBs5ASj1DkgUcz2c8DTUPVqg==
.UNINDENT
.UNINDENT
.sp
The SaltStack Security Team is available at \fI\%security@saltstack.com\fP for
The SaltStack Security Team is available at \fI\%saltproject-security.pdl@broadcom.com\fP for
security\-related bug reports or questions.
.sp
We request the disclosure of any security\-related bugs or issues be reported
@ -23845,7 +23845,7 @@ seriously. Our disclosure policy is intended to resolve security issues as
quickly and safely as is possible.
.INDENT 0.0
.IP 1. 3
A security report sent to \fI\%security@saltstack.com\fP is assigned to a team
A security report sent to \fI\%saltproject-security.pdl@broadcom.com\fP is assigned to a team
member. This person is the primary contact for questions and will
coordinate the fix, release, and announcement.
.IP 2. 3

6
doc/security/index.rst
View file

@ -4,7 +4,7 @@
Security disclosure policy
==========================
:email: security@saltstack.com
:email: saltproject-security.pdl@broadcom.com
:gpg key ID: 4EA0793D
:gpg key fingerprint: ``8ABE 4EFC F0F4 B24B FF2A AF90 D570 F2D3 4EA0 793D``
@ -114,7 +114,7 @@ Security disclosure policy
=i1Tf
-----END PGP PUBLIC KEY BLOCK-----
The SaltStack Security Team is available at security@saltstack.com for
The SaltStack Security Team is available at saltproject-security.pdl@broadcom.com for
security-related bug reports or questions.
We request the disclosure of any security-related bugs or issues be reported
@ -129,7 +129,7 @@ SaltStack takes security and the trust of our customers and users very
seriously. Our disclosure policy is intended to resolve security issues as
quickly and safely as is possible.
1. A security report sent to security@saltstack.com is assigned to a team
1. A security report sent to saltproject-security.pdl@broadcom.com is assigned to a team
member. This person is the primary contact for questions and will
coordinate the fix, release, and announcement.

19
doc/topics/development/modules/developing.rst
View file

@ -155,7 +155,7 @@ The following dunder dictionaries are always defined, but may be empty
__opts__
--------
..versionchanged:: 3006.0
.. versionchanged:: 3006.0
The ``__opts__`` dictionary can now be accessed via
:py:mod:`~salt.loader.context``.
@ -248,13 +248,6 @@ executions until the modules are refreshed; such as when
:py:func:`saltutil.sync_all <salt.modules.saltutil.sync_all>` or
:py:func:`state.apply <salt.modules.state.apply_>` are executed.
A great place to see how to use ``__context__`` is in the cp.py module in
salt/modules/cp.py. The fileclient authenticates with the master when it is
instantiated and then is used to copy files to the minion. Rather than create a
new fileclient for each file that is to be copied down, one instance of the
fileclient is instantiated in the ``__context__`` dictionary and is reused for
each file. Here is an example from salt/modules/cp.py:
.. code-block:: python
if not "cp.fileclient" in __context__:
@ -303,3 +296,13 @@ Defined in: State
__sdb__
-------
Defined in: SDB
__file_client__
---------------
.. versionchanged:: 3006.5
The ``__file_client__`` dunder was added to states and execution modules. This
enables the use of a file client without haveing to instantiate one in
the module.

142
noxfile.py
View file

@ -249,13 +249,15 @@ def _get_pip_requirements_file(session, crypto=None, requirements_type="ci"):
session.error(f"Could not find a linux requirements file for {pydir}")
def _upgrade_pip_setuptools_and_wheel(session, upgrade=True, onedir=False):
def _upgrade_pip_setuptools_and_wheel(session, upgrade=True):
if SKIP_REQUIREMENTS_INSTALL:
session.log(
"Skipping Python Requirements because SKIP_REQUIREMENTS_INSTALL was found in the environ"
)
return False
env = os.environ.copy()
env["PIP_CONSTRAINT"] = str(REPO_ROOT / "requirements" / "constraints.txt")
install_command = [
"python",
"-m",
@ -265,20 +267,8 @@ def _upgrade_pip_setuptools_and_wheel(session, upgrade=True, onedir=False):
]
if upgrade:
install_command.append("-U")
if onedir:
requirements = [
"pip>=22.3.1,<23.0",
# https://github.com/pypa/setuptools/commit/137ab9d684075f772c322f455b0dd1f992ddcd8f
"setuptools>=65.6.3,<66",
"wheel",
]
else:
requirements = [
"pip>=20.2.4,<21.2",
"setuptools!=50.*,!=51.*,!=52.*,<59",
]
install_command.extend(requirements)
session_run_always(session, *install_command, silent=PIP_INSTALL_SILENT)
install_command.extend(["setuptools", "pip", "wheel"])
session_run_always(session, *install_command, silent=PIP_INSTALL_SILENT, env=env)
return True
@ -291,20 +281,23 @@ def _install_requirements(
if onedir and IS_LINUX:
session_run_always(session, "python3", "-m", "relenv", "toolchain", "fetch")
if not _upgrade_pip_setuptools_and_wheel(session, onedir=onedir):
if not _upgrade_pip_setuptools_and_wheel(session):
return False
# Install requirements
env = os.environ.copy()
env["PIP_CONSTRAINT"] = str(REPO_ROOT / "requirements" / "constraints.txt")
requirements_file = _get_pip_requirements_file(
session, requirements_type=requirements_type
)
install_command = ["--progress-bar=off", "-r", requirements_file]
session.install(*install_command, silent=PIP_INSTALL_SILENT)
session.install(*install_command, silent=PIP_INSTALL_SILENT, env=env)
if extra_requirements:
install_command = ["--progress-bar=off"]
install_command += list(extra_requirements)
session.install(*install_command, silent=PIP_INSTALL_SILENT)
session.install(*install_command, silent=PIP_INSTALL_SILENT, env=env)
if EXTRA_REQUIREMENTS_INSTALL:
session.log(
@ -316,13 +309,15 @@ def _install_requirements(
# we're already using, we want to maintain the locked version
install_command = ["--progress-bar=off", "--constraint", requirements_file]
install_command += EXTRA_REQUIREMENTS_INSTALL.split()
session.install(*install_command, silent=PIP_INSTALL_SILENT)
session.install(*install_command, silent=PIP_INSTALL_SILENT, env=env)
return True
def _install_coverage_requirement(session):
if SKIP_REQUIREMENTS_INSTALL is False:
env = os.environ.copy()
env["PIP_CONSTRAINT"] = str(REPO_ROOT / "requirements" / "constraints.txt")
coverage_requirement = COVERAGE_REQUIREMENT
if coverage_requirement is None:
coverage_requirement = "coverage==7.3.1"
@ -339,7 +334,10 @@ def _install_coverage_requirement(session):
# finish within 1 to 2 hours.
coverage_requirement = "coverage==5.5"
session.install(
"--progress-bar=off", coverage_requirement, silent=PIP_INSTALL_SILENT
"--progress-bar=off",
coverage_requirement,
silent=PIP_INSTALL_SILENT,
env=env,
)
@ -1552,7 +1550,7 @@ def lint_salt(session):
paths = session.posargs
else:
# TBD replace paths entries when implement pyproject.toml
paths = ["setup.py", "noxfile.py", "salt/", "tasks/"]
paths = ["setup.py", "noxfile.py", "salt/"]
_lint(session, ".pylintrc", flags, paths)
@ -1694,37 +1692,6 @@ def docs_man(session, compress, update, clean):
os.chdir("..")
@nox.session(name="invoke", python="3")
def invoke(session):
"""
Run invoke tasks
"""
if _upgrade_pip_setuptools_and_wheel(session):
_install_requirements(session)
requirements_file = os.path.join(
"requirements", "static", "ci", _get_pydir(session), "invoke.txt"
)
install_command = ["--progress-bar=off", "-r", requirements_file]
session.install(*install_command, silent=PIP_INSTALL_SILENT)
cmd = ["inv"]
files = []
# Unfortunately, invoke doesn't support the nargs functionality like argpase does.
# Let's make it behave properly
for idx, posarg in enumerate(session.posargs):
if idx == 0:
cmd.append(posarg)
continue
if posarg.startswith("--"):
cmd.append(posarg)
continue
files.append(posarg)
if files:
cmd.append("--files={}".format(" ".join(files)))
session.run(*cmd)
@nox.session(name="changelog", python="3")
@nox.parametrize("draft", [False, True])
@nox.parametrize("force", [False, True])
@ -1925,17 +1892,13 @@ def ci_test_onedir_pkgs(session):
chunk = session.posargs.pop(0)
cmd_args = chunks[chunk]
junit_report_filename = f"test-results-{chunk}"
runtests_log_filename = f"runtests-{chunk}"
pydir = _get_pydir(session)
if IS_LINUX:
# Fetch the toolchain
session_run_always(session, "python3", "-m", "relenv", "toolchain", "fetch")
# Install requirements
if _upgrade_pip_setuptools_and_wheel(session, onedir=True):
if _upgrade_pip_setuptools_and_wheel(session):
_install_requirements(session, "pyzmq")
env = {
"ONEDIR_TESTRUN": "1",
@ -1950,12 +1913,39 @@ def ci_test_onedir_pkgs(session):
+ [
"-c",
str(REPO_ROOT / "pkg-tests-pytest.ini"),
f"--junitxml=artifacts/xml-unittests-output/{junit_report_filename}.xml",
f"--log-file=artifacts/logs/{runtests_log_filename}.log",
f"--junitxml=artifacts/xml-unittests-output/test-results-{chunk}.xml",
f"--log-file=artifacts/logs/runtests-{chunk}.log",
]
+ session.posargs
)
_pytest(session, coverage=False, cmd_args=pytest_args, env=env)
try:
_pytest(session, coverage=False, cmd_args=pytest_args, env=env)
except CommandFailed:
# Don't print the system information, not the test selection on reruns
global PRINT_TEST_SELECTION
global PRINT_SYSTEM_INFO
PRINT_TEST_SELECTION = False
PRINT_SYSTEM_INFO = False
pytest_args = (
cmd_args[:]
+ [
"-c",
str(REPO_ROOT / "pkg-tests-pytest.ini"),
f"--junitxml=artifacts/xml-unittests-output/test-results-{chunk}-rerun.xml",
f"--log-file=artifacts/logs/runtests-{chunk}-rerun.log",
"--lf",
]
+ session.posargs
)
_pytest(
session,
coverage=False,
cmd_args=pytest_args,
env=env,
on_rerun=True,
)
if chunk not in ("install", "download-pkgs"):
cmd_args = chunks["install"]
@ -1965,8 +1955,8 @@ def ci_test_onedir_pkgs(session):
"-c",
str(REPO_ROOT / "pkg-tests-pytest.ini"),
"--no-install",
f"--junitxml=artifacts/xml-unittests-output/{junit_report_filename}.xml",
f"--log-file=artifacts/logs/{runtests_log_filename}.log",
f"--junitxml=artifacts/xml-unittests-output/test-results-install.xml",
f"--log-file=artifacts/logs/runtests-install.log",
]
+ session.posargs
)
@ -1974,5 +1964,31 @@ def ci_test_onedir_pkgs(session):
pytest_args.append("--use-prev-version")
if chunk in ("upgrade-classic", "downgrade-classic"):
pytest_args.append("--classic")
_pytest(session, coverage=False, cmd_args=pytest_args, env=env)
try:
_pytest(session, coverage=False, cmd_args=pytest_args, env=env)
except CommandFailed:
cmd_args = chunks["install"]
pytest_args = (
cmd_args[:]
+ [
"-c",
str(REPO_ROOT / "pkg-tests-pytest.ini"),
"--no-install",
f"--junitxml=artifacts/xml-unittests-output/test-results-install-rerun.xml",
f"--log-file=artifacts/logs/runtests-install-rerun.log",
"--lf",
]
+ session.posargs
)
if "downgrade" in chunk:
pytest_args.append("--use-prev-version")
if chunk in ("upgrade-classic", "downgrade-classic"):
pytest_args.append("--classic")
_pytest(
session,
coverage=False,
cmd_args=pytest_args,
env=env,
on_rerun=True,
)
sys.exit(0)

9
pkg/common/logrotate/salt-common
View file

@ -4,7 +4,7 @@
rotate 7
compress
notifempty
create 0640 salt salt
create 0640
}
/var/log/salt/minion {
@ -13,6 +13,7 @@
rotate 7
compress
notifempty
create 0640
}
/var/log/salt/key {
@ -21,7 +22,7 @@
rotate 7
compress
notifempty
create 0640 salt salt
create 0640
}
/var/log/salt/api {
@ -30,7 +31,7 @@
rotate 7
compress
notifempty
create 0640 salt salt
create 0640
}
/var/log/salt/syndic {
@ -39,6 +40,7 @@
rotate 7
compress
notifempty
create 0640
}
/var/log/salt/proxy {
@ -47,4 +49,5 @@
rotate 7
compress
notifempty
create 0640
}

20
pkg/macos/build_python.sh
View file

@ -243,12 +243,7 @@ else
# We want to suppress the output here so it looks nice
# To see the output, remove the output redirection
_msg "Fetching python (relenv)"
relenv fetch --python=$PY_VERSION
if [ -f "$RELENV_DIR/build/$PY_VERSION-x86_64-macos.tar.xz" ]; then
_success
else
_failure
fi
relenv fetch --python=$PY_VERSION && _success || _failure
fi
_msg "Extracting python environment"
@ -262,6 +257,7 @@ fi
#-------------------------------------------------------------------------------
# Removing Unneeded Libraries from Python
#-------------------------------------------------------------------------------
PY_VERSION_MINOR=$($BLD_PY_BIN -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info))')
REMOVE=(
"idlelib"
"test"
@ -269,16 +265,10 @@ REMOVE=(
"turtledemo"
)
for i in "${REMOVE[@]}"; do
TEST_DIR="$BUILD_DIR/opt/salt/lib/python3.*/$i"
DIR=$(compgen -G "$TEST_DIR")
if [ -n "$DIR" ]; then
TEST_DIR="$BUILD_DIR/opt/salt/lib/python${PY_VERSION_MINOR}/$i"
if [ -d "$TEST_DIR" ]; then
_msg "Removing $i directory"
rm -rf "$DIR"
if ! compgen -G "$TEST_DIR" > /dev/null; then
_success
else
_failure
fi
rm -rf "$TEST_DIR" && _success || _failure
fi
done

36
pkg/rpm/salt.spec
View file

@ -50,6 +50,9 @@ Requires: dmidecode
Requires: pciutils
Requires: which
Requires: openssl
Requires: /usr/sbin/usermod
Requires: /usr/sbin/groupadd
Requires: /usr/sbin/useradd
BuildRequires: python3
BuildRequires: python3-pip
@ -159,6 +162,7 @@ mkdir -p $RPM_BUILD_DIR/build
cd $RPM_BUILD_DIR
%if "%{getenv:SALT_ONEDIR_ARCHIVE}" == ""
export PIP_CONSTRAINT=%{_salt_src}/requirements/constraints.txt
export FETCH_RELENV_VERSION=${SALT_RELENV_VERSION}
python3 -m venv --clear --copies build/venv
build/venv/bin/python3 -m pip install relenv==${SALT_RELENV_VERSION}
@ -463,8 +467,12 @@ if [ $1 -lt 2 ]; then
# ensure hmac are up to date, master or minion, rest install one or the other
# key used is from openssl/crypto/fips/fips_standalone_hmac.c openssl 1.1.1k
if [ $(cat /etc/os-release | grep VERSION_ID | cut -d '=' -f 2 | sed 's/\"//g' | cut -d '.' -f 1) = "8" ]; then
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libssl.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libcrypto.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
if [ -e /opt/saltstack/salt/lib/libssl.so.1.1 ]; then
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libssl.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
fi
if [ -e /opt/saltstack/salt/lib/libcrypto.so.1.1 ]; then
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libcrypto.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
fi
fi
fi
@ -482,8 +490,12 @@ if [ $1 -lt 2 ]; then
# ensure hmac are up to date, master or minion, rest install one or the other
# key used is from openssl/crypto/fips/fips_standalone_hmac.c openssl 1.1.1k
if [ $(cat /etc/os-release | grep VERSION_ID | cut -d '=' -f 2 | sed 's/\"//g' | cut -d '.' -f 1) = "8" ]; then
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libssl.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libcrypto.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
if [ -e /opt/saltstack/salt/lib/libssl.so.1.1 ]; then
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libssl.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
fi
if [ -e /opt/saltstack/salt/lib/libcrypto.so.1.1 ]; then
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libcrypto.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
fi
fi
fi
@ -537,8 +549,12 @@ if [ $1 -eq 0 ]; then
if [ $(cat /etc/os-release | grep VERSION_ID | cut -d '=' -f 2 | sed 's/\"//g' | cut -d '.' -f 1) = "8" ]; then
if [ -z "$(rpm -qi salt-minion | grep Name | grep salt-minion)" ]; then
# uninstall and no minion running
/bin/rm -f /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
/bin/rm -f /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
if [ -e /opt/saltstack/salt/lib/.libssl.so.1.1.hmac ]; then
/bin/rm -f /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
fi
if [ -e /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac ]; then
/bin/rm -f /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
fi
fi
fi
fi
@ -552,8 +568,12 @@ if [ $1 -eq 0 ]; then
if [ $(cat /etc/os-release | grep VERSION_ID | cut -d '=' -f 2 | sed 's/\"//g' | cut -d '.' -f 1) = "8" ]; then
if [ -z "$(rpm -qi salt-master | grep Name | grep salt-master)" ]; then
# uninstall and no master running
/bin/rm -f /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
/bin/rm -f /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
if [ -e /opt/saltstack/salt/lib/.libssl.so.1.1.hmac ]; then
/bin/rm -f /opt/saltstack/salt/lib/.libssl.so.1.1.hmac || :
fi
if [ -e /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac ]; then
/bin/rm -f /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
fi
fi
fi
fi

8
pkg/tests/conftest.py
View file

@ -25,6 +25,9 @@ from tests.support.sminion import create_sminion
log = logging.getLogger(__name__)
# Variable defining a FIPS test run or not
FIPS_TESTRUN = os.environ.get("FIPS_TESTRUN", "0") == "1"
@pytest.fixture(scope="session")
def version(install_salt):
@ -336,6 +339,8 @@ def salt_master(salt_factories, install_salt, state_tree, pillar_tree):
"rest_cherrypy": {"port": 8000, "disable_ssl": True},
"netapi_enable_clients": ["local"],
"external_auth": {"auto": {"saltdev": [".*"]}},
"fips_mode": FIPS_TESTRUN,
"open_mode": True,
}
test_user = False
master_config = install_salt.config_path / "master"
@ -396,7 +401,6 @@ def salt_master(salt_factories, install_salt, state_tree, pillar_tree):
scripts_dir = salt_factories.root_dir / "Scripts"
scripts_dir.mkdir(exist_ok=True)
salt_factories.scripts_dir = scripts_dir
config_overrides["open_mode"] = True
python_executable = install_salt.bin_dir / "Scripts" / "python.exe"
if install_salt.classic:
python_executable = install_salt.bin_dir / "python.exe"
@ -469,6 +473,8 @@ def salt_minion(salt_factories, salt_master, install_salt):
"id": minion_id,
"file_roots": salt_master.config["file_roots"].copy(),
"pillar_roots": salt_master.config["pillar_roots"].copy(),
"fips_mode": FIPS_TESTRUN,
"open_mode": True,
}
if platform.is_windows():
config_overrides[

4
pkg/tests/download/test_pkg_download.py
View file

@ -255,8 +255,6 @@ def setup_redhat_family(
repo_subpath,
):
arch = os.environ.get("SALT_REPO_ARCH") or "x86_64"
if arch == "aarch64":
arch = "arm64"
if repo_subpath == "minor":
repo_url_base = (
@ -403,8 +401,6 @@ def setup_macos(
):
arch = os.environ.get("SALT_REPO_ARCH") or "x86_64"
if package_type == "package":
if arch == "aarch64":
arch = "arm64"
if packaging.version.parse(salt_release) > packaging.version.parse("3005"):
mac_pkg = f"salt-{salt_release}-py3-{arch}.pkg"

15
pkg/tests/integration/test_pkg.py
View file

@ -1,4 +1,5 @@
import sys
import time
import pytest
@ -8,12 +9,22 @@ def pkg_name(salt_call_cli, grains):
if sys.platform.startswith("win"):
ret = salt_call_cli.run("--local", "winrepo.update_git_repos")
assert ret.returncode == 0
ret = salt_call_cli.run("--local", "pkg.refresh_db")
assert ret.returncode == 0
attempts = 3
while attempts:
attempts -= 1
ret = salt_call_cli.run("--local", "pkg.refresh_db")
if ret.returncode:
time.sleep(5)
continue
break
else:
pytest.fail("Failed to run 'pkg.refresh_db' 3 times.")
return "putty"
elif grains["os_family"] == "RedHat":
if grains["os"] == "VMware Photon OS":
return "snoopy"
elif grains["osfinger"] == "Amazon Linux-2023":
return "dnf-utils"
return "units"
elif grains["os_family"] == "Debian":
return "ifenslave"

191
pkg/tests/integration/test_salt_user.py
View file

@ -6,6 +6,7 @@ import sys
import packaging.version
import psutil
import pytest
from saltfactories.utils.tempfiles import temp_directory
pytestmark = [
pytest.mark.skip_on_windows,
@ -135,9 +136,9 @@ def test_pkg_paths(
Test package paths ownership
"""
if packaging.version.parse(install_salt.version) <= packaging.version.parse(
"3006.2"
"3006.4"
):
pytest.skip("Package path ownership was changed in salt 3006.3")
pytest.skip("Package path ownership was changed in salt 3006.4")
salt_user_subdirs = []
for _path in pkg_paths:
pkg_path = pathlib.Path(_path)
@ -170,3 +171,189 @@ def test_pkg_paths(
else:
assert file_path.owner() == "root"
assert file_path.group() == "root"
@pytest.mark.skip_if_binaries_missing("logrotate")
def test_paths_log_rotation(
salt_master, salt_minion, salt_call_cli, install_salt, test_account
):
"""
Test the correct ownership is assigned when log rotation occurs
Change the user in the Salt Master, chage ownership, force logrotation
Check ownership and premissions.
Assumes test_pkg_paths successful
"""
if packaging.version.parse(install_salt.version) <= packaging.version.parse(
"3006.4"
):
pytest.skip("Package path ownership was changed in salt 3006.4")
if install_salt.distro_id not in ("centos", "redhat", "amzn", "fedora"):
pytest.skip(
"Only tests RedHat family packages till logrotation paths are resolved on Ubuntu/Debian, see issue 65231"
)
# check that the salt_master is running
assert salt_master.is_running()
match = False
for proc in psutil.Process(salt_master.pid).children():
assert proc.username() == "salt"
match = True
assert match
# Paths created by package installs with adjustment for current conf_dir /etc/salt
log_pkg_paths = [
install_salt.conf_dir, # "bkup0"
"/var/cache/salt", # "bkup1"
"/var/log/salt", # "bkup2"
"/var/run/salt", # "bkup3"
"/opt/saltstack/salt", # "bkup4"
]
# backup those about to change
bkup_count = 0
bkup_count_max = 5
with temp_directory("bkup0") as temp_dir_path_0:
with temp_directory("bkup1") as temp_dir_path_1:
with temp_directory("bkup2") as temp_dir_path_2:
with temp_directory("bkup3") as temp_dir_path_3:
with temp_directory("bkup4") as temp_dir_path_4:
assert temp_dir_path_0.is_dir()
assert temp_dir_path_1.is_dir()
assert temp_dir_path_2.is_dir()
assert temp_dir_path_3.is_dir()
assert temp_dir_path_4.is_dir()
# stop the salt_master, so can change user
with salt_master.stopped():
assert salt_master.is_running() is False
for _path in log_pkg_paths:
if bkup_count == 0:
cmd_to_run = (
f"cp -a {_path}/* {str(temp_dir_path_0)}/"
)
elif bkup_count == 1:
cmd_to_run = (
f"cp -a {_path}/* {str(temp_dir_path_1)}/"
)
elif bkup_count == 2:
cmd_to_run = (
f"cp -a {_path}/* {str(temp_dir_path_2)}/"
)
elif bkup_count == 3:
cmd_to_run = (
f"cp -a {_path}/* {str(temp_dir_path_3)}/"
)
elif bkup_count == 4:
cmd_to_run = (
f"cp -a {_path}/* {str(temp_dir_path_4)}/"
)
elif bkup_count > 5:
assert bkupcount < bkup_count_max # force assertion
ret = salt_call_cli.run(
"--local", "cmd.run", cmd_to_run
)
bkup_count += 1
assert ret.returncode == 0
# change the user in the master's config file.
ret = salt_call_cli.run(
"--local",
"file.replace",
f"{install_salt.conf_dir}/master",
"user: salt",
f"user: {test_account.username}",
"flags=['IGNORECASE']",
"append_if_not_found=True",
)
assert ret.returncode == 0
# change ownership of appropriate paths to user
for _path in log_pkg_paths:
chg_ownership_cmd = (
f"chown -R {test_account.username} {_path}"
)
ret = salt_call_cli.run(
"--local", "cmd.run", chg_ownership_cmd
)
assert ret.returncode == 0
# restart the salt_master
with salt_master.started():
assert salt_master.is_running() is True
# ensure some data in files
log_files_list = [
"/var/log/salt/api",
"/var/log/salt/key",
"/var/log/salt/master",
]
for _path in log_files_list:
log_path = pathlib.Path(_path)
assert log_path.exists()
with log_path.open("a") as f:
f.write("This is a log rotation test\n")
# force log rotation
logr_conf_file = "/etc/logrotate.d/salt"
logr_conf_path = pathlib.Path(logr_conf_file)
if not logr_conf_path.exists():
logr_conf_file = "/etc/logrotate.conf"
logr_conf_path = pathlib.Path(logr_conf_file)
assert logr_conf_path.exists()
# force log rotation
log_rotate_cmd = f"logrotate -f {logr_conf_file}"
ret = salt_call_cli.run(
"--local", "cmd.run", log_rotate_cmd
)
assert ret.returncode == 0
for _path in log_files_list:
log_path = pathlib.Path(_path)
assert log_path.exists()
assert log_path.owner() == test_account.username
assert log_path.stat().st_mode & 0o7777 == 0o640
# cleanup
assert salt_master.is_running() is False
# change the user in the master's config file.
ret = salt_call_cli.run(
"--local",
"file.replace",
f"{install_salt.conf_dir}/master",
f"user: {test_account.username}",
"user: salt",
"flags=['IGNORECASE']",
"append_if_not_found=True",
)
assert ret.returncode == 0
# restore from backed up
bkup_count = 0
for _path in log_pkg_paths:
if bkup_count == 0:
cmd_to_run = f"cp -a --force {str(temp_dir_path_0)}/* {_path}/"
elif bkup_count == 1:
cmd_to_run = f"cp -a --force {str(temp_dir_path_1)}/* {_path}/"
elif bkup_count == 2:
cmd_to_run = f"cp -a --force {str(temp_dir_path_2)}/* {_path}/"
elif bkup_count == 3:
cmd_to_run = f"cp -a --force {str(temp_dir_path_3)}/* {_path}/"
elif bkup_count == 4:
# use --update since /opt/saltstack/salt and would get SIGSEGV since mucking with running code
cmd_to_run = f"cp -a --update --force {str(temp_dir_path_4)}/* {_path}/"
elif bkup_count > 5:
assert bkupcount < bkup_count_max # force assertion
ret = salt_call_cli.run(
"--local", "cmd.run", cmd_to_run
)
bkup_count += 1
assert ret.returncode == 0

45
pkg/tests/integration/test_systemd_config.py
View file

@ -7,17 +7,13 @@ pytestmark = [
]
def test_system_config(salt_cli, salt_minion):
@pytest.mark.usefixtures("salt_minion")
def test_system_config(grains):
"""
Test system config
"""
get_family = salt_cli.run("grains.get", "os_family", minion_tgt=salt_minion.id)
assert get_family.returncode == 0
get_finger = salt_cli.run("grains.get", "osfinger", minion_tgt=salt_minion.id)
assert get_finger.returncode == 0
if get_family.data == "RedHat":
if get_finger.data in (
if grains["os_family"] == "RedHat":
if grains["osfinger"] in (
"CentOS Stream-8",
"CentOS Linux-8",
"CentOS Stream-9",
@ -25,25 +21,22 @@ def test_system_config(salt_cli, salt_minion):
"VMware Photon OS-3",
"VMware Photon OS-4",
"VMware Photon OS-5",
"Amazon Linux-2023",
):
ret = subprocess.call(
"systemctl show -p ${config} salt-minion.service", shell=True
)
assert ret == 0
expected_retcode = 0
else:
ret = subprocess.call(
"systemctl show -p ${config} salt-minion.service", shell=True
)
assert ret == 1
expected_retcode = 1
ret = subprocess.call(
"systemctl show -p ${config} salt-minion.service", shell=True
)
assert ret == expected_retcode
elif "Debian" in get_family.stdout:
if "Debian-9" in get_finger.stdout:
ret = subprocess.call(
"systemctl show -p ${config} salt-minion.service", shell=True
)
assert ret == 1
elif grains["os_family"] == "Debian":
if grains["osfinger"] == "Debian-9":
expected_retcode = 1
else:
ret = subprocess.call(
"systemctl show -p ${config} salt-minion.service", shell=True
)
assert ret == 0
expected_retcode = 0
ret = subprocess.call(
"systemctl show -p ${config} salt-minion.service", shell=True
)
assert ret == expected_retcode

22
pkg/tests/integration/test_version.py
View file

@ -1,5 +1,6 @@
import os.path
import pathlib
import re
import subprocess
import pytest
@ -42,7 +43,22 @@ def test_salt_versions_report_minion(salt_cli, salt_minion):
"""
Test running test.versions_report on minion
"""
ret = salt_cli.run("test.versions_report", minion_tgt=salt_minion.id)
# Make sure the minion is running
assert salt_minion.is_running()
# Make sure we can ping the minion ...
ret = salt_cli.run(
"--timeout=240", "test.ping", minion_tgt=salt_minion.id, _timeout=240
)
assert ret.returncode == 0
assert ret.data is True
ret = salt_cli.run(
"--hard-crash",
"--failhard",
"--timeout=240",
"test.versions_report",
minion_tgt=salt_minion.id,
_timeout=240,
)
ret.stdout.matcher.fnmatch_lines(["*Salt Version:*"])
@ -109,14 +125,14 @@ def test_compare_pkg_versions_redhat_rc(version, install_salt):
package of the same version. For example, v3004~rc1 should be less than
v3004.
"""
if install_salt.distro_id not in ("centos", "redhat", "amzn", "fedora"):
if install_salt.distro_id not in ("centos", "redhat", "amzn", "fedora", "photon"):
pytest.skip("Only tests rpm packages")
pkg = [x for x in install_salt.pkgs if "rpm" in x]
if not pkg:
pytest.skip("Not testing rpm packages")
pkg = pkg[0].split("/")[-1]
if "rc" not in pkg:
if "rc" not in ".".join(pkg.split(".")[:2]):
pytest.skip("Not testing an RC package")
assert "~" in pkg
comp_pkg = pkg.split("~")[0]

72
pkg/tests/support/helpers.py
View file

@ -78,20 +78,21 @@ class SaltPkgInstall:
distro_name: str = attr.ib(init=False)
distro_version: str = attr.ib(init=False)
# Package (and management) metadata
pkg_mngr: str = attr.ib(init=False)
rm_pkg: str = attr.ib(init=False)
salt_pkgs: List[str] = attr.ib(init=False)
pkgs: List[str] = attr.ib(factory=list)
file_ext: bool = attr.ib(default=None)
relenv: bool = attr.ib(default=True)
# Version information
prev_version: str = attr.ib()
use_prev_version: str = attr.ib()
artifact_version: str = attr.ib(init=False)
version: str = attr.ib(init=False)
# Package (and management) metadata
pkg_mngr: str = attr.ib(init=False)
rm_pkg: str = attr.ib(init=False)
dbg_pkg: str = attr.ib(init=False)
salt_pkgs: List[str] = attr.ib(init=False)
pkgs: List[str] = attr.ib(factory=list)
file_ext: bool = attr.ib(default=None)
relenv: bool = attr.ib(default=True)
@proc.default
def _default_proc(self):
return Subprocess()
@ -106,11 +107,16 @@ class SaltPkgInstall:
@distro_name.default
def _default_distro_name(self):
if distro.name():
return distro.name().split()[0].lower()
name = distro.name()
if name:
if "vmware" in name.lower():
return name.split()[1].lower()
return name.split()[0].lower()
@distro_version.default
def _default_distro_version(self):
if self.distro_name == "photon":
return distro.version().split(".")[0]
return distro.version().lower()
@pkg_mngr.default
@ -129,6 +135,15 @@ class SaltPkgInstall:
elif self.distro_id in ("ubuntu", "debian"):
return "purge"
@dbg_pkg.default
def _default_dbg_pkg(self):
dbg_pkg = None
if self.distro_id in ("centos", "redhat", "amzn", "fedora", "photon"):
dbg_pkg = "salt-debuginfo"
elif self.distro_id in ("ubuntu", "debian"):
dbg_pkg = "salt-dbg"
return dbg_pkg
@salt_pkgs.default
def _default_salt_pkgs(self):
salt_pkgs = [
@ -143,6 +158,9 @@ class SaltPkgInstall:
salt_pkgs.append("salt")
elif self.distro_id in ("ubuntu", "debian"):
salt_pkgs.append("salt-common")
if packaging.version.parse(self.version) >= packaging.version.parse("3006.3"):
if self.dbg_pkg:
salt_pkgs.append(self.dbg_pkg)
return salt_pkgs
@install_dir.default
@ -445,9 +463,14 @@ class SaltPkgInstall:
]
log.info("Installing packages:\n%s", pprint.pformat(self.pkgs))
args = extra_args + self.pkgs
upgrade_cmd = "upgrade"
if self.distro_id == "photon":
# tdnf does not detect nightly build versions to be higher version
# than release versions
upgrade_cmd = "install"
ret = self.proc.run(
self.pkg_mngr,
"upgrade",
upgrade_cmd,
"-y",
*args,
_timeout=120,
@ -511,7 +534,14 @@ class SaltPkgInstall:
if self.classic:
root_url = "py3/"
if self.distro_name in ["redhat", "centos", "amazon", "fedora", "vmware"]:
if self.distro_name in [
"redhat",
"centos",
"amazon",
"fedora",
"vmware",
"photon",
]:
# Removing EPEL repo files
for fp in pathlib.Path("/etc", "yum.repos.d").glob("epel*"):
fp.unlink()
@ -522,7 +552,12 @@ class SaltPkgInstall:
gpg_key = "SALT-PROJECT-GPG-PUBKEY-2023.pub"
if platform.is_aarch64():
arch = "aarch64"
arch = "arm64"
# Starting with 3006.5, we prioritize the aarch64 repo paths for rpm-based distros
if packaging.version.parse(
self.prev_version
) >= packaging.version.parse("3006.5"):
arch = "aarch64"
else:
arch = "x86_64"
ret = self.proc.run(
@ -535,7 +570,11 @@ class SaltPkgInstall:
f"https://repo.saltproject.io/{root_url}{distro_name}/{self.distro_version}/{arch}/{major_ver}.repo",
f"/etc/yum.repos.d/salt-{distro_name}.repo",
)
ret = self.proc.run(self.pkg_mngr, "clean", "expire-cache")
if self.distro_name == "photon":
# yum version on photon doesn't support expire-cache
ret = self.proc.run(self.pkg_mngr, "clean", "all")
else:
ret = self.proc.run(self.pkg_mngr, "clean", "expire-cache")
self._check_retcode(ret)
cmd_action = "downgrade" if downgrade else "install"
pkgs_to_install = self.salt_pkgs.copy()
@ -549,6 +588,11 @@ class SaltPkgInstall:
idx = list_ret.index("Available Packages")
old_ver = list_ret[idx + 1].split()[1]
pkgs_to_install = [f"{pkg}-{old_ver}" for pkg in pkgs_to_install]
if self.dbg_pkg:
# self.dbg_pkg does not exist on classic packages
dbg_exists = [x for x in pkgs_to_install if self.dbg_pkg in x]
if dbg_exists:
pkgs_to_install.remove(dbg_exists[0])
cmd_action = "install"
ret = self.proc.run(
self.pkg_mngr,

2
requirements/base.txt
View file

@ -1,3 +1,5 @@
--constraint=constraints.txt
Jinja2
jmespath
msgpack>=1.0.0

3
requirements/constraints.txt Normal file
View file

@ -0,0 +1,3 @@
setuptools >= 65.6.3,< 69.0
setuptools-scm < 8.0.0
pip >= 22.3.1,< 23.0

3
requirements/pytest.txt
View file

@ -2,7 +2,7 @@ mock >= 3.0.0
# PyTest
docker
pytest >= 7.2.0
pytest-salt-factories >= 1.0.0rc27
pytest-salt-factories >= 1.0.0rc28
pytest-helpers-namespace >= 2019.1.8
pytest-subtests
pytest-timeout
@ -10,3 +10,4 @@ pytest-httpserver
pytest-custom-exit-code >= 0.3
flaky
more-itertools
pyfakefs

5
requirements/static/ci/invoke.in
View file

@ -1,5 +0,0 @@
--constraint=./py{py_version}/{platform}.txt
invoke
blessings
pyyaml

4
requirements/static/ci/py3.10/changelog.txt
View file

@ -17,11 +17,11 @@ jinja2==3.1.2
# via
# -c requirements/static/ci/py3.10/linux.txt
# towncrier
looseversion==1.2.0
looseversion==1.3.0
# via
# -c requirements/static/ci/py3.10/linux.txt
# -r requirements/static/ci/changelog.in
markupsafe==2.1.2
markupsafe==2.1.3
# via
# -c requirements/static/ci/py3.10/linux.txt
# jinja2

Some files were not shown because too many files have changed in this diff Show more