dependabot[bot]
502fbea8c1
build(deps): bump actions/checkout from 4.1.6 to 4.1.7
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-01 13:18:45 +02:00
Luca Boccassi
ea6376d17f
mkosi: bump to latest commit
2024-06-26 15:47:13 +01:00
Luca Boccassi
3001339dc5
mkosi: bump to latest
2024-06-17 17:40:48 +01:00
Luca Boccassi
bdd0b45bfd
CI: disable secure boot in mkosi GHA runs
...
Booting a guest with secure boot is broken in Azure due to a hypervisor
bug. Disable it for now. Given there's no option, need to edit
the configuration on the fly.
2024-06-17 17:40:48 +01:00
Luca Boccassi
7f105dc1bd
mkosi: update to latest
2024-06-10 14:17:15 +01:00
Daan De Meyer
60f1e44ffe
mkosi: Stop using tools tree
...
Noble has all the tooling we need so let's stop using a tools tree
and just install the dependencies we need on the host system.
2024-06-08 12:33:32 +02:00
Daan De Meyer
d5474f78b8
ci: Switch to Ubuntu 24.04
2024-06-08 12:33:32 +02:00
Daan De Meyer
f42cb19931
mkosi: Update to latest
2024-06-08 12:33:28 +02:00
Daan De Meyer
20be62e4b9
mkosi: Update to latest
2024-06-06 16:43:58 +02:00
Daan De Meyer
d56cf40dd7
mkosi: Build Arch Linux image with -D_FORTIFY_SOURCE=3
...
_FORTIFY_SOURCE requires optimizations to be enabled so we set -O2
as well.
2024-06-04 12:27:29 +02:00
Daan De Meyer
cbbffa8355
mkosi: Drop $OPTIMIZATION variable
...
Let's instead just use $CFLAGS to override the optimization level.
2024-06-04 12:20:19 +02:00
Daan De Meyer
954019d211
Merge pull request #33146 from DaanDeMeyer/clang
...
mkosi: Add support for building with LLVM
2024-06-03 15:43:31 +02:00
Daan De Meyer
9ee96e7382
mkosi: Build Fedora Rawhide sanitizers job with LLVM
...
More coverage and clang tends to be better at sanitizers than gcc.
2024-06-03 13:47:37 +02:00
Daan De Meyer
aacf9527d6
mkosi: Build with --werror in CI
2024-06-03 13:47:37 +02:00
dependabot[bot]
988b837df8
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.1.2 to 5.3.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](52bab0caa5...60c9f2b924
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:07:26 +02:00
dependabot[bot]
de5772c21d
build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:06:57 +02:00
dependabot[bot]
91c7d68d30
build(deps): bump softprops/action-gh-release from 2.0.4 to 2.0.5
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](9d7c94cfd0...69320dbe05
)
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:06:03 +02:00
dependabot[bot]
89b49c16ef
build(deps): bump actions/checkout from 4.1.2 to 4.1.6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...a5ac7e51b4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:04:50 +02:00
Daan De Meyer
ebec3c88c3
ci: Build Fedora rawhide with sanitizers in mkosi
...
Let's make sure one build has sanitizers enabled for extra coverage.
2024-05-31 17:26:13 +02:00
Daan De Meyer
8919f86f57
mkosi: Sanitizer improvements
...
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
2024-05-31 17:26:13 +02:00
Luca Boccassi
87d6cedfdb
Merge pull request #33123 from DaanDeMeyer/fix
...
Two mkosi fixes
2024-05-31 11:38:43 +02:00
Daan De Meyer
3a8e9b4a0e
mkosi: Unify device timeout for CI and local runs
...
Now that we use KVM and don't use repart anymore to create a root
partition on first boot, let's see if we can use the same device timeout
for both local and CI runs.
2024-05-31 10:25:08 +02:00
Daan De Meyer
e2219740f3
mkosi: Drop two unnecessary settings in CI config
...
We don't build erofs images anymore and the firmware to use is set
per test so no need to configure it the CI config.
2024-05-31 10:23:58 +02:00
dependabot[bot]
d4d59423b5
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](9e55064634...d498805e5c
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:44 +02:00
dependabot[bot]
f47f849fad
build(deps): bump redhat-plumbers-in-action/devel-freezer
...
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases )
- [Commits](396c94ba8c...ad766eafd5
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/devel-freezer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:10 +02:00
dependabot[bot]
4c8858dda6
build(deps): bump meson from 1.4.0 to 1.4.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.4.0...1.4.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:16:56 +02:00
Daan De Meyer
074ac66e88
Revert "mkosi: Sanitizer improvements"
...
This reverts commit aef13ad029
.
2024-05-30 14:50:21 +02:00
Daan De Meyer
d54d6197d5
Revert "ci: Build with sanitizers in mkosi"
...
This reverts commit 639403f9a8
.
2024-05-30 14:50:10 +02:00
Daan De Meyer
381918edc9
Merge pull request #32866 from DaanDeMeyer/sanitizers
...
mkosi: Sanitizers
2024-05-30 14:49:13 +02:00
Daan De Meyer
465d302d48
mkosi: Preserve environment when running integration tests with sudo
...
Otherwise we won't detect we're running in Github Actions and will
show the wrong command to fetch the journal.
2024-05-30 13:50:27 +02:00
Daan De Meyer
639403f9a8
ci: Build with sanitizers in mkosi
2024-05-30 12:47:45 +02:00
Daan De Meyer
aef13ad029
mkosi: Sanitizer improvements
...
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
2024-05-30 12:47:45 +02:00
Daan De Meyer
d12fedd25e
mkosi: Run integration tests as root
...
This allows running integration tests that support it in nspawn
instead of qemu. This both gives extra coverage and speeds things up.
2024-05-29 14:10:50 +02:00
Daan De Meyer
09466b2a0e
mkosi: update to latest
2024-05-29 14:10:47 +02:00
Luca Boccassi
0dde8adcf5
Revert "CI: add manual workflow to publish pages to fix submodule issue"
...
Nope, it's broken, never mind
This reverts commit b0f9c3c648
.
2024-05-16 15:31:52 +01:00
Luca Boccassi
b0f9c3c648
CI: add manual workflow to publish pages to fix submodule issue
...
Cloning the fedora/centos submodules fails because --depth 1 is used. Fork the actions workflow and use fetch-depth: 0 to disable it.
2024-05-16 16:27:40 +02:00
Zbigniew Jędrzejewski-Szmek
f222ef107d
mkosi: Restore job for F40
...
This partially reverts ecf8468dd4
.
dist-git was made compatible again with F40.
2024-05-14 21:23:46 +02:00
Daan De Meyer
ecf8468dd4
mkosi: Update fedora to latest
...
We drop the Fedora 40 job as the latest rawhide spec introduced
dependencies that are not available in Fedora 40.
2024-05-14 20:44:39 +02:00
Daan De Meyer
23d79a84a4
mkosi: Update to latest
2024-05-14 12:43:28 +02:00
Daan De Meyer
5dd3657f86
ci: Optimize pull request labeler
...
We keep running into rate limits, so let's optimize the number of
requests we do in the pull request labeler to hopefully fix that.
2024-05-07 17:49:54 +02:00
Daan De Meyer
b1670c52ad
mkosi: Switch to fedora 40
...
Enable updates-testing and use the most recent mirror to make sure
we get util-linux 2.40.1 which contains a crucial fix to make sure
the serial terminal in virtual machines works properly.
2024-05-07 11:51:29 +02:00
Daan De Meyer
7681a8ee58
ci: Disable RuntimeBuildSources=
...
We build with debuginfo, so there's no point to starting virtiofsd
to mount the sources and build directory into the VM, so let's
disable that.
2024-05-06 22:23:37 +02:00
Daan De Meyer
eabf46ef89
ci: Reduce the number of integration tests we run concurrently
...
Since there's a bunch of CPU hungry systemd-journal-remote processes
running on the host to received the forwarded logs, by running as many
test as the VM has cores we overload the available resources. Let's leave
use the number of cores - 1 to reduce resource contention.
2024-05-06 11:57:09 +02:00
Daan De Meyer
ffda3c3de9
mkosi: Disable ext4's orphan_file feature for centos images
...
Not supported by e2fsck from centos. We also disable building repart
from source in CI as running it from the build directory means repart
will run mkfs.ext4 from the host which doesn't know about the orphan_file
feature causing it to fail.
2024-05-06 10:56:45 +02:00
Daan De Meyer
81af7ac925
mkosi: Enable udev debug logging in CI
...
It's very useful to debug race conditions with loop devices, so let's
enable the logging now that it goes to the journal and not to the
console.
2024-05-06 10:56:45 +02:00
Daan De Meyer
1c329956e5
mkosi: Insist on KVM, VSOCK and TPM by default
...
By default mkosi will not run VMs with these features if they're not
available, but since various stuff in systemd makes use of these, let's
fail loudly if any of these are not available by default in systemd.
Users can still override these defaults locally if they wish.
2024-05-06 10:56:45 +02:00
Daan De Meyer
86e249f326
mkosi: Update to latest
2024-05-06 10:56:45 +02:00
Frantisek Sumsal
57188d1467
Merge pull request #32609 from systemd/dependabot/github_actions/github/super-linter-6
...
build(deps): bump github/super-linter from 5.0.0 to 6
2024-05-02 10:16:40 +02:00
Frantisek Sumsal
109780a35e
ci: point Super-Linter to the new upstream
...
Looks like since [0] the Super-Linter repo was moved to
super-linter/super-linter and github/super-linter is just a fork, so
let's update the reference accordingly.
[0] 59fac7946c
2024-05-02 09:53:43 +02:00
Frantisek Sumsal
b160ac9c12
ci: explicitly disable multi status for Super-Linter
...
The multi status feature requires $GITHUB_TOKEN, and since [0] it
defaults to true. Since we don't need it, let's explicitly disable the
feature.
[0] e6e6e1fa5f
2024-05-02 09:46:44 +02:00