Daan De Meyer
c9853672a0
mkosi: Update to latest
...
Let's make sure we're testing unprivileged builds properly. Usage
of SourceFileTransfer= and SourceFileTransferFinal= are removed as
they were dropped by mkosi. SourceFileTransfer=mount is now the
default in mkosi so behavior for the build script is unchanged. We
stop copying sources in the final image until mkosi adds support
for virtiofs.
2023-02-10 18:16:54 +09:00
Jan Macku
9779079b53
ci: Add names to steps in labeler workflow
...
This makes it easier to see what step failed/was skipped in the GitHub
Actions UI. It also makes future debugging easier.
2023-02-08 22:37:10 +09:00
Jan Macku
de95bb2a98
ci: remove if: github.event.issue.pull_request from labeler.yml
...
`github.event.issue.pull_request` is an object, not a boolean.
This is the root cause of why the step that is supposed to remove labels
is always skipped. Having this condition in place is not necessary since
the workflow is run on the `pull_request_target` event.
2023-02-07 16:00:49 +01:00
Jan Macku
d709b92ef1
ci: fix missing quotes in labeler.yml
2023-02-07 15:39:37 +01:00
Zbigniew Jędrzejewski-Szmek
7a17e41dcf
test: drop whitespace after shell redirection operators
...
(The one case that is left unchanged is '< <(subcommand)'.)
This way, the style with no gap was already dominant. This way, the reader
immediately knows that ' < ' is a comparison operator and ' << ' is a shift.
In a few cases, replace custom EOF replacement by just EOF. There is no point
in using someting like "_EOL" unless "EOF" appears in the text.
2023-02-06 09:19:04 +01:00
Jan Macku
4dab1eb952
ci: Fix Development Freeze Automation
...
Due to the limitation of `GITHUB_TOKEN` when running workflows from forks,
it's required to split the `development_freeze` workflow in two.
* First workflow will run on the `pull_request` trigger and save the PR
number in the artifact. This workflow is running with read-only permissions
on `GITHUB_TOKEN`.
* Second workflow will get triggered on `workflow_run`. It will be run
directly in the `systemd/systemd` context and can get permission to be
able to create comments on PR.
GITHUB_TOKEN limitations:
* https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
GitHub Security Labs Article - How to correctly and safely overcome GITHUB_TOKEN limitations:
* https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
2023-02-03 14:03:39 +00:00
Jan Janssen
2de6cc18f9
ci: Test with secure boot enabled under mkosi
...
This gives us some nice test coverage for secure boot enrolling and the
stub secure boot workound. The authenticated EFI variables are already
created by mkosi, all we need to do is request secure boot to be used.
2023-02-01 17:16:03 +01:00
dependabot[bot]
15796f28ea
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from f36983f552a197faf9e36361cc68a297e68bee73 to 500f93a36cc3d5bf1d06848a0a8870bf1424625f.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](f36983f552...500f93a36c
2023-02-01 09:48:30 +00:00
dependabot[bot]
b8565f93e9
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d556feaca3...98814c53be
2023-02-01 09:15:44 +00:00
dependabot[bot]
b0126d1e8e
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.1 to 2.0.4.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](88209aef58...25a1e41826
2023-02-01 09:14:38 +00:00
Daan De Meyer
3d4fa9aaa0
mkosi: Disable auditd when running with nspawn in CI
...
auditd fails to start in CentOS Stream 9 causing CI failures so let's
disable it when running with nspawn in CI.
2023-01-29 17:34:21 +01:00
Daan De Meyer
868c318ba3
mkosi: Add back CentOS Stream 8 to CI
...
It's still useful to test the EFI handover logic in systemd-boot.
We use a mkosi.prepare script to install a newer python and update
the system to use it.
2023-01-29 17:05:23 +01:00
Daan De Meyer
c8943ce884
mkosi: Update and enable ukify in mkosi builds
...
We also add the necessary deps for ukify to the mkosi configs.
CentOS Stream 8 is dropped from CI because its python version is too
old (3.6) to be able to run ukify.
2023-01-27 15:05:04 +01:00
Daan De Meyer
9d2e4ceee5
ci: Update mkosi action to latest commit
...
Let's make sure we're testing with the latest changes in mkosi. This
includes both the switch to systemd-repart and ukify, making sure we
get extra testing coverage for those components.
This also drops options from the centos config that have been removed
in the newer mkosi.
For some reason idmapping runs into some issues so we disable it for
now.
2023-01-15 20:44:53 +01:00
Daan De Meyer
da2a4f6a2e
ci: Fix PR labeling
...
Make sure we only add labels to open pull request and remove labels
from closed pull requests.
2023-01-12 11:42:16 +01:00
Zbigniew Jędrzejewski-Szmek
8112c91e48
github: use 'meson setup'
...
Meson started warning when 'setup' is not used:
WARNING: Running the setup command as `meson [options]` instead of `meson setup [options]` is ambiguous and deprecated.
Also add more quoting in output to make the message clearer.
2023-01-11 16:46:24 +01:00
Daan De Meyer
81315baa68
ci: Remove a bunch of labels when a PR is merged
2023-01-10 14:52:53 +01:00
dependabot[bot]
9826037476
build(deps): bump stefanbuck/github-issue-parser from 2.0.4 to 3.0.1
...
Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser ) from 2.0.4 to 3.0.1.
- [Release notes](https://github.com/stefanbuck/github-issue-parser/releases )
- [Commits](f80b14f788...c1a559d78b
2023-01-06 19:18:30 +00:00
dependabot[bot]
4371496fa9
build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...e38b1902ae
2023-01-06 18:49:21 +00:00
dependabot[bot]
df242320e5
build(deps): bump github/super-linter from 4.9.6 to 4.9.7
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.6 to 4.9.7.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](01d3218744...bb2d833b08
2023-01-06 18:48:30 +00:00
dependabot[bot]
5afe9a300a
build(deps): bump actions/checkout from 3.0.2 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...755da8c3cf115ac066823e79a1e1788f8940201b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:52 +00:00
dependabot[bot]
c129b184c9
build(deps): bump meson from 0.64.1 to 1.0.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.64.1 to 1.0.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.64.1...1.0.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:20 +00:00
Frantisek Sumsal
a32831ae1d
mkosi: work around a file conflict between systemd and systemd-boot
2022-12-15 16:04:28 +01:00
Daan De Meyer
52c602d4c6
ci: Labeler improvements
...
- Mention "/please-review" in the contributing guide
- Remove "needs-rebase" on push
- Don't add "please-review" if a green label is set
- Don't add please-review label to draft PRs
- Add please-review when a PR moves out of draft
2022-12-09 15:37:43 +01:00
Daan De Meyer
8fc78e6845
ci: Add/Drop labels on pull request activity and comment
...
When a pull request is opened/updated, add "please-review" and
remove a few other labels.
When a comment is made with /please-review on a PR. Add the
"please-review" label to the PR.
2022-12-09 04:50:13 +09:00
Lennart Poettering
a579990277
Merge pull request #25180 from keszybz/ukify
...
ukify: add helper to create UKIs
2022-12-08 15:11:18 +01:00
Zbigniew Jędrzejewski-Szmek
1f6da5d902
ci: install pefile
2022-12-07 15:53:47 +01:00
dependabot[bot]
054f47defc
build(deps): bump ninja from 1.10.2.4 to 1.11.1 in /.github/workflows
...
Bumps [ninja](https://github.com/ninja-build/ninja ) from 1.10.2.4 to 1.11.1.
- [Release notes](https://github.com/ninja-build/ninja/releases )
- [Commits](https://github.com/ninja-build/ninja/commits/v1.11.1 )
---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 11:59:45 +00:00
dependabot[bot]
80dd9e2de7
build(deps): bump meson from 0.63.3 to 0.64.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.63.3 to 0.64.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.3...0.64.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:28:47 +00:00
dependabot[bot]
58a1485fa9
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 3.1.1 to 3.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md )
- [Commits](1b1b75e42f...f3cd08fcf1
2022-12-01 10:03:09 +00:00
dependabot[bot]
690e7bfe8f
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...83fd05a356d7e2593de66fc9913b3002723633cb )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:02:00 +00:00
dependabot[bot]
073747028b
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](fe9c43b7d7...88209aef58
2022-12-01 10:01:10 +00:00
Luca Boccassi
c1fb3319ce
GA: do not run codeql on systemd-security
...
Scanning is not available on private repositories
2022-11-30 10:59:03 +00:00
Luca Boccassi
77e6166679
GA: run development_freeze only on main repository
...
No point in running this checker on other forks
2022-11-30 10:59:03 +00:00
Zbigniew Jędrzejewski-Szmek
e642816b65
ci: use mkosi executable directly
2022-11-14 11:59:30 +01:00
Zbigniew Jędrzejewski-Szmek
976ceafe1b
ci: skip running on docs-only changes
...
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-including-and-excluding-paths
> If you define a path with the ! character, you must also define at least one
> path without the ! character. If you only want to exclude paths, use
> paths-ignore instead.
>
> The order that you define patterns matters:
> A matching negative pattern (prefixed with !) after a positive match will
> exclude the path.
> A matching positive pattern after a negative match will include the path
> again.
Even if some of the exluded paths *could* impact the build, generally it's a
waste of time to do mkosi builds on them. Let's skip to releave the builders a
bit.
2022-11-11 11:27:35 +01:00
Jan Macku
b6a23ad642
ci(dev-freeze): Use GitHub Action for PR comments
...
GitHub Action `devel-freezer` helps with development freeze notifications
during the RC phase. It will create comments using predefined messages on
newly created and updated PRs when the RC tag has been released.
Also, it will update comments once a new major version has been released.
Documentation available at: https://github.com/redhat-plumbers-in-action/devel-freezer
2022-11-05 14:10:01 +01:00
Samuel Thibault
ede5a78f50
shutdown: Add Xen kexec support
...
In the Xen case, it's the hypervisor which manages kexec. We thus
have to ask it whether a kernel is loaded, instead of relying on
/sys/kernel/kexec_loaded.
2022-11-02 20:47:41 +01:00
dependabot[bot]
cd00185881
build(deps): bump github/codeql-action from 2.1.17 to 2.1.29
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.17 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v2.1.17...ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 11:20:30 +00:00
dependabot[bot]
65444c9cba
build(deps): bump meson from 0.63.2 to 0.63.3 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.63.2 to 0.63.3.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.2...0.63.3 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-01 11:19:52 +00:00
dependabot[bot]
a61119e299
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from 792cbc60eb2dc4a58d66bb3c212bf92f8d50f6ea to 14. This release includes the previously tagged commit.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](792cbc60eb...c9772ec920
2022-11-01 10:26:17 +00:00
dependabot[bot]
ed770fc10a
build(deps): bump ossf/scorecard-action from 2.0.4 to 2.0.6
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e363bfca00...99c53751e0
2022-11-01 10:25:31 +00:00
Luca Boccassi
035dc08bea
gh actions: run a unit test iteration without machine-id
2022-10-25 16:00:26 +01:00
Frantisek Sumsal
b3ea9cf13b
ci: run the Scorecards action in PRs only on config update
...
Also, unify the string quotation a bit and drop one unnecessary
expression syntax (as everything in `if` statements is automatically
evaluated as an expression).
2022-10-20 17:10:50 +02:00
Frantisek Sumsal
3e35a3302c
ci: add a missing SPDX line
2022-10-20 17:03:37 +02:00
Joyce
b7a279f9ef
ci: Enable Scorecard Github Action and Badge ( #25054 )
...
* chore: enable scorecard action
* chore: add badge to the README file
* chore: enable on config file update
* chore: update scorecard to 2.0.4
* chore: run scorecard on PR at main branch
* chore: add condition to publish_result key
* chore: skip upload to code scanning if PR
* chore: only runs scorecard in the main repo
Resolves : #25042
2022-10-19 09:05:39 +00:00
Daan De Meyer
0aa1d40649
mkosi: Switch to Fedora 37
...
Official release date is close so let's switch mkosi CI to it already.
2022-10-17 16:02:16 +02:00
Daan De Meyer
71205f972b
mkosi: Add Centos Stream 8 back to CI
...
We can build all of systemd's features again on CentOS Stream 8, so
let's add it back to CI.
2022-10-17 08:45:57 +02:00
Luca Boccassi
dcf1bf3b6d
mkosi: update to latest commit
...
Require dto fix Debian testing/unstable builds, as the initrd is
versioned
2022-10-10 13:19:41 +02:00
dependabot[bot]
8ef866ace4
build(deps): bump ninja from 1.10.2.3 to 1.10.2.4 in /.github/workflows
...
Bumps [ninja](https://github.com/ninja-build/ninja ) from 1.10.2.3 to 1.10.2.4.
- [Release notes](https://github.com/ninja-build/ninja/releases )
- [Commits](https://github.com/ninja-build/ninja/commits )
---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 14:36:48 +02:00
Frantisek Sumsal
f00fe51b9c
ci: pin stefanbuck/github-issue-parser to a tagged release
...
Since [0] got resolved ([1]) we can finally pin the action to a tagged
release (v2.0.4 ATTOW) and let Dependabot to do its job by updating it
to the latest tagged release when it becomes available.
Replaces: #24886
[0] https://github.com/stefanbuck/github-issue-parser/issues/23
[1] https://github.com/stefanbuck/github-issue-parser/pull/39
2022-10-01 14:35:41 +02:00
dependabot[bot]
e316ab5747
build(deps): bump actions/labeler from 4.0.0 to 4.0.1
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](9fd24f1f9d...e54e5b338f
2022-10-01 13:04:34 +02:00
dependabot[bot]
254c049ccb
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 3.0.1 to 3.1.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md )
- [Commits](a14889568f...1b1b75e42f
2022-10-01 13:04:15 +02:00
dependabot[bot]
5d4ba4e534
build(deps): bump meson from 0.63.1 to 0.63.2 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.63.1 to 0.63.2.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.1...0.63.2 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 13:00:45 +02:00
Frantisek Sumsal
d97733908b
ci: rename codeql-analysis.yml to codeql.yml
...
Just to be consistent with other repos under the systemd umbrella.
2022-09-14 19:13:49 +02:00
Frantisek Sumsal
736a1df747
ci: limit scope for the CodeQL scan
...
Don't run the workflow unnecessarily for non-{cpp,python} related changes.
2022-09-13 21:32:15 +02:00
Frantisek Sumsal
27d6281158
ci: run CodeQL on push to main/stable branches as well
...
Since we need results for the base branches as well in order to have
something to compare against.
Follow-up to cbe25d0dcc
2022-09-13 21:18:44 +02:00
Frantisek Sumsal
cbe25d0dcc
ci: run CodeQL on every PR
...
Since LGTM is no longer enabled for the systemd repo (as it's going to
be discontinued by the EOY), let's run CodeQL on every PR instead to
replace it.
2022-09-14 03:55:16 +09:00
Jan Macku
a4965366ec
ci(issue-labeler): Update to advanced-issue-labeler@v2
...
The new version of `advanced-issue-labeler` GitHub Action introduces new
structure of policy that requires adjustments to systemd issue labeling
policy.
Changes introduced in v2.0.0 - https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases/tag/v2.0.0
2022-09-07 10:43:48 +02:00
Luca Boccassi
31ed4b9147
mkosi: update to latest commit
...
Required to fix Debian testing/unstable builds, as resolved is
now in its own package
2022-09-02 19:46:54 +01:00
Yu Watanabe
0a3e413516
github: update differential shellcheck to v3.0.1
...
v3 supports external sources. Yey!
2022-09-01 17:27:09 +00:00
dependabot[bot]
c19053e657
build(deps): bump meson from 0.63.0 to 0.63.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.63.0 to 0.63.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.0...0.63.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 10:31:30 +00:00
dependabot[bot]
d1cc2654fd
build(deps): bump github/super-linter from 4.9.5 to 4.9.6
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.5 to 4.9.6.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](2d64ac1c06...01d3218744
2022-09-01 09:21:53 +00:00
dependabot[bot]
42907767bd
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](b89eb39b97...d12b782ff9
2022-09-01 09:08:19 +00:00
Luca Boccassi
df16869660
shellcheck/labeler: disable on systemd-security
2022-09-01 00:53:46 +09:00
Luca Boccassi
255963ec3a
mkosi: disable isc-dhcp-server again
...
It's still failing in Ubuntu:
● isc-dhcp-server.service loaded failed failed ISC DHCP IPv4 server
● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server
Just disable them via the kernel command line masking.
2022-08-25 23:02:29 +01:00
Luca Boccassi
5e98346220
Merge pull request #24254 from medhefgo/mold
...
ci: Add mold to build tests
2022-08-23 19:33:47 +01:00
Daan De Meyer
37d35150cb
mkosi: Ensure we build all features/components in mkosi
...
Explicitly enable all features/components in the mkosi build to
ensure they all get built and we get an error if they can't be built.
We also rework the packages sections of all mkosi configs to reduce
duplication and cover all the dependencies necessary to build/use all
systemd features.
Note that for the final image, since systemd is installed by default
in base images, we rely on that to install the base library dependencies
and we only list extra optional dependencies and tools that aren't already
installed by default into the base image.
We also drop the centos stream 8 mkosi build as dependencies on that
distro are too out-of-date to be able to build all systemd features.
Since centos stream 9 has been out for a while, let's focus on that
and leave it to downstream to keep systemd building on centos stream 8.
Finally, there's a few additions to the mkosi scripts to make sure
services don't start by default on boot.
2022-08-23 15:19:26 +02:00
Zbigniew Jędrzejewski-Szmek
00616643de
Merge pull request #24352 from DaanDeMeyer/mkosi-opensuse
...
mkosi: Update to latest commit
2022-08-23 11:05:02 +02:00
Jan Janssen
4fb6506deb
meson: Downgrade efi-ld warning
...
The warning isn't that serious and mostly there to inform the user that
lld/mold cannot build efi binaries. It is also better to build test with
fatal meson warnings.
2022-08-23 10:26:02 +02:00
Jan Janssen
ed862b95b2
ci: Add mold to build tests
2022-08-23 10:25:30 +02:00
Jan Macku
3d59b0470a
ci: Drop actions/setup-node - unused
...
In `issue_labeler.yml` is no need for node.js runtime (`actions/setup-node`). It was accidentally added by `copy & paste` from another workflow.
2022-08-22 21:21:08 +09:00
Frantisek Sumsal
d7c1024b6b
ci: build with clang-15; drop clang-12
2022-08-20 20:12:03 +02:00
Daan De Meyer
0e961391c1
mkosi: Drop workarounds
...
None of these should be necessary anymore with recent versions of
mkosi.
2022-08-19 16:50:17 +02:00
Daan De Meyer
2dddae253b
mkosi: Update to latest commit
...
Fixes #1128
2022-08-19 16:49:57 +02:00
Jan Macku
3f3c718e79
ci(lint): add shell linter - Differential ShellCheck
...
It performs differential ShellCheck scans and report results directly in
pull request.
documentation:
https://github.com/redhat-plumbers-in-action/differential-shellcheck
2022-08-16 13:33:57 +00:00
Daan De Meyer
599884bd9a
mkosi: Update to latest commit
...
Introduces a more reliable mirror for Arch which should reduce the
number of mkosi Arch CI failures due to unreliable mirror selection.
2022-08-16 08:59:15 +09:00
Frantisek Sumsal
34a2f39b37
ci: lint the Coverity script
...
as we now use our own custom script for it.
2022-08-11 10:57:25 +02:00
Frantisek Sumsal
176086a2ec
ci: simplify the Coverity script a bit
...
Also, address https://github.com/systemd/systemd/pull/24252#issuecomment-1208747320
by using a pre-defined e-mail address stored in the GH Action secrets.
2022-08-11 10:57:25 +02:00
Frantisek Sumsal
578355684d
ci: set a timeout for each mkosi stage
...
Work around #24202 so we don't wait ~6 hours for a stuck QEMU job.
2022-08-05 12:12:13 +00:00
Daan De Meyer
a268e7f402
mkosi: Update to latest
...
Fixed centos stream 8 builds that were hitting a nonexisting mirror
url
2022-08-02 20:19:21 +01:00
Daan De Meyer
859614439a
mkosi: Update to latest commit
...
With this update, Arch Linux keyring updates will be automatically
pulled in instead of having to update to a new mkosi commit every
time the keyring gets outdated.
2022-08-02 12:58:31 +02:00
dependabot[bot]
bc4b9a7117
build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.62.2 to 0.63.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.62.2...0.63.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 14:06:32 +00:00
dependabot[bot]
c3ebbcf7cb
build(deps): bump github/codeql-action from 2.1.15 to 2.1.17
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.15 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3f62b754e2...0c670bbf04
2022-08-01 11:17:18 +00:00
dependabot[bot]
cc7f5ac478
build(deps): bump github/super-linter from 4.9.4 to 4.9.5
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.4 to 4.9.5.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](a320804d31...2d64ac1c06
2022-08-01 11:10:08 +00:00
dependabot[bot]
fdf38c0f1f
build(deps): bump actions/setup-node from 3.3.0 to 3.4.1
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](eeb10cff27...2fddd8803e
2022-08-01 10:06:54 +00:00
Daan De Meyer
a41940ed0e
mkosi: Update to latest commit
...
Fixes an issue with Arch builds failing by updating the archlinux
keyring package.
2022-07-26 21:13:40 +00:00
Daan De Meyer
2d62579570
mkosi: Build against Fedora rawhide as well
2022-07-26 23:42:45 +09:00
Frantisek Sumsal
d46e7c7cfd
ci: limit which env variables we pass through sudo
...
to work around #23987 .
2022-07-13 10:56:37 +00:00
Luca Boccassi
3a883d36eb
mkosi: update to latest main
...
Fix build failure on SUSE Tumbleweed due to config changes
2022-07-11 13:29:28 +01:00
Daan De Meyer
13f4f0fd81
mkosi: Update to latest release
...
This fixes the mkosi github action to unbreak the mkosi CI
2022-07-06 15:57:12 +02:00
dependabot[bot]
71562f5174
build(deps): bump meson from 0.62.0 to 0.62.2 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.62.0 to 0.62.2.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.62.0...0.62.2 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 14:36:52 +03:00
dependabot[bot]
573fb26ca2
build(deps): bump github/codeql-action from 2.1.6 to 2.1.15
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.6 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28eead2408...3f62b754e2
2022-07-01 14:34:01 +03:00
Daan De Meyer
c024a6ac96
mkosi: Pull in fix that solves action mirror issue
2022-06-24 16:00:18 +03:00
Evgeny Vereshchagin
f3bd663faf
ci: set top-level permissions as well
...
It should turn on the "restricted" mode by default regardless of
whether the global setting is on or not. New jobs in this action
should have to overwrite it explicitly to gain write access in any
way.
It should also make the action consistent with the other actions
writing various stuff like 'labeler' and 'codeql'.
2022-06-24 20:08:30 +09:00
Evgeny Vereshchagin
1a2620e8bd
ci: remove links to "codeless contribution" actions
...
They refer to actions with script injections running with full
access to repositories.
2022-06-23 20:43:57 +00:00
Jan Macku
6cacdb3985
github: Issue forms - fix GA SHA1 ref
...
Fix `SHA1` reference for github action `stefanbuck/github-issue-parser` to
point to correct commit.
Follow-up to: #23811
2022-06-23 17:58:25 +03:00
Jan Macku
632372bcbc
github: Issue forms templates follow-up
...
- Use `SHA1` for actions versioning
- Fix typo: `github-issue-praser` -> `github-issue-parser`
- Define exact permissions
Follow-up to: #23693
2022-06-23 17:22:47 +03:00
Jan Macku
6b16539879
github: Update issue templates to issue forms
...
Issue forms templates allow us to add automation in place.
This patch replaces old markdown issue templates with new issue forms.
It also adds workflow to automatically mark issues by component label
based on reported data.
This change could help with initial triaging of issues.
2022-06-23 09:47:42 +02:00
Daan De Meyer
f304d03884
mkosi: Update CI to mkosi 13
2022-06-22 01:30:39 +01:00
Evgeny Vereshchagin
4f62dc3e92
cifuzz: build fuzzers on i386 as well
...
It's a follow-up to https://github.com/systemd/systemd/pull/23550 .
2022-06-08 21:32:38 +00:00
Evgeny Vereshchagin
36cb69fc43
ci: build systemd with clang with -Dmode=release --optimization=2
...
This is what's most likely used to build systemd with clang in
practice so let's test it as well.
Preparation for reverting 0bd292567a
2022-06-05 16:26:54 +00:00
dependabot[bot]
2f9e3d5f50
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...3cea537223
2022-06-01 15:32:03 +03:00
dependabot[bot]
db361cdabd
build(deps): bump github/super-linter from 4.9.3 to 4.9.4
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](431ee7836e...a320804d31
2022-06-01 11:09:45 +00:00
Frantisek Sumsal
9e03f48d21
ci: reenable validation of GH Actions files
2022-05-25 04:49:05 +09:00
Frantisek Sumsal
40bc68cf21
Merge pull request #23475 from nabijaczleweli/certified-lint.1-moment
...
Actually run shellcheck on CI
2022-05-23 19:16:22 +00:00
Evgeny Vereshchagin
af72115412
ci: bump gcc in the "build test" workflow
...
gcc-12 has been released
2022-05-23 14:30:48 +00:00
наб
32c99bc86e
Don't ignore kernel-install for shellcheck
2022-05-23 12:52:52 +02:00
Frantisek Sumsal
6c0259e502
ci: temporarily disable validation of GH Action files
...
since the current version of super-linter doesn't recognize
ubuntu-22.04 as a valid runner specification. This should
be fixed once https://github.com/github/super-linter/pull/2897
is merged, which includes
09a60b0f57
2022-05-21 23:28:18 +02:00
Frantisek Sumsal
50b2b52004
ci: prefer the distro llvm version if available
2022-05-21 20:23:48 +02:00
Frantisek Sumsal
aa1bf7e61d
ci: bump GH Actions to Ubuntu Jammy where applicable
2022-05-21 20:23:48 +02:00
наб
b32217e8d0
Don't not lint kernel-install
2022-05-14 15:21:34 +02:00
Yu Watanabe
e2c99d3b5c
CI: use Fedora 36
2022-05-13 02:46:13 +09:00
dependabot[bot]
9c96c89bb3
build(deps): bump github/super-linter from 4.9.1 to 4.9.2
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.1 to 4.9.2.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](3792fe5373...ae4e373c56
2022-05-03 05:51:41 +03:00
dependabot[bot]
5f994fffb9
build(deps): bump actions/checkout from 3.0.0 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...2541b1294d
2022-05-03 05:50:11 +03:00
Evgeny Vereshchagin
2d14ec9b8a
ci: actually turn on fatal-meson-warnings in the "build" workflow
...
It's a follow-up to https://github.com/systemd/systemd/pull/23211
2022-04-29 13:58:27 +09:00
Evgeny Vereshchagin
67b9732f1b
ci: bring fatal-meson-warnings back
...
It's a follow-up to https://github.com/systemd/systemd/pull/23204
v2: replaced xargs with exec as suggested by Jan Janssen
2022-04-28 21:21:59 +03:00
Luca Boccassi
0a5e638cc7
meson: add install_tag to sd-boot, libsystemd and libudev
...
Allows to 'meson install --tags systemd-boot --no-rebuild' to install only the EFI
binaries, skipping the rest, for a very quick build:
$ ninja src/boot/efi/linuxx64.efi.stub
[21/21] Generating src/boot/efi/linuxx64.efi.stub with a custom command
$ ninja src/boot/efi/systemd-bootx64.efi
[10/10] Generating src/boot/efi/systemd-bootx64.efi with a custom command
$ DESTDIR=/tmp/foo meson install --tags systemd-boot --no-rebuild
Installing src/boot/efi/systemd-bootx64.efi to /tmp/foo/usr/lib/systemd/boot/efi
Requires Meson 0.60 to be used, prints a warning for unknown keyword
in earlier versions, but there's no failure
https://mesonbuild.com/Installing.html#installation-tags
2022-04-27 22:24:53 +01:00
Evgeny Vereshchagin
c84fc00b37
ci: unpin CFLite
...
The idea was to catch CFLite regressions but since the action itself
pulls the latest docker images it can't be pinned properly and issues
like https://github.com/google/clusterfuzzlite/issues/91 are going to
pop up anyway. Let's unpin it by analogy with CIFuzz and hope it doesn't
break very often.
2022-04-26 09:13:57 +00:00
Daan De Meyer
041456246c
mkosi: Update to latest commit
...
We recently added caching for the dependencies we build from source
in mkosi's github action which speeds up builds by +-10 minutes. Let's
update to the latest commit so we benefit from this in systemd's mkosi
CI as well.
2022-04-22 09:09:13 +09:00
Jan Janssen
7fc60c071f
ci: Add ia32 EFI multilib test
...
This makes sure that building ia32 EFI binaries on x86_64 works.
We force gnu-efi support to ensure it's not skipped by accident
and provide the lib32 dir manually, because clang does not support
'--print-multi-os-directory', which is used to auto-detect it.
2022-04-07 18:45:21 +02:00
dependabot[bot]
64c843d12d
build(deps): bump meson from 0.61.2 to 0.62.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.61.2 to 0.62.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.61.2...0.62.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 21:41:37 +00:00
dependabot[bot]
b6ab9d7ade
build(deps): bump actions/labeler from 3.1.0 to 4
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 3.1.0 to 4.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](3d612d72e6...9fd24f1f9d
2022-04-01 21:41:06 +00:00
dependabot[bot]
a2b107c86c
build(deps): bump actions/checkout from 2.4.0 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4
2022-04-01 21:40:52 +00:00
dependabot[bot]
a1a1e0b79f
build(deps): bump github/codeql-action from 1.1.3 to 2.1.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.3 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75f07e7ab2...28eead2408
2022-04-01 21:39:20 +00:00
dependabot[bot]
5f82d58bb0
build(deps): bump github/super-linter from 4.8.5 to 4.9.1
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.8.5 to 4.9.1.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](b8641364ca...3792fe5373
2022-04-01 21:37:14 +00:00
Frantisek Sumsal
5efefcdcff
ci: drop clang 11 & add clang 14
2022-03-30 21:11:57 +09:00
Frantisek Sumsal
3a2f1d19d4
ci: make the concurrency group identifier unique once again
...
Otherwise we end up randomly cancelling once of the two centos_epel
jobs.
Follow-up to da637c8fca
2022-03-07 19:42:14 +00:00
Daan De Meyer
da637c8fca
mkosi: Add CentOS Stream 9
...
The blocker causing Stream 9 builds to fail was fixed
(https://bugzilla.redhat.com/show_bug.cgi?id=2056276 ) so we can add
CentOS Stream 9 builds as well now.
2022-03-07 14:30:49 +00:00
Frantisek Sumsal
55c09511e1
test: check systemd RPM macros
...
Make sure our RPM macros work as intended. Based on the original PR
(#16464 ) by Mikhail Novosyolov.
Co-authored-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
2022-03-06 13:07:20 +09:00
dependabot[bot]
82e4b0305b
build(deps): bump meson from 0.60.3 to 0.61.2 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.60.3 to 0.61.2.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.60.3...0.61.2 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 11:57:21 +00:00
dependabot[bot]
fd4747d924
build(deps): bump github/codeql-action from 1.0.29 to 1.1.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.29 to 1.1.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](384cfc42b2...75f07e7ab2
2022-03-02 11:56:44 +00:00
dependabot[bot]
8b94bcbd04
build(deps): bump actions/labeler from 3.0.2 to 3.1.0
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](69da01b8e0...3d612d72e6
2022-03-02 11:56:24 +00:00
Daan De Meyer
24a0df5c3c
mkosi: Add centos_epel config
...
Now that mkosi has centos-stream 9 support, let's add a config in
the repo so that the mkosi CI tests that configuration as well.
Centos doesn't support btrfs so we use xfs instead. For some reason,
building --hostonly-initrd centos images breaks the qemu boot so I
disabled that option for centos.
We update the mkosi commit hash to 0dd39c20a4
2022-02-25 16:17:29 +00:00
Daan De Meyer
6b2ab8fc5c
mkosi: Remove Arch nspawn workaround
...
This has been fixed so the workaround can be removed.
2022-02-25 14:54:03 +00:00
Frantisek Sumsal
80ff956704
Merge pull request #22591 from evverx/no-deps
...
ci: build systemd without optional dependencies
2022-02-23 09:27:41 +00:00
Frantisek Sumsal
b491d74064
ci: fix clang-13 installation
...
For some reason Ubuntu Focal repositories now have `llvm-13` virtual
package which can't be installed, but successfully fools our check,
resulting in no clang/llvm being installed...
```
$ apt show llvm-13
Package: llvm-13
State: not a real package (virtual)
N: Can't select candidate version from package llvm-13 as it has no candidate
N: Can't select versions from package 'llvm-13' as it is purely virtual
N: No packages found
$ apt install --dry-run llvm-13
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package llvm-13 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'llvm-13' has no installation candidate
```
2022-02-22 17:57:25 +01:00
Evgeny Vereshchagin
ca57d11652
ci: build systemd without optional dependencies
...
to catch issues like https://github.com/systemd/systemd/pull/22585#issuecomment-1047640155
2022-02-22 15:46:15 +00:00
Luca Boccassi
21838f36a6
mkosi CI: mask isc-dhcp-server units
...
The packages are installed to provide the dhcpd binary, used by
test/test-network/systemd-networkd-tests.py, but we don't need the units
to run, and in fact in some cases the image fails to boot because of
them:
Spawning container image on /home/runner/work/systemd/systemd/image.raw.
Press ^] three times within 1s to kill container.
● isc-dhcp-server.service loaded failed failed ISC DHCP IPv4 server
● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server
Container image failed with error code 1.
Error: Process completed with exit code 1.
Mask the units with an --extra-tree.
2022-02-19 14:01:17 +00:00
Frantisek Sumsal
23a830e46e
ci: explicitly disable multi-status for Super-Linter
...
to, hopefully, get rid of the following error:
```
2022-02-13 13:32:12 [ERROR] Failed to get [GITHUB_TOKEN]!
2022-02-13 13:32:12 [ERROR] []
2022-02-13 13:32:12 [ERROR] Please set a [GITHUB_TOKEN] from the main workflow environment to take advantage of multiple status reports!
```
2022-02-13 14:59:08 +01:00
Frantisek Sumsal
f94b33803f
ci: use the 'slim' version of Super-Linter
...
The 'slim' version drops certain storage-heavy linters[0] which we don't
use anyway, so let's make the job a bit faster by downloading and using
a smaller image.
[0] https://github.com/github/super-linter#slim-image
2022-02-13 14:54:51 +01:00
Evgeny Vereshchagin
d6b99a4a48
ci: run all fuzz targets on CIFuzz
...
CIFuzz has been kind of broken for a couple months because
coverage reports downloaded from OSS-Fuzz contain absolute
paths while paths to files changed in PRs are relative and they
don't match. It makes it kind of hard for CIFuzz to figure out
what it should run so it runs either all fuzz targets or just new
fuzz targets. Until that issue is fixed let's just always predictably run
all fuzz targets.
2022-02-11 13:21:24 +00:00
Evgeny Vereshchagin
a5e6986ac0
ci: remove MULTI_STATUS from superlinter
...
Judging by
ERROR! Failed to call GitHub Status API!
it doesn't seem to work. Even if it did it would just clutter the status
checks I think so let's just remove MULTI_STATUS along with
GITHUB_TOKEN.
2022-02-09 13:04:06 +00:00
Evgeny Vereshchagin
10139b4e3c
ci: validate actions and fix actionlint warnings
...
some actions like Coverity and CFLite aren't run on every PR so to make
sure they are more or less fine when they are changed it makes sense to
at least check them with superlinter/actionlint: https://github.com/rhysd/actionlint
The following warnings were fixed along the way:
```
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2086:info:6:14: Double quote to prevent globbing and word splitting [shellcheck]
|
55 | run: |
| ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2046⚠️ 6:40: Quote this to prevent word splitting [shellcheck]
|
55 | run: |
| ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2006:style:6:40: Use $(...) notation instead of legacy backticked `...` [shellcheck]
|
55 | run: |
| ^~~~
```
```
.github/workflows/coverity.yml:31:9: shellcheck reported issue in this script: SC2086:info:1:93: Double quote to prevent globbing and word splitting [shellcheck]
|
31 | run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
| ^~~~
```
2022-02-09 17:32:41 +09:00
Evgeny Vereshchagin
d38363b96b
ci: no longer upload the latest builds on commits
...
The idea behind this action is to make it possible to compare the
latest fuzz targets with PRs to figure out whether bugs are really
reproducible in PRs only. Since forks (including systemd-stable) are
usually based on the upstream repository where almost all the bugs
are fixed before releases are cut it should be safe to assume that
if CFLite finds bugs in PRs they are most likely introduced in those
PRs.
It should probably be brought back once https://github.com/google/clusterfuzzlite/issues/84
is fixed.
2022-01-30 10:17:25 +00:00
Evgeny Vereshchagin
81f84a2c0b
ci: use CFLite to test forks (including systemd-stable)
...
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
2022-01-29 18:37:17 +00:00
dependabot[bot]
da9be066cb
build(deps): bump github/codeql-action from 1.0.27 to 1.0.29
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.27 to 1.0.29.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cd783c8a29...384cfc42b2
2022-01-24 11:18:48 +03:00
Evgeny Vereshchagin
881b152660
ci: point mkosi to commit where "testing" is fixed
...
https://github.com/systemd/mkosi/pull/886
2022-01-18 10:30:33 +00:00
Evgeny Vereshchagin
cd7b60a7ed
Merge pull request #22142 from evverx/libxkbcommon-dev
...
ci: get Coverity and CodeQL to analyze the "libxkbcommon" part
2022-01-18 00:15:56 +03:00
dependabot[bot]
a68b244399
build(deps): bump github/codeql-action from 1.0.26 to 1.0.27
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.26 to 1.0.27.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5f53256358...cd783c8a29
2022-01-17 09:12:55 +03:00
Evgeny Vereshchagin
992d7f341f
ci: trigger CodeQL on PRs when its dependencies change
2022-01-17 01:59:55 +00:00
Evgeny Vereshchagin
54ed8884d3
ci: get Coverity and CodeQL to analyze the "libxkbcommon" part
...
By analogy with https://github.com/systemd/systemd/pull/22138 , to get
the static analyzers to analyze that part of code that package should
be installed there as well.
2022-01-16 15:33:07 +00:00
Evgeny Vereshchagin
e8f93a60a2
ci: install libbpf-dev in the unit_tests workflow
...
Those dependencies are also used by Coverity and Codeql so
it should be installed there to get them to analyze that code.
Judging by https://github.com/systemd/systemd/pull/22137 it seems
to be working.
2022-01-16 13:13:34 +00:00
Evgeny Vereshchagin
9e360c6bf1
ci: switch to requirements.txt in the unit tests workflow
2022-01-14 10:29:23 +00:00
Evgeny Vereshchagin
007721e939
ci: turn meson warnings into errors
2022-01-14 01:53:37 +03:00
Evgeny Vereshchagin
4e1ab496ae
{build|unit}-test: show meson-log.txt when meson fails
...
to make it easier to figure out why it fails.
For example in https://github.com/systemd/systemd/runs/4799774735?check_suite_focus=true
it failed with
```
meson.build:1003:8: ERROR: Command "/usr/bin/clang -print-targets" failed with status 1.
A full log can be found at /home/runner/work/systemd/systemd/build/meson-logs/meson-log.txt
Error: Process completed with exit code 1.
```
and it wasn't clear what exactly happened there.
2022-01-13 20:27:25 +09:00
Luca Boccassi
c9b1efdf14
Merge pull request #21990 from keszybz/indentation-and-comments
...
Indentation and comments
2022-01-04 00:18:10 +00:00
Zbigniew Jędrzejewski-Szmek
b36c5e9587
various: fix three spelling issues found by fossies
2022-01-03 21:16:06 +01:00
Frantisek Sumsal
3fd864aea7
ci: bump mkosi to v12 with libsolv workaround
...
Replaces: https://github.com/systemd/systemd/pull/21574
Related:
* https://github.com/systemd/mkosi/issues/861
* https://github.com/systemd/mkosi/pull/878
2022-01-03 15:56:22 +03:00
Jan Janssen
bbbf1c3d32
ci: Test efi binaries for section table gaps
2022-01-02 20:05:58 +01:00
dependabot[bot]
b774de1883
build(deps): bump meson from 0.60.2 to 0.60.3 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.60.2 to 0.60.3.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.60.2...0.60.3 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-01 17:40:39 +03:00
dependabot[bot]
987202b2c1
build(deps): bump github/super-linter from 4.8.4 to 4.8.5
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.8.4 to 4.8.5.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](563be7dc55...b8641364ca
2021-12-27 12:33:34 +03:00
Evgeny Vereshchagin
bfa6bd1be0
ci: replace apt-key with signed-by
...
to limit the scope of the key to apt.llvm.org only.
This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/
2021-12-26 15:38:42 +00:00
Frantisek Sumsal
298cff6171
ci: test build with supported cryptolibs to some degree
...
Let's assign a specific -Dcryptolib= value to each job to have at least
some coverage for all supported cryptolibs without unnecessarily
multiplying the test matrix.
Should provide coverage for #21880 .
2021-12-24 16:24:16 +01:00
Frantisek Sumsal
7b55f29797
ci: drop build test with -O2, since it's covered by -O3 tests
2021-12-24 16:24:16 +01:00
dependabot[bot]
219c1dc780
build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](da838ae959...82c141cc51
2021-12-20 13:14:23 +03:00
dependabot[bot]
fdae4504c7
build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.2.4 to 2.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](27121b0bdf...da838ae959
2021-12-13 14:45:19 +03:00
Luca Boccassi
a0630d46a5
Merge pull request #21749 from nabijaczleweli/bashpsko
...
Shebang bash via env
2021-12-13 11:11:39 +00:00
dependabot[bot]
1805759ea0
build(deps): bump github/codeql-action from 1.0.25 to 1.0.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.25 to 1.0.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](546b30f35a...5f53256358
2021-12-13 13:18:55 +03:00
наб
f1e6f93372
Change all fixed-path bash shebangs to /u/b/env bash outside test/
2021-12-12 21:13:50 +01:00
Jan Janssen
aa22e69856
ci: Build test with different linkers
2021-12-11 11:03:29 +01:00
Frantisek Sumsal
f7e3951d41
ci: run mkosi in a wrapper
...
So we can mitigate (to some degree) the reoccurring "dissect timeout"
issue:
```
Run sudo python3 -m mkosi boot systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console
Failed to dissect image '/home/runner/work/systemd/systemd/image.raw': Connection timed out
Error: Process completed with exit code 1.
```
2021-12-10 10:25:45 +01:00
Frantisek Sumsal
24acd4064e
ci: check for failed services after boot
...
This should, hopefully, catch issues like systemd/systemd#21671
automagically.
2021-12-10 10:25:43 +01:00
Frantisek Sumsal
a6319961c9
ci: run the CodeQL action also when its configuration changes
...
Just to make sure we didn't break anything.
2021-12-07 14:45:06 +01:00
Frantisek Sumsal
64f625a212
ci: sync the list of CodeQL queries with LGTM
2021-12-07 14:45:04 +01:00
Evgeny Vereshchagin
4997d1b965
ci: pin python dependencies and let Dependabot keep track of them
2021-12-07 09:08:26 +00:00
dependabot[bot]
7285145dfc
build(deps): bump github/codeql-action from 1.0.24 to 1.0.25
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.24 to 1.0.25.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e095058bfa...546b30f35a
2021-12-07 02:20:53 +03:00
Frantisek Sumsal
ab9e3bfef6
ci: consider cryptolib in the group identifier
...
otherwise we end up with more than one job with the same identifier in
one run, causing some of them to get cancelled unexpectedly.
A quick follow-up to 85bd394df5
2021-12-03 20:25:06 +00:00
Frantisek Sumsal
9371d44afe
ci: install libbpf
2021-12-03 16:30:56 +01:00
Zbigniew Jędrzejewski-Szmek
85bd394df5
ci: expand the test framework to cover openssl
2021-12-02 11:31:20 +01:00
dependabot[bot]
68181cf8a7
build(deps): bump github/codeql-action from 1.0.23 to 1.0.24
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.23 to 1.0.24.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a627e9fa50...e095058bfa
2021-11-25 05:13:11 +03:00
dependabot[bot]
d59d6cc154
build(deps): bump github/codeql-action from 1.0.22 to 1.0.23
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.0.22 to 1.0.23.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5581e08a65...a627e9fa50
2021-11-18 01:17:19 +03:00
dependabot[bot]
eb37ed701b
build(deps): bump github/super-linter from 4.8.3 to 4.8.4
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.8.3 to 4.8.4.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](7d5dc989c5...563be7dc55
2021-11-17 10:59:41 +00:00
Evgeny Vereshchagin
7e7e31521a
ci: run codeql on PRs from Dependabot
...
To make sure PRs like https://github.com/systemd/systemd/pull/21409
don't break anything.
2021-11-17 10:14:33 +00:00
Evgeny Vereshchagin
e6ace91eb7
ci: pin mkosi to SHAs as well
2021-11-15 20:52:51 +00:00
dependabot[bot]
f356ad7cf8
build(deps): bump github/super-linter from 4.8.1 to 4.8.3
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.8.1 to 4.8.3.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](fd9c4286d3...7d5dc989c5
2021-11-15 18:20:56 +00:00
Evgeny Vereshchagin
510afa460a
ci: tighten codeql and labeler even more
...
by moving the read permissions to the top level and
granting additional permissions to the specific jobs.
It should help to prevent new jobs that could be added
there eventually from having write access to resources they
most likely would never need.
2021-11-14 10:51:07 +00:00
Evgeny Vereshchagin
b3a1fb795a
ci: LGPLv2+ify dependapot config and codeql action
2021-11-14 09:48:22 +00:00
Evgeny Vereshchagin
e44a47d186
ci: pin the codeql action to SHAs
...
It's a follow-up to https://github.com/systemd/systemd/pull/21316 .
Judging by https://github.com/evverx/systemd/pull/36 , Dependabot
supports their release cycle
2021-11-14 10:42:04 +00:00
Evgeny Vereshchagin
e7a966915d
ci: mimic the "restricted" mode
...
Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
it should be enough to grant the "read contents" permission to
most of our actions. The "read metadata" permission is set impliciclty
somewhere and can't be set via the "permissions" setting:
```
The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata'
```
2021-11-14 10:41:06 +00:00
Evgeny Vereshchagin
311956ccd9
ci: tighten several GHActions a bit more
...
with https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions
2021-11-13 22:17:21 +03:00
dependabot[bot]
5ae4964028
build(deps): bump actions/checkout from 2 to 2.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 2.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...ec3a7ce113134d7a93b817d10a8272cb61118579 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-13 16:45:32 +03:00
Frantisek Sumsal
66a41360b4
Merge pull request #21342 from evverx/dependabot-error
...
ci: try to fix a Dependabot error
2021-11-13 09:35:51 +00:00
Frantisek Sumsal
c76a838589
ci: run the unit_tests and mkosi jobs on stable branches as well
...
To provide more coverage for the systemd-stable repo.
See: https://github.com/systemd/systemd-stable/issues/24
2021-11-13 09:09:54 +09:00
Evgeny Vereshchagin
4e296232e4
try to fix a Dependabot error
...
```
updater | ERROR <job_232492775> Error processing actions/checkout (RuntimeError)
updater | ERROR <job_232492775> No files changed!
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-github_actions-0.166.0/lib/dependabot/github_actions/file_updater.rb:28:in `updated_dependency_files'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:676:in `generate_dependency_files_for'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:274:in `check_and_create_pull_request'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:82:in `check_and_create_pr_with_error_handling'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `block in run'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `each'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `run'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/update_files_job.rb:17:in `perform_job'
updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/base_job.rb:28:in `run'
updater | ERROR <job_232492775> bin/update_files.rb:21:in `<main>`
```
2021-11-11 16:08:17 +00:00
Evgeny Vereshchagin
3fec0e6cbf
ci: pin some workflows to SHAs
...
to let Dependabot keep track of them using SHAs
codeql-actions doesn't point to SHAs because it isn't clear
whether Dependabot supports their release cycle mentioned
at https://github.com/github/codeql-action/issues/307
2021-11-11 10:32:02 +00:00
Evgeny Vereshchagin
5570313421
ci: pin labeler
...
Turns out GHActions where `pull_request_target` is used are capable
of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
labeler doesn't check out the source code or build anything so
it's safe in its current form but to avoid surprises let's just pin
it to the latest version. It's annoying to manage dependencies like this
manually so additionally dependabot.yml is introduced to make it
easier to keep GHActions up to date more or less automatically:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
2021-11-11 10:19:06 +00:00
Evgeny Vereshchagin
33796123bc
ci: run codeql-analysis daily
...
https://github.com/github/codeql-action
Apparently to judge from a couple of warnings I haven't seen
before it's a bit different from LGTM.
2021-11-12 15:47:15 +00:00
Frantisek Sumsal
8b212f3596
ci: take CIFuzz's matrix into consideration
...
Otherwise the jobs will try to cancel each other out.
Follow-up to 3884837610
2021-11-10 20:44:24 +00:00
Frantisek Sumsal
3884837610
ci: cancel previous jobs on ref update
...
Let's save the environment (and reduce the number of jobs in GH Actions
queues) by cancelling old jobs on a ref update (force push).
See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency
2021-11-10 17:15:35 +01:00
