diff --git a/.backportrc.json b/.backportrc.json new file mode 100644 index 00000000000..b988c16660f --- /dev/null +++ b/.backportrc.json @@ -0,0 +1,15 @@ +{ + "repoOwner": "saltstack", + "repoName": "salt", + "targetBranchChoices": ["master", "3006.x", "3005.x"], + "autoMerge": false, + "autoMergeMethod": "rebase", + "branchLabelMapping": { + "^backport:(.+)$": "$1" + }, + "prTitle": "[BACKPORT] {commitMessages}", + "publishStatusCommentOnSuccess": true, + "sourcePRLabels": [ + "backport:complete" + ] +} diff --git a/.codecov.yml b/.codecov.yml index 2af1c2c240c..5b59b7fcbd4 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -1,6 +1,6 @@ codecov: ci: - - jenkinsci.saltstack.com + - jenkins.saltproject.io - github.com max_report_age: 24 # The age you want coverage reports to expire at, or if you @@ -107,6 +107,29 @@ flags: paths: - tests/ carryforward: true + unit: + paths: + - tests/unit + - tests/pytests/unit + carryforward: true + functional: + paths: + - tests/pytests/functional + carryforward: true + scenarios: + paths: + - tests/pytests/scenarios + carryforward: true + integration: + paths: + - tests/integration + - tests/pytests/integration + carryforward: true + system: + paths: + - tests/integration + - tests/pytests/integration + carryforward: true #comment: # layout: "reach, diff, flags, files" diff --git a/.coveragerc b/.coveragerc index f0fb46b6fce..2579c96f9cd 100644 --- a/.coveragerc +++ b/.coveragerc @@ -32,16 +32,13 @@ ignore_errors = True [paths] salt = salt/ - /tmp/kitchen/testing/salt/ - /private/tmp/kitchen/testing/salt/ - C:\Users\admini~1\AppData\Local\Temp\kitchen\testing\salt\ - C:\Users\Administrator\AppData\Local\Temp\kitchen\testing\salt\ + artifacts/salt + **/testing/salt/ + **\testing\salt tests = tests/ - /tmp/kitchen/testing/tests/ - /private/tmp/kitchen/testing/tests/ - C:\Users\admini~1\AppData\Local\Temp\kitchen\testing\tests\ - C:\Users\Administrator\AppData\Local\Temp\kitchen\testing\tests\ + **/testing/tests/ + **\testing\tests extension_modules = tests/integration/files/extension_modules/ */extension_modules/ diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index db763ad1ba7..3c066bd4837 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -12,55 +12,52 @@ * @saltstack/team-core # Team Boto -salt/*/*boto* @saltstack/team-boto @saltstack/team-core +salt/*/*boto* @saltstack/team-core # Team Cloud -salt/cloud/* @saltstack/team-cloud @saltstack/team-core -salt/utils/openstack/* @saltstack/team-cloud @saltstack/team-core -salt/utils/aws.py @saltstack/team-cloud @saltstack/team-core -salt/*/*cloud* @saltstack/team-cloud @saltstack/team-core +salt/cloud/* @saltstack/team-core +salt/utils/openstack/* @saltstack/team-core +salt/utils/aws.py @saltstack/team-core +salt/*/*cloud* @saltstack/team-core # Team NetAPI -salt/cli/api.py @saltstack/team-netapi @saltstack/team-core -salt/client/netapi.py @saltstack/team-netapi @saltstack/team-core -salt/netapi/* @saltstack/team-netapi @saltstack/team-core +salt/cli/api.py @saltstack/team-core +salt/client/netapi.py @saltstack/team-core +salt/netapi/* @saltstack/team-core # Team Network -salt/proxy/* @saltstack/team-proxy @saltstack/team-core +salt/proxy/* @saltstack/team-core # Team SPM -salt/cli/spm.py @saltstack/team-spm @saltstack/team-core -salt/spm/* @saltstack/team-spm @saltstack/team-core +salt/cli/spm.py @saltstack/team-core +salt/spm/* @saltstack/team-core # Team SSH -salt/cli/ssh.py @saltstack/team-ssh @saltstack/team-core -salt/client/ssh/* @saltstack/team-ssh @saltstack/team-core -salt/roster/* @saltstack/team-ssh @saltstack/team-core -salt/runners/ssh.py @saltstack/team-ssh @saltstack/team-core -salt/*/thin.py @saltstack/team-ssh @saltstack/team-core +salt/cli/ssh.py @saltstack/team-core +salt/client/ssh/* @saltstack/team-core +salt/roster/* @saltstack/team-core +salt/runners/ssh.py @saltstack/team-core +salt/*/thin.py @saltstack/team-core # Team State -salt/state.py @saltstack/team-state @saltstack/team-core +salt/state.py @saltstack/team-core # Team SUSE -salt/*/*btrfs* @saltstack/team-suse @saltstack/team-core -salt/*/*kubernetes* @saltstack/team-suse @saltstack/team-core -salt/*/*pkg* @saltstack/team-suse @saltstack/team-core -salt/*/*snapper* @saltstack/team-suse @saltstack/team-core -salt/*/*xfs* @saltstack/team-suse @saltstack/team-core -salt/*/*zypper* @saltstack/team-suse @saltstack/team-core +salt/*/*btrfs* @saltstack/team-core +salt/*/*kubernetes* @saltstack/team-core +salt/*/*pkg* @saltstack/team-core +salt/*/*snapper* @saltstack/team-core +salt/*/*xfs* @saltstack/team-core +salt/*/*zypper* @saltstack/team-core # Team Transport -salt/transport/* @saltstack/team-transport @saltstack/team-core -salt/utils/zeromq.py @saltstack/team-transport @saltstack/team-core +salt/transport/* @saltstack/team-core +salt/utils/zeromq.py @saltstack/team-core # Team Windows -salt/*/*win* @saltstack/team-windows @saltstack/team-core -salt/modules/reg.py @saltstack/team-windows @saltstack/team-core -salt/states/reg.py @saltstack/team-windows @saltstack/team-core -tests/*/*win* @saltstack/team-windows @saltstack/team-core -tests/*/test_reg.py @saltstack/team-windows @saltstack/team-core -tests/pytests/* @saltstack/team-code @s0undt3ch - -# Jenkins Integration -.ci/* @saltstack/saltstack-sre-team @saltstack/team-core +salt/*/*win* @saltstack/team-core +salt/modules/reg.py @saltstack/team-core +salt/states/reg.py @saltstack/team-core +tests/*/*win* @saltstack/team-core +tests/*/test_reg.py @saltstack/team-core +tests/pytests/* @saltstack/team-core @s0undt3ch diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index fa172a0d62c..6f61f033336 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -21,8 +21,11 @@ Please be as specific as possible and give set-up details. - [ ] container (Kubernetes, Docker, containerd, etc. please specify) - [ ] or a combination, please be explicit - [ ] jails if it is FreeBSD +- [ ] classic packaging +- [ ] onedir packaging +- [ ] used bootstrap to install + - **Steps to Reproduce the behavior** (Include debug logs if possible and relevant) @@ -34,7 +37,7 @@ If applicable, add screenshots to help explain your problem. **Versions Report**
salt --versions-report -(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) +(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ```yaml PASTE HERE diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index dfec2ace709..c465f8de0fb 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -9,6 +9,3 @@ contact_links: - name: Salt on LiberaChat url: https://web.libera.chat/#salt about: Please ask and answer questions here. - - name: Security vulnerabilities - email: security@saltstack.com - about: Please report security vulnerabilities here. diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 00000000000..0cb729af140 --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,13 @@ +self-hosted-runner: + # Labels of self-hosted runner in array of string + labels: + - bastion + - x86_64 + - arm64 + - aarch64 + - amd64 + - repo-nightly + - repo-staging + - repo-release + - medium + - large diff --git a/.github/actions/build-onedir-deps/action.yml b/.github/actions/build-onedir-deps/action.yml new file mode 100644 index 00000000000..fceb79f0eb7 --- /dev/null +++ b/.github/actions/build-onedir-deps/action.yml @@ -0,0 +1,63 @@ +--- +name: build-onedir-deps +description: Build Onedir Dependencies +inputs: + platform: + required: true + type: string + description: The platform to build + arch: + required: true + type: string + description: The platform arch to build + python-version: + required: true + type: string + description: The python version to build + package-name: + required: false + type: string + description: The onedir package name to create + default: salt + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + + +env: + COLUMNS: 190 + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + RELENV_BUILDENV: 1 + + +runs: + using: composite + + steps: + + - name: Cache Deps Onedir Package Directory + id: onedir-pkg-cache + uses: actions/cache@v3 + with: + path: artifacts/${{ inputs.package-name }} + key: > + ${{ inputs.cache-prefix }}|${{ inputs.python-version }}|deps|${{ inputs.platform }}|${{ inputs.arch }}|${{ inputs.package-name }}| + ${{ hashFiles( + format('{0}/.relenv/**/*.xz', github.workspace), + 'requirements/static/pkg/*/*.txt', + '.github/actions/build-onedir-deps/action.yml', + 'cicd/shared-gh-workflows-context.yml' + ) }} + + - name: Install Salt Onedir Package Dependencies + shell: bash + if: steps.onedir-pkg-cache.outputs.cache-hit != 'true' + run: | + tools pkg build onedir-dependencies --arch ${{ inputs.arch }} --python-version ${{ inputs.python-version }} --package-name artifacts/${{ inputs.package-name }} --platform ${{ inputs.platform }} + + - name: Cleanup Salt Onedir Directory + shell: bash + run: | + tools pkg pre-archive-cleanup artifacts/${{ inputs.package-name }} diff --git a/.github/actions/build-onedir-salt/action.yml b/.github/actions/build-onedir-salt/action.yml new file mode 100644 index 00000000000..1f115607e81 --- /dev/null +++ b/.github/actions/build-onedir-salt/action.yml @@ -0,0 +1,106 @@ +--- +name: build-onedir-salt +description: Build Onedir Package +inputs: + platform: + required: true + type: string + description: The platform to build + arch: + required: true + type: string + description: The platform arch to build + package-name: + required: false + type: string + description: The onedir package name to create + default: salt + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + python-version: + required: true + type: string + description: The python version to build + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages. + + +env: + COLUMNS: 190 + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + RELENV_BUILDENV: 1 + + +runs: + using: composite + + steps: + + - name: Download Cached Deps Onedir Package Directory + id: onedir-bare-cache + uses: actions/cache@v3 + with: + path: artifacts/${{ inputs.package-name }} + key: > + ${{ inputs.cache-prefix }}|${{ inputs.python-version }}|deps|${{ inputs.platform }}|${{ inputs.arch }}|${{ inputs.package-name }}| + ${{ hashFiles( + format('{0}/.relenv/**/*.xz', github.workspace), + 'requirements/static/pkg/*/*.txt', + '.github/actions/build-onedir-deps/action.yml', + 'cicd/shared-gh-workflows-context.yml' + ) }} + + - name: Download Source Tarball + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}.tar.gz + + - name: Install Salt Into Onedir + shell: bash + run: | + tools pkg build salt-onedir salt-${{ inputs.salt-version }}.tar.gz --platform ${{ inputs.platform }} --package-name artifacts/${{ inputs.package-name }} + + - name: Cleanup Salt Onedir Directory + shell: bash + run: | + tools pkg pre-archive-cleanup artifacts/${{ inputs.package-name }} + + - name: Create Archive + shell: bash + run: | + cd artifacts/ + tar -cJf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz ${{ inputs.package-name }} + + - name: Create Archive (Zipfile) + if: ${{ inputs.platform == 'windows' }} + shell: powershell + run: | + cd artifacts + py -3 -m zipfile -c "${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.zip" ${{ inputs.package-name }} + + - name: Create Hash Files + shell: bash + run: | + tools pkg generate-hashes artifacts/${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.* + + - name: Upload Onedir Tarball as an Artifact + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz* + retention-days: 7 + if-no-files-found: error + + - name: Upload Onedir Zipfile as an Artifact + if: ${{ inputs.platform == 'windows' }} + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.zip + path: artifacts/${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.zip* + retention-days: 7 + if-no-files-found: error diff --git a/.github/actions/build-source-tarball/action.yml b/.github/actions/build-source-tarball/action.yml new file mode 100644 index 00000000000..f755951fc60 --- /dev/null +++ b/.github/actions/build-source-tarball/action.yml @@ -0,0 +1,61 @@ +--- +name: build-source-tarball +description: Build Source Tarball +inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building the tarball. + nox-version: + required: false + type: string + description: The version of Nox to install + default: "2022.8.7" + + +env: + COLUMNS: 190 + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +runs: + using: composite + + steps: + + - name: Download Release Patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}.patch + + - name: Configure Git + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + shell: bash + run: | + tools pkg configure-git + + - name: Apply Release Patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + shell: bash + run: | + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete + + - name: Create Source Tarball + shell: bash + run: | + tools pkg source-tarball + + - name: Create Hash Files + shell: bash + run: | + tools pkg generate-hashes dist/salt-${{ inputs.salt-version }}.tar.gz + + - name: Upload Source Tarball as an Artifact + uses: actions/upload-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}.tar.gz + path: dist/salt-*.tar.gz* + retention-days: 7 + if-no-files-found: error diff --git a/.github/actions/cached-virtualenv/action.yml b/.github/actions/cached-virtualenv/action.yml new file mode 100644 index 00000000000..23ac4a410ff --- /dev/null +++ b/.github/actions/cached-virtualenv/action.yml @@ -0,0 +1,71 @@ +--- +name: cached-virtualenv +description: Setup a cached python virtual environment + +inputs: + name: + required: true + type: string + description: The Virtualenv Name + cache-seed: + required: true + type: string + description: Seed used to invalidate caches +outputs: + cache-hit: + value: ${{ steps.cache-virtualenv.outputs.cache-hit }} + cache-key: + value: ${{ steps.setup-cache-key.outputs.cache-key }} + python-executable: + value: ${{ steps.define-python-executable.outputs.python-executable }} + + +env: + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +runs: + using: composite + + steps: + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Cache Key + shell: bash + id: setup-cache-key + run: | + echo "cache-key=${{ inputs.cache-seed }}|${{ runner.os }}|${{ runner.arch }}|cached-venv|${{ steps.get-python-version.outputs.version }}|${{ inputs.name }}" >> "${GITHUB_OUTPUT}" + + - name: Cache VirtualEnv + id: cache-virtualenv + uses: actions/cache@v3 + with: + key: ${{ steps.setup-cache-key.outputs.cache-key }} + path: ${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }} + + - name: Create Virtualenv + shell: bash + if: ${{ steps.cache-virtualenv.outputs.cache-hit != 'true' }} + run: | + mkdir -p ${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }} + python3 -m venv --upgrade ${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }} + + - name: Define python executable output + shell: bash + id: define-python-executable + run: | + shopt -s nocasematch + if [[ "${{ runner.os }}" =~ "win" ]]; then + BIN_DIR="${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }}/Scripts" + else + BIN_DIR="${{ github.workspace }}/.venvs/py${{ steps.get-python-version.outputs.version }}/${{ inputs.name }}/bin" + fi + shopt -u nocasematch + echo "python-executable=$BIN_DIR/python" >> "${GITHUB_OUTPUT}" + echo "${BIN_DIR}" >> "${GITHUB_PATH}" diff --git a/.github/actions/download-artifact/action.yml b/.github/actions/download-artifact/action.yml new file mode 100644 index 00000000000..5646eb933e2 --- /dev/null +++ b/.github/actions/download-artifact/action.yml @@ -0,0 +1,39 @@ +# This actions was inspired by https://github.com/alehechka/download-tartifact +--- +name: Download Tar Artifact +description: > + Download and extract a tar artifact that was previously uploaded in the + workflow by the upload-tartifact action + +inputs: + name: + description: Artifact name + required: false + path: + description: Destination path + required: false + archive-name: + description: > + By default `inputs.name`(last resort, `archive`) is what's used to name the archive. + This parameter allows a customizing that archive name. This will allow uploading multiple + archives under the same 'name', like the underlying official action does + without overriding the existing archives. + required: false + +runs: + using: composite + steps: + - uses: actions/download-artifact@v3 + with: + name: ${{ inputs.name }} + path: ${{ inputs.path }} + + - shell: bash + working-directory: ${{ inputs.path }} + run: | + tar -xvf ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz + + - shell: bash + working-directory: ${{ inputs.path }} + run: | + rm -f ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz diff --git a/.github/actions/get-pull-labels/action.yml b/.github/actions/get-pull-labels/action.yml new file mode 100644 index 00000000000..2da0a2c9dae --- /dev/null +++ b/.github/actions/get-pull-labels/action.yml @@ -0,0 +1,23 @@ +--- +name: get-pull-labels +description: Get Pull Labels +inputs: + pull-request: + type: string + +outputs: + labels: + value: ${{ steps.get-pull-labels.outputs.labels }} + +runs: + using: composite + steps: + - name: Get Pull Labels + id: get-pull-labels + shell: bash + env: + PULL_REQUEST: ${{ inputs.pull-request }} + run: | + labels=$(jq -c '[.labels[].name]' <<< $PULL_REQUEST) + echo $labels + echo "labels=$labels" >> "$GITHUB_OUTPUT" diff --git a/.github/actions/get-pull-number/action.yml b/.github/actions/get-pull-number/action.yml new file mode 100644 index 00000000000..00fd0425aff --- /dev/null +++ b/.github/actions/get-pull-number/action.yml @@ -0,0 +1,46 @@ + +--- +name: get-pull-number +description: Get Pull Number +inputs: + owner: + type: string + repo: + type: string + sha: + type: string + pull-number: + default: null + +outputs: + number: + value: ${{ steps.get-pull-number.outputs.number }} + +runs: + using: composite + steps: + - name: Get Pull Number + id: get-pull-number + shell: bash + env: + GITHUB_OWNER: ${{ inputs.owner }} + GITHUB_REPO: ${{ inputs.repo }} + GITHUB_SHA: ${{ inputs.sha }} + GITHUB_PULL_NUMBER: ${{ inputs.pull-number }} + run: | + if [ -z "$GITHUB_PULL_NUMBER" ] + then + echo "Searching For Pull Number" + echo $GITHUB_OWNER + echo $GITHUB_REPO + echo $GITHUB_SHA + pulls=$(gh api repos/$GITHUB_OWNER/$GITHUB_REPO/commits/$GITHUB_SHA/pulls) + echo $pulls + full_name=$GITHUB_OWNER/$GITHUB_REPO + number=$(jq -c --arg r "$full_name" '[.[] | select(.url | contains($r))][0].number' <<< $pulls ) + else + echo "Given Pull Number" + number=$GITHUB_PULL_NUMBER + fi + echo $number + echo "number=$number" >> "$GITHUB_OUTPUT" diff --git a/.github/actions/get-pull-request/action.yml b/.github/actions/get-pull-request/action.yml new file mode 100644 index 00000000000..781aa24fe98 --- /dev/null +++ b/.github/actions/get-pull-request/action.yml @@ -0,0 +1,30 @@ + +--- +name: get-pull-request +description: Get Pull Request +inputs: + owner: + type: string + repo: + type: string + pull-number: + type: number + +outputs: + pull-request: + value: ${{ steps.get-pull-request.outputs.request }} + +runs: + using: composite + steps: + - name: Get Pull Request + id: get-pull-request + shell: bash + env: + GITHUB_OWNER: ${{ inputs.owner }} + GITHUB_REPO: ${{ inputs.repo }} + GITHUB_PULL_NUMBER: ${{ inputs.pull-number }} + run: | + pull=$(gh api repos/$GITHUB_OWNER/$GITHUB_REPO/pulls/$GITHUB_PULL_NUMBER) + echo $pull + echo "request=$pull" >> "$GITHUB_OUTPUT" diff --git a/.github/actions/get-python-version/action.yml b/.github/actions/get-python-version/action.yml new file mode 100644 index 00000000000..e64d285bca5 --- /dev/null +++ b/.github/actions/get-python-version/action.yml @@ -0,0 +1,31 @@ +--- +name: get-python-version +description: Setup Relenv +inputs: + python-binary: + required: true + type: string + description: The python binary to get the version from +outputs: + binary: + value: ${{ steps.get-python-version.outputs.binary }} + version: + value: ${{ steps.get-python-version.outputs.version }} + full-version: + value: ${{ steps.get-python-version.outputs.full-version }} + + +runs: + using: composite + + steps: + + - name: Get Python Version + id: get-python-version + shell: bash + run: | + echo "binary=${{ inputs.python-binary }}" >> "$GITHUB_OUTPUT" + PY_VERSION=$(${{ inputs.python-binary }} -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info))") + echo "version=$PY_VERSION" >> "$GITHUB_OUTPUT" + PY_FULL_VERSION=$(${{ inputs.python-binary }} -c "import sys; sys.stdout.write('{}.{}.{}'.format(*sys.version_info))") + echo "full-version=$PY_FULL_VERSION" >> "$GITHUB_OUTPUT" diff --git a/.github/actions/setup-actionlint/action.yml b/.github/actions/setup-actionlint/action.yml new file mode 100644 index 00000000000..6605d5db1bc --- /dev/null +++ b/.github/actions/setup-actionlint/action.yml @@ -0,0 +1,33 @@ +--- +name: setup-actionlint +description: Setup actionlint +inputs: + version: + description: The version of actionlint + default: 1.6.24 + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + +runs: + using: composite + steps: + + - name: Cache actionlint Binary + uses: actions/cache@v3 + with: + path: /usr/local/bin/actionlint + key: ${{ inputs.cache-seed }}|${{ runner.os }}|${{ runner.arch }}|actionlint|${{ inputs.version }} + + - name: Setup actionlint + shell: bash + run: | + if ! command -v actionlint; then + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) ${{ inputs.version }} + mv ./actionlint /usr/local/bin/actionlint + fi + - name: Show actionlint Version + shell: bash + run: | + actionlint --version diff --git a/.github/actions/setup-pre-commit/action.yml b/.github/actions/setup-pre-commit/action.yml new file mode 100644 index 00000000000..e7baa0a2aeb --- /dev/null +++ b/.github/actions/setup-pre-commit/action.yml @@ -0,0 +1,48 @@ +--- +name: setup-pre-commit +description: Setup 'pre-commit' + +inputs: + version: + type: string + description: Pre-commit version to install + required: true + default: 3.0.3 + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + +env: + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +runs: + using: composite + + steps: + + - uses: ./.github/actions/cached-virtualenv + id: pre-commit-virtualenv + with: + name: pre-commit + cache-seed: ${{ inputs.cache-seed }} + + - name: Install Pre-Commit + if: ${{ steps.pre-commit-virtualenv.outputs.cache-hit != 'true' }} + shell: bash + run: | + ${{ steps.pre-commit-virtualenv.outputs.python-executable }} -m pip install pre-commit==${{ inputs.version }} + + - name: Cache Pre-Commit Hooks + uses: actions/cache@v3 + id: pre-commit-hooks-cache + with: + key: ${{ steps.pre-commit-virtualenv.outputs.cache-key }}|${{ inputs.version }}|${{ hashFiles('.pre-commit-config.yaml') }} + path: ~/.cache/pre-commit + + - name: Install Pre-Commit Hooks + shell: bash + run: | + pre-commit install --install-hooks diff --git a/.github/actions/setup-python-tools-scripts/action.yml b/.github/actions/setup-python-tools-scripts/action.yml new file mode 100644 index 00000000000..dcd46feb2b0 --- /dev/null +++ b/.github/actions/setup-python-tools-scripts/action.yml @@ -0,0 +1,44 @@ +--- +name: setup-python-tools-scripts +description: Setup 'python-tools-scripts' + +inputs: + cwd: + type: string + description: The directory the salt checkout is located in + default: "." + +outputs: + version: + value: ${{ steps.get-version.outputs.version }} + + +env: + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +runs: + using: composite + + steps: + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Install 'python-tools-scripts' + shell: bash + working-directory: ${{ inputs.cwd }} + run: | + python3 -m pip install -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt + + - name: Get 'python-tools-scripts' Version + id: get-version + shell: bash + working-directory: ${{ inputs.cwd }} + run: | + VERSION=$(tools --version) + echo "version=$VERSION" >> "${GITHUB_OUTPUT}" diff --git a/.github/actions/setup-relenv/action.yml b/.github/actions/setup-relenv/action.yml new file mode 100644 index 00000000000..1f228fd1822 --- /dev/null +++ b/.github/actions/setup-relenv/action.yml @@ -0,0 +1,66 @@ +--- +name: setup-relenv +description: Setup Relenv +inputs: + platform: + required: true + type: string + description: The platform to build + arch: + required: true + type: string + description: The platform arch to build + python-version: + required: true + type: string + description: The version of python to build + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + version: + required: false + type: string + description: The version of relenv to use + default: 0.12.3 + +outputs: + version: + value: ${{ inputs.version }} + + +env: + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +runs: + using: composite + + steps: + + - name: Install Relenv + shell: bash + run: | + python3 -m pip install relenv==${{ inputs.version }} + + - name: Cache Relenv Data Directory + uses: actions/cache@v3 + with: + path: ${{ github.workspace }}/.relenv + key: ${{ inputs.cache-seed }}|relenv|${{ inputs.version }}|${{ inputs.python-version }}|${{ inputs.platform }}|${{ inputs.arch }} + + - name: Fetch Toolchain + if: ${{ inputs.platform == 'linux' }} + shell: bash + env: + RELENV_FETCH_VERSION: "${{ inputs.version }}" + run: | + python3 -m relenv toolchain fetch --arch=${{ inputs.arch }} + + - name: Fetch Native Python Build + shell: bash + env: + RELENV_FETCH_VERSION: "${{ inputs.version }}" + run: | + python3 -m relenv fetch --arch=${{ inputs.arch }} --python=${{ inputs.python-version }} diff --git a/.github/actions/setup-salt-version/action.yml b/.github/actions/setup-salt-version/action.yml new file mode 100644 index 00000000000..9f21d6f002b --- /dev/null +++ b/.github/actions/setup-salt-version/action.yml @@ -0,0 +1,43 @@ +--- +name: setup-salt-version +description: Setup Salt Version +inputs: + cwd: + type: string + default: "" + salt-version: + type: string + default: "" + description: > + The Salt version to set prior to running tests or building packages. + If not set, it is discover at run time, like, for example, capturing + the output of running `python3 salt/version.py` + validate-version: + type: boolean + default: false + description: Validate the passed version. + release: + type: boolean + default: false + description: This is a release of salt. +outputs: + salt-version: + value: ${{ steps.setup-salt-version.outputs.salt-version }} + description: The Salt version written to `salt/_version.txt` + +env: + COLUMNS: 190 + +runs: + using: composite + + steps: + + - name: Setup Salt Version + id: setup-salt-version + shell: bash + run: | + if [ "${{ inputs.cwd }}" != "" ]; then + cd "${{ inputs.cwd }}" + fi + tools pkg set-salt-version ${{ inputs.validate-version == 'true' && '--validate-version' || '' }} ${{ inputs.release == 'true' && '--release' || '' }} ${{ inputs.salt-version }} diff --git a/.github/actions/setup-shellcheck/action.yml b/.github/actions/setup-shellcheck/action.yml new file mode 100644 index 00000000000..8e3efda8fb7 --- /dev/null +++ b/.github/actions/setup-shellcheck/action.yml @@ -0,0 +1,35 @@ +--- +name: setup-shellcheck +description: Setup shellcheck +inputs: + version: + description: The version of shellcheck + default: v0.9.0 + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + +runs: + using: composite + steps: + + - name: Cache shellcheck Binary + uses: actions/cache@v3 + with: + path: /usr/local/bin/shellcheck + key: ${{ inputs.cache-seed }}|${{ runner.os }}|${{ runner.arch }}|shellcheck|${{ inputs.version }} + + - name: Setup shellcheck + shell: bash + run: | + if ! command -v shellcheck; then + wget https://github.com/koalaman/shellcheck/releases/download/${{ inputs.version }}/shellcheck-${{ inputs.version }}.${{ runner.os }}.x86_64.tar.xz + tar xf shellcheck-${{ inputs.version }}.${{ runner.os }}.x86_64.tar.xz + mv shellcheck-${{ inputs.version }}/shellcheck /usr/local/bin/shellcheck + rm -rf shellcheck-${{ inputs.version }}.${{ runner.os }}.x86_64.tar.xz shellcheck-${{ inputs.version }} + fi + - name: Show shellcheck Version + shell: bash + run: | + shellcheck --version diff --git a/.github/actions/upload-artifact/action.yml b/.github/actions/upload-artifact/action.yml new file mode 100644 index 00000000000..4afd8b3ee9b --- /dev/null +++ b/.github/actions/upload-artifact/action.yml @@ -0,0 +1,57 @@ +# This actions was inspired by https://github.com/alehechka/upload-tartifact +--- +name: Upload Tar Artifact +description: Compress files with tar prior to artifacting to keep file privileges. + +inputs: + name: + description: Artifact name + default: artifact + required: false + path: + description: > + A file, directory or wildcard pattern that describes what to upload. + Note: The path provided will be maintained through tar, so after + download-tartifact, and subfolder structure will remain intact. + required: true + if-no-files-found: + description: > + The desired behavior if no files are found using the provided path. + Available Options: + warn: Output a warning but do not fail the action + error: Fail the action with an error message + ignore: Do not output any warnings or errors, the action does not fail + default: 'warn' + required: false + retention-days: + description: > + Duration after which artifact will expire in days. 0 means using default retention. + Minimum 1 day. + Maximum 90 days unless changed from the repository settings page. + required: false + archive-name: + description: > + By default `archive` is what's used to name the archive. This parameter + allows a customizing that archive name. This will allow uploading multiple + archives under the same 'name', like the underlying official action does + without overriding the existing archives. + required: false + +runs: + using: composite + steps: + - shell: bash + run: | + shopt -s globstar || echo "'globstar' not available" + tar -cavf ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz ${{ inputs.path }} + + - uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.name }} + path: ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz + if-no-files-found: ${{ inputs.if-no-files-found }} + retention-days: ${{ inputs.retention-days }} + + - shell: bash + run: | + rm -f ${{ inputs.archive-name || inputs.name || 'archive' }}.tar.gz diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml new file mode 100644 index 00000000000..b70b84df5b3 --- /dev/null +++ b/.github/workflows/backport.yml @@ -0,0 +1,48 @@ +name: Backport PR +run-name: "Backport PR #${{ github.event.number }}" + +on: + pull_request_target: + types: + - "labeled" + - "closed" + +permissions: + contents: write + pull-requests: write + +jobs: + backport: + name: Backport PR + runs-on: + - ubuntu-latest + if: | + github.event.pull_request.merged == true + && ( + contains(github.event.pull_request.labels.*.name, 'backport:master') || + contains(github.event.pull_request.labels.*.name, 'backport:3006.x') || + contains(github.event.pull_request.labels.*.name, 'backport:3005.x') + ) + && ( + (github.event.action == 'labeled' && ( + contains(github.event.pull_request.labels.*.name, 'backport:master') || + contains(github.event.pull_request.labels.*.name, 'backport:3006.x') || + contains(github.event.pull_request.labels.*.name, 'backport:3005.x') + )) + || (github.event.action == 'closed') + ) + steps: + - name: Backport Action + uses: sqren/backport-github-action@v8.9.7 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + auto_backport_label_prefix: "backport:" + add_original_reviewers: true + + - name: Info log + if: ${{ success() }} + run: jq -C '.' ~/.backport/backport.info.log + + - name: Debug log + if: ${{ failure() }} + run: jq -C '.' ~/.backport/backport.debug.log diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml new file mode 100644 index 00000000000..3823a620ed1 --- /dev/null +++ b/.github/workflows/build-deb-packages.yml @@ -0,0 +1,109 @@ +--- +name: Build Debian Packages + +on: + workflow_call: + inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages. + +jobs: + build: + name: DEB + runs-on: + - self-hosted + - linux + - ${{ matrix.arch }} + strategy: + fail-fast: false + matrix: + arch: + - x86_64 + - aarch64 + source: + - onedir + - src + + container: + image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-11 + + steps: + # Checkout here so we can easily use custom actions + - uses: actions/checkout@v3 + + # Checkout here for the build process + - name: Checkout in build directory + uses: actions/checkout@v3 + with: + path: + pkgs/checkout/ + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz + path: pkgs/checkout/artifacts/ + + - name: Download Release Patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}.patch + path: pkgs/checkout/ + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + with: + cwd: pkgs/checkout/ + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + cwd: pkgs/checkout/ + + - name: Configure Git + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + working-directory: pkgs/checkout/ + run: | + tools pkg configure-git + + - name: Apply release patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + working-directory: pkgs/checkout/ + run: | + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete + + - name: Build Deb + working-directory: pkgs/checkout/ + run: | + tools pkg build deb ${{ + matrix.source == 'onedir' && + format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch) + || + format('--arch={0}', matrix.arch) + }} + + - name: Cleanup + run: | + rm -rf pkgs/checkout/ + + - name: Set Artifact Name + id: set-artifact-name + run: | + if [ "${{ matrix.source }}" != "src" ]; then + echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb" >> "$GITHUB_OUTPUT" + else + echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb-from-src" >> "$GITHUB_OUTPUT" + fi + + - name: Upload DEBs + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.set-artifact-name.outputs.artifact-name }} + path: ${{ github.workspace }}/pkgs/* + retention-days: 7 + if-no-files-found: error diff --git a/.github/workflows/build-deps-onedir.yml b/.github/workflows/build-deps-onedir.yml new file mode 100644 index 00000000000..ad788929cf9 --- /dev/null +++ b/.github/workflows/build-deps-onedir.yml @@ -0,0 +1,162 @@ +--- +name: Build Packaging Dependencies Onedir + +on: + workflow_call: + inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages. + github-hosted-runners: + type: boolean + required: true + self-hosted-runners: + type: boolean + required: true + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + relenv-version: + required: false + type: string + default: 0.12.3 + description: The version of relenv to use + python-version-linux: + required: false + type: string + default: 3.10.9 + description: The version of python to use with relenv + python-version-macos: + required: false + type: string + default: 3.10.9 + description: The version of python to use with relenv + python-version-windows: + required: false + type: string + description: The version of python to use with relenv on Windows + default: 3.10.9 + +env: + RELENV_DATA: "${{ github.workspace }}/.relenv" + +jobs: + + build-deps-linux: + name: Linux + if: ${{ inputs.self-hosted-runners }} + strategy: + fail-fast: false + matrix: + arch: + - x86_64 + - aarch64 + runs-on: + - self-hosted + - linux + - ${{ matrix.arch }} + steps: + - uses: actions/checkout@v3 + - name: Setup Relenv + id: setup-relenv + uses: ./.github/actions/setup-relenv + with: + platform: linux + arch: ${{ matrix.arch }} + version: ${{ inputs.relenv-version }} + cache-seed: ${{ inputs.cache-seed }} + python-version: ${{ inputs.python-version-linux }} + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Install Salt Packaging Dependencies into Relenv Onedir + uses: ./.github/actions/build-onedir-deps + with: + platform: linux + arch: ${{ matrix.arch }} + python-version: "${{ inputs.python-version-linux }}" + cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }} + + + build-deps-windows: + name: Windows + if: ${{ inputs.github-hosted-runners }} + strategy: + fail-fast: false + max-parallel: 2 + matrix: + arch: + - x86 + - amd64 + runs-on: windows-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Relenv + id: setup-relenv + uses: ./.github/actions/setup-relenv + with: + platform: windows + arch: ${{ matrix.arch }} + version: ${{ inputs.relenv-version }} + cache-seed: ${{ inputs.cache-seed }} + python-version: ${{ inputs.python-version-windows }} + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Install Salt Packaging Dependencies into Relenv Onedir + uses: ./.github/actions/build-onedir-deps + with: + platform: windows + arch: ${{ matrix.arch }} + python-version: "${{ inputs.python-version-windows }}" + cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }} + + + build-deps-macos: + name: macOS + if: ${{ inputs.github-hosted-runners }} + strategy: + fail-fast: false + max-parallel: 2 + matrix: + arch: + - x86_64 + runs-on: macos-12 + steps: + - uses: actions/checkout@v3 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Relenv + id: setup-relenv + uses: ./.github/actions/setup-relenv + with: + platform: darwin + arch: ${{ matrix.arch }} + version: ${{ inputs.relenv-version }} + cache-seed: ${{ inputs.cache-seed }} + python-version: ${{ inputs.python-version-macos }} + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Install Salt Packaging Dependencies into Relenv Onedir + uses: ./.github/actions/build-onedir-deps + with: + platform: darwin + arch: ${{ matrix.arch }} + python-version: "${{ inputs.python-version-macos }}" + cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }} diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml new file mode 100644 index 00000000000..32ff96dbf38 --- /dev/null +++ b/.github/workflows/build-docs.yml @@ -0,0 +1,96 @@ +--- +name: Build Documentation + +on: + workflow_call: + inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages. + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + +jobs: + build: + name: Build + runs-on: + - self-hosted + - linux + - medium + - x86_64 + strategy: + fail-fast: false + matrix: + docs-output: + - linkcheck + - spellcheck + - html + - epub + # - pdf + + steps: + - uses: actions/checkout@v3 + + - name: Download Release Patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}.patch + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Configure Git + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools pkg configure-git + + - name: Apply release patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete + + - name: Cache Python Tools Docs Virtualenv + id: tools-venvs-dependencies-cache + uses: actions/cache@v3 + with: + path: .tools-venvs/docs + key: ${{ inputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }} + + - name: Prepare Docs Build + run: | + git clone https://gitlab.com/saltstack/open/docs/builddocs.git .builddocs + sudo mkdir -p /usr/share/fonts/truetype /usr/share/fonts/opentype + sudo cp -rfv .builddocs/builddocs/files/fonts/truetype/*.ttf /usr/share/fonts/truetype/ + sudo cp -rfv .builddocs/builddocs/files/fonts/opentype/*.otf /usr/share/fonts/opentype/ + sudo fc-cache -f -v + + - name: Build Documentation (${{ matrix.docs-output }}) + id: build-docs + shell: bash + continue-on-error: ${{ matrix.docs-output == 'linkcheck' || matrix.docs-output == 'spellcheck' }} + env: + LATEST_RELEASE: "${{ inputs.salt-version }}" + SALT_ON_SALTSTACK: "1" + ARCHIVE_FILENAME: "${{ format('salt-{0}-docs-{1}.tar.xz', inputs.salt-version, matrix.docs-output) }}" + run: | + tools docs ${{ matrix.docs-output }} + + - name: Upload Built Documentation Artifact(${{ matrix.docs-output }}) + if: ${{ steps.build-docs.outputs.has-artifacts == 'true' }} + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.build-docs.outputs.artifact-name }} + path: ${{ steps.build-docs.outputs.artifact-path }} + retention-days: 7 + if-no-files-found: error diff --git a/.github/workflows/build-macos-packages.yml b/.github/workflows/build-macos-packages.yml new file mode 100644 index 00000000000..9e07834fea0 --- /dev/null +++ b/.github/workflows/build-macos-packages.yml @@ -0,0 +1,114 @@ +--- +name: Build macOS Packages + +on: + workflow_call: + inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages. + sign-packages: + type: boolean + default: false + description: Sign Packages + environment: + type: string + description: The GitHub Environment where this workflow should run + default: ci + +jobs: + + build-pkgs: + name: macOS + environment: ${{ inputs.environment }} + strategy: + fail-fast: false + matrix: + arch: + - x86_64 + runs-on: + - macos-12 + steps: + + - name: Check Package Signing Enabled + shell: bash + id: check-pkg-sign + run: | + if [ "${{ inputs.sign-packages }}" == "true" ]; then + if [ "${{ (secrets.MAC_SIGN_APPLE_ACCT != '' && contains(fromJSON('["nightly", "staging"]'), inputs.environment)) && 'true' || 'false' }}" != "true" ]; then + MSG="Secrets for signing packages are not available. The packages created will NOT be signed." + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "sign-pkgs=false" >> "$GITHUB_OUTPUT" + else + MSG="The packages created WILL be signed." + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "sign-pkgs=true" >> "$GITHUB_OUTPUT" + fi + else + MSG="The sign-packages input is false. The packages created will NOT be signed." + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "sign-pkgs=false" >> "$GITHUB_OUTPUT" + fi + + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: 3.9 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz + path: artifacts/ + + - name: Prepare Package Signing + if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }} + run: | + echo ${{ secrets.MAC_SIGN_DEV_APP_CERT_B64 }} | base64 --decode > app-cert.p12 + echo ${{ secrets.MAC_SIGN_DEV_INSTALL_CERT_B64 }} | base64 --decode > install-cert.p12 + # Create SaltSigning keychain. This will contain the certificates for signing + security create-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" + # Append SaltSigning keychain to the search list + security list-keychains -d user -s "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" "$(security list-keychains -d user | sed s/\"//g)" + # Unlock the keychain so we can import certs + security unlock-keychain -p "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" + # Developer Application Certificate + security import "app-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A + rm app-cert.p12 + # Developer Installer Certificate + security import "install-cert.p12" -t agg -k "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" -P "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" -A + rm install-cert.p12 + security set-key-partition-list -S apple-tool:,apple: -k "${{ secrets.MAC_SIGN_DEV_PASSWORD }}" "${{ secrets.MAC_SIGN_DEV_KEYCHAIN }}" &> /dev/null + + - name: Build MacOS Package + env: + DEV_APP_CERT: "${{ secrets.MAC_SIGN_DEV_APP_CERT }}" + DEV_INSTALL_CERT: "${{ secrets.MAC_SIGN_DEV_INSTALL_CERT }}" + APPLE_ACCT: "${{ secrets.MAC_SIGN_APPLE_ACCT }}" + APP_SPEC_PWD: "${{ secrets.MAC_SIGN_APP_SPEC_PWD }}" + run: | + tools pkg build macos --onedir salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz \ + --salt-version ${{ inputs.salt-version }} ${{ + steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || '' + }} + + - name: Upload ${{ matrix.arch }} Package + uses: actions/upload-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-macos + path: pkg/macos/salt-${{ inputs.salt-version }}-py3-*.pkg + retention-days: 7 + if-no-files-found: error diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml new file mode 100644 index 00000000000..72464818307 --- /dev/null +++ b/.github/workflows/build-rpm-packages.yml @@ -0,0 +1,93 @@ +--- +name: Build RPM Packages + +on: + workflow_call: + inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages. + +env: + COLUMNS: 190 + +jobs: + build: + name: RPM + runs-on: + - self-hosted + - linux + - ${{ matrix.arch }} + strategy: + fail-fast: false + matrix: + arch: + - x86_64 + - aarch64 + source: + - onedir + - src + + container: + image: ghcr.io/saltstack/salt-ci-containers/packaging:centosstream-9 + + steps: + - uses: actions/checkout@v3 + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz + path: artifacts/ + + - name: Download Release Patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}.patch + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + + - name: Configure Git + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools pkg configure-git + + - name: Apply release patch + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete + + - name: Build RPM + run: | + tools pkg build rpm ${{ + matrix.source == 'onedir' && + format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch) + || + format('--arch={0}', matrix.arch) + }} + + - name: Set Artifact Name + id: set-artifact-name + run: | + if [ "${{ matrix.source }}" != "src" ]; then + echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm" >> "$GITHUB_OUTPUT" + else + echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm-from-src" >> "$GITHUB_OUTPUT" + fi + + - name: Upload RPMs + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.set-artifact-name.outputs.artifact-name }} + path: ~/rpmbuild/RPMS/${{ matrix.arch }}/*.rpm + retention-days: 7 + if-no-files-found: error diff --git a/.github/workflows/build-salt-onedir.yml b/.github/workflows/build-salt-onedir.yml new file mode 100644 index 00000000000..2b1b758b42f --- /dev/null +++ b/.github/workflows/build-salt-onedir.yml @@ -0,0 +1,182 @@ +--- +name: Build Salt Onedir + +on: + workflow_call: + inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages. + github-hosted-runners: + type: boolean + required: true + self-hosted-runners: + type: boolean + required: true + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + relenv-version: + required: false + type: string + default: 0.12.3 + description: The version of relenv to use + python-version-linux: + required: false + type: string + default: 3.10.9 + description: The version of python to use with relenv + python-version-macos: + required: false + type: string + default: 3.10.9 + description: The version of python to use with relenv + python-version-windows: + required: false + type: string + description: The version of python to use with relenv on Windows + default: 3.10.9 + +env: + RELENV_DATA: "${{ github.workspace }}/.relenv" + +jobs: + + build-salt-linux: + name: Linux + if: ${{ inputs.self-hosted-runners }} + strategy: + fail-fast: false + matrix: + arch: + - x86_64 + - aarch64 + runs-on: + - self-hosted + - linux + - ${{ matrix.arch }} + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + + - name: Setup Relenv + uses: ./.github/actions/setup-relenv + id: setup-relenv + with: + platform: linux + arch: ${{ matrix.arch }} + version: ${{ inputs.relenv-version }} + cache-seed: ${{ inputs.cache-seed }} + python-version: ${{ inputs.python-version-linux }} + + - name: Install Salt into Relenv Onedir + uses: ./.github/actions/build-onedir-salt + with: + platform: linux + arch: ${{ matrix.arch }} + salt-version: "${{ inputs.salt-version }}" + python-version: "${{ inputs.python-version-linux }}" + cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }} + + + build-salt-windows: + name: Windows + if: ${{ inputs.github-hosted-runners }} + strategy: + fail-fast: false + max-parallel: 2 + matrix: + arch: + - x86 + - amd64 + runs-on: windows-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Relenv + id: setup-relenv + uses: ./.github/actions/setup-relenv + with: + platform: windows + arch: ${{ matrix.arch }} + version: ${{ inputs.relenv-version }} + cache-seed: ${{ inputs.cache-seed }} + python-version: ${{ inputs.python-version-windows }} + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + + - name: Install Salt into Relenv Onedir + uses: ./.github/actions/build-onedir-salt + with: + platform: windows + arch: ${{ matrix.arch }} + salt-version: "${{ inputs.salt-version }}" + python-version: "${{ inputs.python-version-windows }}" + cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }} + + + build-salt-macos: + name: macOS + if: ${{ inputs.github-hosted-runners }} + strategy: + fail-fast: false + max-parallel: 2 + matrix: + arch: + - x86_64 + runs-on: macos-12 + steps: + - uses: actions/checkout@v3 + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Relenv + id: setup-relenv + uses: ./.github/actions/setup-relenv + with: + platform: darwin + arch: ${{ matrix.arch }} + version: ${{ inputs.relenv-version }} + cache-seed: ${{ inputs.cache-seed }} + python-version: ${{ inputs.python-version-macos }} + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + + - name: Install Salt into Relenv Onedir + uses: ./.github/actions/build-onedir-salt + with: + platform: darwin + arch: ${{ matrix.arch }} + salt-version: "${{ inputs.salt-version }}" + python-version: "${{ inputs.python-version-macos }}" + cache-prefix: ${{ inputs.cache-seed }}|relenv|${{ steps.setup-relenv.outputs.version }} diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml new file mode 100644 index 00000000000..b50d7cdc618 --- /dev/null +++ b/.github/workflows/build-windows-packages.yml @@ -0,0 +1,117 @@ +--- +name: Build Windows Packages + +on: + workflow_call: + inputs: + salt-version: + type: string + required: true + description: The Salt version to set prior to building packages + sign-packages: + type: boolean + default: false + description: Sign Packages + environment: + type: string + description: The GitHub Environment where this workflow should run + default: ci + +jobs: + + build-pkgs: + name: Windows + environment: ${{ inputs.environment }} + strategy: + fail-fast: false + max-parallel: 2 + matrix: + arch: + - x86 + - amd64 + runs-on: + - windows-latest + env: + SM_HOST: "${{ secrets.WIN_SIGN_HOST_PROD }}" + SM_API_KEY: "${{ secrets.WIN_SIGN_API_KEY }}" + SM_CLIENT_CERT_FILE: "D:\\Certificate_pkcs12.p12" + SM_CLIENT_CERT_PASSWORD: "${{ secrets.WIN_SIGN_CERT_PASSWORD }}" + SM_CLIENT_CERT_FILE_B64: "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" + WIN_SIGN_CERT_SHA1_HASH: "${{ secrets.WIN_SIGN_CERT_SHA1_HASH }}" + + steps: + - name: Check Package Signing Enabled + shell: bash + id: check-pkg-sign + run: | + if [ "${{ inputs.sign-packages }}" == "true" ]; then + if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then + MSG="Secrets for signing packages are not available. The packages created will NOT be signed." + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "sign-pkgs=false" >> "$GITHUB_OUTPUT" + else + MSG="The packages created WILL be signed." + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "sign-pkgs=true" >> "$GITHUB_OUTPUT" + fi + else + MSG="The sign-packages input is false. The packages created will NOT be signed." + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "sign-pkgs=false" >> "$GITHUB_OUTPUT" + fi + + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: 3.9 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip + path: artifacts/ + + - name: Code signing with Software Trust Manager + if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }} + uses: digicert/ssm-code-signing@v0.0.2 + + - name: Setup Certificate + if: ${{ steps.check-pkg-sign.outputs.sign-pkgs == 'true' }} + shell: bash + run: | + echo "${{ secrets.WIN_SIGN_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 + + - name: Build Windows Packages + run: | + tools pkg build windows --onedir salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip ` + --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }} ${{ + steps.check-pkg-sign.outputs.sign-pkgs == 'true' && '--sign' || '' + }} + + - name: Upload ${{ matrix.arch }} Packages + uses: actions/upload-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-NSIS + path: pkg/windows/build/Salt-*.exe + retention-days: 7 + if-no-files-found: error + + - name: Upload ${{ matrix.arch }} MSI Package + uses: actions/upload-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-MSI + path: pkg/windows/build/Salt-*.msi + retention-days: 7 + if-no-files-found: error diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000000..a18e21fcc5d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,1384 @@ +# Do not edit these workflows directly as the changes made will be overwritten. +# Instead, edit the template '.github/workflows/templates/ci.yml.jinja' +--- +name: CI +run-name: "CI (${{ github.event_name == 'pull_request' && format('pr: #{0}', github.event.number) || format('{0}: {1}', startsWith(github.event.ref, 'refs/tags') && 'tag' || 'branch', github.ref_name) }})" +on: + push: {} + pull_request: {} + +env: + COLUMNS: 190 + CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + RELENV_DATA: "${{ github.workspace }}/.relenv" + +permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + +concurrency: + # Concurrency is defined in a way that concurrent builds against branches do + # not cancel previous builds. + # However, for every new build against the same pull request source branch, + # all older builds against that same branch get canceled. + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + + prepare-workflow: + name: Prepare Workflow Run + runs-on: ubuntu-latest + outputs: + jobs: ${{ steps.define-jobs.outputs.jobs }} + runners: ${{ steps.runner-types.outputs.runners }} + changed-files: ${{ steps.process-changed-files.outputs.changed-files }} + pull-labels: ${{ steps.get-pull-labels.outputs.labels }} + testrun: ${{ steps.define-testrun.outputs.testrun }} + salt-version: ${{ steps.setup-salt-version.outputs.salt-version }} + cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }} + latest-release: ${{ steps.get-salt-releases.outputs.latest-release }} + releases: ${{ steps.get-salt-releases.outputs.releases }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Full clone to also get the tags to get the right salt version + + - name: Get Changed Files + if: ${{ github.event_name == 'pull_request'}} + id: changed-files + uses: dorny/paths-filter@v2 + with: + token: ${{ github.token }} + list-files: json + filters: | + repo: + - added|modified: + - '**' + doc-requirements: + - added|modified: &doc_requirements + - requirements/static/ci/py3.*/docs.txt + lint-requirements: + - added|modified: &lint_requirements + - requirements/static/ci/py3.*/lint.txt + pkg_requirements: + - added|modified: &pkg_requirements + - requirements/static/pkg/py3.*/darwin.txt + - requirements/static/pkg/py3.*/linux.txt + - requirements/static/pkg/py3.*/freebsd.txt + - requirements/static/pkg/py3.*/windows.txt + test_requirements: + - added|modified: &test_requirements + - requirements/static/ci/py3.*/darwin.txt + - requirements/static/ci/py3.*/linux.txt + - requirements/static/ci/py3.*/freebsd.txt + - requirements/static/ci/py3.*/windows.txt + - requirements/static/ci/py3.*/darwin-crypto.txt + - requirements/static/ci/py3.*/linux-crypto.txt + - requirements/static/ci/py3.*/freebsd-crypto.txt + - requirements/static/ci/py3.*/windows-crypto.txt + deleted: + - deleted: + - '**' + docs: + - added|modified: + - doc/** + - *doc_requirements + workflows: + - added|modified: + - cicd/shared-gh-workflows-context.yml + - .github/actions/**/action.yml + - .github/workflows/*.yml + - .github/workflows/templates/*.yml.jinja2 + salt: + - added|modified: &salt_added_modified + - setup.py + - noxfile.py + - salt/**/*.py + - tasks/**/*.py + - tools/**/*.py + tests: + - added|modified: &tests_added_modified + - tests/**/*.py + lint: + - added|modified: + - .pylintrc + - *lint_requirements + golden_images: + - added|modified: + - cicd/golden-images.json + pkg_tests: + - added|modified: &pkg_tests_added_modified + - pkg/** + - *pkg_requirements + - *salt_added_modified + testrun: + - added|modified: + - *pkg_requirements + - *test_requirements + - *salt_added_modified + - *tests_added_modified + - *pkg_tests_added_modified + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Pretty Print The GH Actions Event + run: + tools ci print-gh-event + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "" + validate-version: true + + - name: Get Pull Number + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-number + uses: ./.github/actions/get-pull-number + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + sha: ${{ github.sha }} + pull-number: ${{ github.event.pull_request.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Request + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-request + uses: ./.github/actions/get-pull-request + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + pull-number: ${{ steps.get-pull-number.outputs.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Labels + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-labels + uses: ./.github/actions/get-pull-labels + with: + pull-request: ${{ steps.get-pull-request.outputs.pull-request }} + + - name: Write Changed Files To A Local File + run: + echo '${{ toJSON(steps.changed-files.outputs) }}' > changed-files.json + + - name: Check Local Changed Files Contents + if: ${{ github.event_name == 'pull_request' }} + run: + cat changed-files.json + + - name: Process Changed Files + id: process-changed-files + run: | + tools ci process-changed-files ${{ github.event_name }} changed-files.json + + - name: Check Collected Changed Files + if: ${{ github.event_name == 'pull_request' }} + run: | + echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' + + - name: Define Runner Types + id: runner-types + run: | + tools ci runner-types ${{ github.event_name }} + + - name: Check Defined Runners + run: | + echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' + + - name: Define Jobs + id: define-jobs + run: | + tools ci define-jobs ${{ github.event_name }} changed-files.json + + - name: Check Defined Jobs + run: | + echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' + + - name: Get Salt Releases + id: get-salt-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools ci get-releases + + - name: Check Salt Releases + run: | + echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.' + echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.' + + - name: Define Testrun + id: define-testrun + run: | + tools ci define-testrun ${{ github.event_name }} changed-files.json + + - name: Check Defined Test Run + run: | + echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' + + - name: Check Contents of generated testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + run: | + cat testrun-changed-files.txt || true + + - name: Upload testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + uses: actions/upload-artifact@v3 + with: + name: testrun-changed-files.txt + path: testrun-changed-files.txt + + - name: Set Cache Seed Output + id: set-cache-seed + run: | + echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT" + pre-commit: + name: Pre-Commit + if: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/pre-commit-action.yml + needs: + - prepare-workflow + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + pre-commit-version: "3.0.4" + + lint: + name: Lint + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['lint'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/lint-action.yml + needs: + - prepare-workflow + with: + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + + prepare-release: + name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}" + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['prepare-release'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + runs-on: + - ubuntu-latest + needs: + - prepare-workflow + steps: + - uses: actions/checkout@v3 + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Cache Python Tools Docs Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/docs + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }} + + - name: Cache Python Tools Changelog Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/changelog + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|changelog|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/changelog.txt') }} + + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Update Debian changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-deb --draft + tools changelog update-deb + + - name: Update RPM changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-rpm --draft + tools changelog update-rpm + + - name: Update Release Notes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-release-notes --draft + tools changelog update-release-notes + + - name: Generate MAN Pages + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + LATEST_RELEASE: "${{ needs.prepare-workflow.outputs.salt-version }}" + SALT_ON_SALTSTACK: "1" + run: | + tools docs man + + - name: Update Changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-changelog-md --draft + tools changelog update-changelog-md + + - name: Show Changes Diff + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git diff --color + + - name: Configure Git + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject-packaging@vmware.com + + - name: Setup Pre-Commit + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: ./.github/actions/setup-pre-commit + with: + version: "3.0.4" + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + + - name: Commit Changes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + SKIP: lint-salt,lint-tests + run: | + # Run it twice so that pre-commit can fix anything that can be automatically fixed. + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" || \ + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Create release changes patch + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git format-patch --keep-subject --binary --stdout HEAD^ > salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + + - name: Upload Changes Diff Artifact + uses: actions/upload-artifact@v3 + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + path: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + retention-days: 7 + if-no-files-found: error + + build-docs: + name: Documentation + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-docs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-source-tarball + uses: ./.github/workflows/build-docs.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-source-tarball: + name: Build Source Tarball + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-source-tarball'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - prepare-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Cache Python Tools Build Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/build + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|build|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/build.txt') }} + + - name: Build Source Tarball + uses: ./.github/actions/build-source-tarball + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deps-onedir: + name: Build Dependencies Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-onedir'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + uses: ./.github/workflows/build-deps-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-salt-onedir: + name: Build Salt Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-salt-onedir'] }} + needs: + - prepare-workflow + - build-deps-onedir + - build-source-tarball + uses: ./.github/workflows/build-salt-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-rpm-pkgs: + name: Build RPM Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-rpm-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deb-pkgs: + name: Build DEB Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-deb-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-windows-pkgs: + name: Build Windows Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-windows-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-macos-pkgs: + name: Build macOS Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-macos-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + amazonlinux-2-pkg-tests: + name: Amazon Linux 2 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: amazonlinux-2 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + centos-7-pkg-tests: + name: CentOS 7 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centos-7 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + centosstream-8-pkg-tests: + name: CentOS Stream 8 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-8 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + centosstream-9-pkg-tests: + name: CentOS Stream 9 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-9 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + debian-10-pkg-tests: + name: Debian 10 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-10 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + debian-11-pkg-tests: + name: Debian 11 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + debian-11-arm64-pkg-tests: + name: Debian 11 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + photonos-3-pkg-tests: + name: Photon OS 3 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-3 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + photonos-4-pkg-tests: + name: Photon OS 4 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-4 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2004-pkg-tests: + name: Ubuntu 20.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2004-arm64-pkg-tests: + name: Ubuntu 20.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2204-pkg-tests: + name: Ubuntu 22.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2204-arm64-pkg-tests: + name: Ubuntu 22.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + macos-12-pkg-tests: + name: macOS 12 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-macos-pkgs + uses: ./.github/workflows/test-packages-action-macos.yml + with: + distro-slug: macos-12 + platform: darwin + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: macos + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2016-nsis-pkg-tests: + name: Windows 2016 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2016-msi-pkg-tests: + name: Windows 2016 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2019-nsis-pkg-tests: + name: Windows 2019 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2019-msi-pkg-tests: + name: Windows 2019 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2022-nsis-pkg-tests: + name: Windows 2022 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2022-msi-pkg-tests: + name: Windows 2022 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2016: + name: Windows 2016 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2016 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2019: + name: Windows 2019 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2019 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + windows-2022: + name: Windows 2022 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2022 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + macos-12: + name: macOS 12 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action-macos.yml + with: + distro-slug: macos-12 + nox-session: ci-test-onedir + platform: darwin + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + almalinux-8: + name: Alma Linux 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + almalinux-9: + name: Alma Linux 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + amazonlinux-2: + name: Amazon Linux 2 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: amazonlinux-2 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + archlinux-lts: + name: Arch Linux LTS + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: archlinux-lts + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + centos-7: + name: CentOS 7 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centos-7 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + centosstream-8: + name: CentOS Stream 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + centosstream-9: + name: CentOS Stream 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + debian-10: + name: Debian 10 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-10 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + debian-11: + name: Debian 11 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + debian-11-arm64: + name: Debian 11 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + fedora-36: + name: Fedora 36 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-36 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + fedora-37: + name: Fedora 37 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-37 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + fedora-38: + name: Fedora 38 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-38 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + opensuse-15: + name: Opensuse 15 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: opensuse-15 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + photonos-3: + name: Photon OS 3 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-3 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + photonos-4: + name: Photon OS 4 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-4 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2004: + name: Ubuntu 20.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2004-arm64: + name: Ubuntu 20.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2204: + name: Ubuntu 22.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + ubuntu-2204-arm64: + name: Ubuntu 22.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: ${{ github.event_name == 'pull_request' }} + skip-junit-reports: ${{ github.event_name == 'pull_request' }} + + set-pipeline-exit-status: + # This step is just so we can make github require this step, to pass checks + # on a pull request instead of requiring all + name: Set the ${{ github.workflow }} Pipeline Exit Status + if: always() + runs-on: ubuntu-latest + needs: + - prepare-workflow + - pre-commit + - lint + - build-docs + - build-deps-onedir + - build-salt-onedir + - windows-2016 + - windows-2019 + - windows-2022 + - macos-12 + - almalinux-8 + - almalinux-9 + - amazonlinux-2 + - archlinux-lts + - centos-7 + - centosstream-8 + - centosstream-9 + - debian-10 + - debian-11 + - debian-11-arm64 + - fedora-36 + - fedora-37 + - fedora-38 + - opensuse-15 + - photonos-3 + - photonos-4 + - ubuntu-2004 + - ubuntu-2004-arm64 + - ubuntu-2204 + - ubuntu-2204-arm64 + - amazonlinux-2-pkg-tests + - centos-7-pkg-tests + - centosstream-8-pkg-tests + - centosstream-9-pkg-tests + - debian-10-pkg-tests + - debian-11-pkg-tests + - debian-11-arm64-pkg-tests + - photonos-3-pkg-tests + - photonos-4-pkg-tests + - ubuntu-2004-pkg-tests + - ubuntu-2004-arm64-pkg-tests + - ubuntu-2204-pkg-tests + - ubuntu-2204-arm64-pkg-tests + - macos-12-pkg-tests + - windows-2016-nsis-pkg-tests + - windows-2016-msi-pkg-tests + - windows-2019-nsis-pkg-tests + - windows-2019-msi-pkg-tests + - windows-2022-nsis-pkg-tests + - windows-2022-msi-pkg-tests + steps: + - name: Get workflow information + id: get-workflow-info + uses: technote-space/workflow-conclusion-action@v3 + + - name: Set Pipeline Exit Status + shell: bash + run: | + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + exit 1 + else + exit 0 + fi + + - name: Done + if: always() + run: + echo "All worflows finished" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml deleted file mode 100644 index 61b0f5b2d85..00000000000 --- a/.github/workflows/docs.yml +++ /dev/null @@ -1,116 +0,0 @@ -name: Docs - -on: [push, pull_request] - -jobs: - Salt: - name: Build Salt Documentation - runs-on: ubuntu-latest - - container: - image: python:3.8.6-slim-buster - - steps: - - - name: Install System Deps - run: | - echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list - apt-get update - apt-get install -y enchant git gcc imagemagick make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev xz-utils - apt-get install -y git/buster-backports - - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Install Nox - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - python -m pip install --upgrade pip - pip install nox - - - id: changed-files - name: Get Changed Files - uses: dorny/paths-filter@v2 - with: - token: ${{ github.token }} - list-files: json - filters: | - docs: - - doc/** - - - name: Install Python Requirements - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: - nox --install-only --forcecolor -e 'docs-html(compress=False, clean=True)' - - - name: Build Docs - env: - SKIP_REQUIREMENTS_INSTALL: YES - run: | - nox --forcecolor -e 'docs-html(compress=False, clean=True)' - - - name: Store Generated Documentation - uses: actions/upload-artifact@v2 - with: - name: salt-html-docs - path: doc/_build/html - - Manpages: - name: Build Salt man Pages - runs-on: ubuntu-latest - - container: - image: python:3.8.6-slim-buster - - steps: - - - name: Install System Deps - run: | - echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list - apt-get update - apt-get install -y enchant git gcc imagemagick make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev - apt-get install -y git/buster-backports - - - uses: actions/checkout@v2 - - - id: changed-files - name: Get Changed Files - uses: dorny/paths-filter@v2 - with: - token: ${{ github.token }} - list-files: json - filters: | - docs: - - doc/** - - - name: Install Nox - if: github.event_name == 'push' || steps.changed-files.outputs.docs == 'true' - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - python -m pip install --upgrade pip - pip install nox - - - name: Install Python Requirements - if: github.event_name == 'push' || steps.changed-files.outputs.docs == 'true' - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: - nox --install-only --forcecolor -e 'docs-man(compress=False, update=False, clean=True)' - - - name: Build Manpages - if: github.event_name == 'push' || steps.changed-files.outputs.docs == 'true' - env: - SKIP_REQUIREMENTS_INSTALL: YES - run: | - nox --forcecolor -e 'docs-man(compress=False, update=False, clean=True)' - - - name: Store Generated Documentation - if: github.event_name == 'push' || steps.changed-files.outputs.docs == 'true' - uses: actions/upload-artifact@v2 - with: - name: salt-man-pages - path: doc/_build/man diff --git a/.github/workflows/lint-action.yml b/.github/workflows/lint-action.yml new file mode 100644 index 00000000000..6e0df43e4d0 --- /dev/null +++ b/.github/workflows/lint-action.yml @@ -0,0 +1,100 @@ +--- +name: Lint + +on: + workflow_call: + inputs: + changed-files: + required: true + type: string + description: JSON string containing information about changed files + + +env: + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +jobs: + Salt: + name: Lint Salt's Source Code + runs-on: ubuntu-latest + if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['salt'] || fromJSON(inputs.changed-files)['lint'] }} + + container: + image: python:3.8-slim-buster + + steps: + - name: Install System Deps + run: | + echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list + apt-get update + apt-get install -y enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev + apt-get install -y git/buster-backports + + - uses: actions/checkout@v3 + + - name: Install Nox + run: | + python -m pip install --upgrade pip + pip install nox + + - name: Install Python Requirements + run: + nox --install-only --forcecolor -e lint-salt + + - name: Lint Changed Files + if: github.event_name == 'pull_request' && fromJSON(inputs.changed-files)['salt'] && ! fromJSON(inputs.changed-files)['lint'] + env: + SKIP_REQUIREMENTS_INSTALL: YES + run: | + nox --forcecolor -e lint-salt -- ${{ join(fromJSON(inputs.changed-files)['salt_files'], ' ') }} + + - name: Lint ALL Files + if: github.event_name != 'pull_request' || fromJSON(inputs.changed-files)['lint'] + env: + SKIP_REQUIREMENTS_INSTALL: YES + run: | + nox --forcecolor -e lint-salt + + + Tests: + name: Lint Salt's Test Suite + runs-on: ubuntu-latest + if: ${{ contains(fromJSON('["push", "schedule", "workflow_dispatch"]'), github.event_name) || fromJSON(inputs.changed-files)['tests'] || fromJSON(inputs.changed-files)['lint'] }} + + container: + image: python:3.8-slim-buster + + steps: + - name: Install System Deps + run: | + echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list + apt-get update + apt-get install -y enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev + apt-get install -y git/buster-backports + + - uses: actions/checkout@v3 + + - name: Install Nox + run: | + python -m pip install --upgrade pip + pip install nox + + - name: Install Python Requirements + run: + nox --install-only --forcecolor -e lint-tests + + - name: Lint Changed Files + if: github.event_name == 'pull_request' && fromJSON(inputs.changed-files)['tests'] && ! fromJSON(inputs.changed-files)['lint'] + env: + SKIP_REQUIREMENTS_INSTALL: YES + run: | + nox --forcecolor -e lint-tests -- ${{ join(fromJSON(inputs.changed-files)['tests_files'], ' ') }} + + - name: Lint ALL Files + if: github.event_name != 'pull_request' || fromJSON(inputs.changed-files)['lint'] + env: + SKIP_REQUIREMENTS_INSTALL: YES + run: | + nox --forcecolor -e lint-tests diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 112f2997902..00000000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,125 +0,0 @@ -name: Lint - -on: [push, pull_request] - -jobs: - Salt: - name: Lint Salt's Source Code - runs-on: ubuntu-latest - - container: - image: python:3.8.6-slim-buster - - steps: - - - name: Install System Deps - run: | - echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list - apt-get update - apt-get install -y enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev - apt-get install -y git/buster-backports - - - uses: actions/checkout@v2 - - - name: Install Nox - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - python -m pip install --upgrade pip - pip install nox - - - id: changed-files - name: Get Changed Files - uses: dorny/paths-filter@v2 - with: - token: ${{ github.token }} - list-files: json - filters: | - salt: - - added|modified: - - setup.py - - noxfile.py - - salt/**/*.py - - tasks/**/*.py - rcfile: - - added|modified: - - .pylintrc - - - name: Install Python Requirements - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: - nox --install-only --forcecolor -e lint-salt - - - name: Lint Changed Files - if: github.event_name == 'pull_request' && steps.changed-files.outputs.salt == 'true' - env: - SKIP_REQUIREMENTS_INSTALL: YES - run: | - nox --forcecolor -e lint-salt -- ${{ join(fromJSON(steps.changed-files.outputs.salt_files), ' ') }} - - - name: Lint ALL Files - if: steps.changed-files.outputs.salt == 'true' || steps.changed-files.outputs.rcfile == 'true' - env: - SKIP_REQUIREMENTS_INSTALL: YES - run: | - nox --forcecolor -e lint-salt - - Tests: - name: Lint Salt's Test Suite - runs-on: ubuntu-latest - - container: - image: python:3.8.6-slim-buster - - steps: - - - name: Install System Deps - run: | - echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list - apt-get update - apt-get install -y enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev - apt-get install -y git/buster-backports - - - uses: actions/checkout@v2 - - - name: Install Nox - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - python -m pip install --upgrade pip - pip install nox - - - id: changed-files - name: Get Changed Files - uses: dorny/paths-filter@v2 - with: - token: ${{ github.token }} - list-files: json - filters: | - tests: - - added|modified: - - tests/**/*.py - rcfile: - - added|modified: - - .pylintrc - - - name: Install Python Requirements - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: - nox --install-only --forcecolor -e lint-tests - - - name: Lint Changed Files - if: github.event_name == 'pull_request' && steps.changed-files.outputs.tests == 'true' - env: - SKIP_REQUIREMENTS_INSTALL: YES - run: | - nox --forcecolor -e lint-tests -- ${{ join(fromJSON(steps.changed-files.outputs.tests_files), ' ') }} - - - name: Lint ALL Files - if: steps.changed-files.outputs.tests == 'true' || steps.changed-files.outputs.rcfile == 'true' - env: - SKIP_REQUIREMENTS_INSTALL: YES - run: | - nox --forcecolor -e lint-tests diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 00000000000..8291efe30fa --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,2131 @@ +# Do not edit these workflows directly as the changes made will be overwritten. +# Instead, edit the template '.github/workflows/templates/nightly.yml.jinja' +--- + +name: Nightly +run-name: "Nightly (branch: ${{ github.ref_name }})" + +on: + workflow_dispatch: + inputs: + skip-salt-test-suite: + type: boolean + default: false + description: Skip running the Salt test suite. + skip-salt-pkg-test-suite: + type: boolean + default: false + description: Skip running the Salt packages test suite. + schedule: + # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule + - cron: '0 1 * * *' # Every day at 1AM + +env: + COLUMNS: 190 + CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + RELENV_DATA: "${{ github.workspace }}/.relenv" + +permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + actions: write # to trigger branch nightly builds + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: false + +jobs: + + workflow-requirements: + name: Check Workflow Requirements + runs-on: ubuntu-latest + outputs: + requirements-met: ${{ steps.check-requirements.outputs.requirements-met }} + steps: + - name: Check Requirements + id: check-requirements + run: | + if [ "${{ vars.RUN_SCHEDULED_BUILDS }}" = "1" ]; then + MSG="Running workflow because RUN_SCHEDULED_BUILDS=1" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=true" >> "${GITHUB_OUTPUT}" + elif [ "${{ github.event.repository.fork }}" = "true" ]; then + MSG="Not running workflow because ${{ github.repository }} is a fork" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=false" >> "${GITHUB_OUTPUT}" + else + MSG="Running workflow because ${{ github.repository }} is not a fork" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=true" >> "${GITHUB_OUTPUT}" + fi + + trigger-branch-nightly-builds: + name: Trigger Branch Workflows + if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }} + runs-on: + - ubuntu-latest + needs: + - workflow-requirements + steps: + - name: Trigger 3006.x branch + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh workflow run nightly.yml --repo ${{ github.repository }} --ref 3006.x + + prepare-workflow: + name: Prepare Workflow Run + runs-on: ubuntu-latest + if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }} + needs: + - workflow-requirements + outputs: + jobs: ${{ steps.define-jobs.outputs.jobs }} + runners: ${{ steps.runner-types.outputs.runners }} + changed-files: ${{ steps.process-changed-files.outputs.changed-files }} + pull-labels: ${{ steps.get-pull-labels.outputs.labels }} + testrun: ${{ steps.define-testrun.outputs.testrun }} + salt-version: ${{ steps.setup-salt-version.outputs.salt-version }} + cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }} + latest-release: ${{ steps.get-salt-releases.outputs.latest-release }} + releases: ${{ steps.get-salt-releases.outputs.releases }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Full clone to also get the tags to get the right salt version + + - name: Get Changed Files + if: ${{ github.event_name == 'pull_request'}} + id: changed-files + uses: dorny/paths-filter@v2 + with: + token: ${{ github.token }} + list-files: json + filters: | + repo: + - added|modified: + - '**' + doc-requirements: + - added|modified: &doc_requirements + - requirements/static/ci/py3.*/docs.txt + lint-requirements: + - added|modified: &lint_requirements + - requirements/static/ci/py3.*/lint.txt + pkg_requirements: + - added|modified: &pkg_requirements + - requirements/static/pkg/py3.*/darwin.txt + - requirements/static/pkg/py3.*/linux.txt + - requirements/static/pkg/py3.*/freebsd.txt + - requirements/static/pkg/py3.*/windows.txt + test_requirements: + - added|modified: &test_requirements + - requirements/static/ci/py3.*/darwin.txt + - requirements/static/ci/py3.*/linux.txt + - requirements/static/ci/py3.*/freebsd.txt + - requirements/static/ci/py3.*/windows.txt + - requirements/static/ci/py3.*/darwin-crypto.txt + - requirements/static/ci/py3.*/linux-crypto.txt + - requirements/static/ci/py3.*/freebsd-crypto.txt + - requirements/static/ci/py3.*/windows-crypto.txt + deleted: + - deleted: + - '**' + docs: + - added|modified: + - doc/** + - *doc_requirements + workflows: + - added|modified: + - cicd/shared-gh-workflows-context.yml + - .github/actions/**/action.yml + - .github/workflows/*.yml + - .github/workflows/templates/*.yml.jinja2 + salt: + - added|modified: &salt_added_modified + - setup.py + - noxfile.py + - salt/**/*.py + - tasks/**/*.py + - tools/**/*.py + tests: + - added|modified: &tests_added_modified + - tests/**/*.py + lint: + - added|modified: + - .pylintrc + - *lint_requirements + golden_images: + - added|modified: + - cicd/golden-images.json + pkg_tests: + - added|modified: &pkg_tests_added_modified + - pkg/** + - *pkg_requirements + - *salt_added_modified + testrun: + - added|modified: + - *pkg_requirements + - *test_requirements + - *salt_added_modified + - *tests_added_modified + - *pkg_tests_added_modified + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Pretty Print The GH Actions Event + run: + tools ci print-gh-event + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "" + validate-version: true + + - name: Get Pull Number + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-number + uses: ./.github/actions/get-pull-number + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + sha: ${{ github.sha }} + pull-number: ${{ github.event.pull_request.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Request + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-request + uses: ./.github/actions/get-pull-request + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + pull-number: ${{ steps.get-pull-number.outputs.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Labels + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-labels + uses: ./.github/actions/get-pull-labels + with: + pull-request: ${{ steps.get-pull-request.outputs.pull-request }} + + - name: Write Changed Files To A Local File + run: + echo '${{ toJSON(steps.changed-files.outputs) }}' > changed-files.json + + - name: Check Local Changed Files Contents + if: ${{ github.event_name == 'pull_request' }} + run: + cat changed-files.json + + - name: Process Changed Files + id: process-changed-files + run: | + tools ci process-changed-files ${{ github.event_name }} changed-files.json + + - name: Check Collected Changed Files + if: ${{ github.event_name == 'pull_request' }} + run: | + echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' + + - name: Define Runner Types + id: runner-types + run: | + tools ci runner-types ${{ github.event_name }} + + - name: Check Defined Runners + run: | + echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' + + - name: Define Jobs + id: define-jobs + run: | + tools ci define-jobs${{ inputs.skip-salt-test-suite && ' --skip-tests' || '' }}${{ inputs.skip-salt-pkg-test-suite && ' --skip-pkg-tests' || '' }} ${{ github.event_name }} changed-files.json + + - name: Check Defined Jobs + run: | + echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' + + - name: Get Salt Releases + id: get-salt-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools ci get-releases + + - name: Check Salt Releases + run: | + echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.' + echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.' + + - name: Define Testrun + id: define-testrun + run: | + tools ci define-testrun ${{ github.event_name }} changed-files.json + + - name: Check Defined Test Run + run: | + echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' + + - name: Check Contents of generated testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + run: | + cat testrun-changed-files.txt || true + + - name: Upload testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + uses: actions/upload-artifact@v3 + with: + name: testrun-changed-files.txt + path: testrun-changed-files.txt + + - name: Set Cache Seed Output + id: set-cache-seed + run: | + echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT" + pre-commit: + name: Pre-Commit + if: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/pre-commit-action.yml + needs: + - prepare-workflow + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + pre-commit-version: "3.0.4" + + lint: + name: Lint + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['lint'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/lint-action.yml + needs: + - prepare-workflow + with: + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + + prepare-release: + name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}" + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['prepare-release'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + runs-on: + - ubuntu-latest + needs: + - prepare-workflow + steps: + - uses: actions/checkout@v3 + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Cache Python Tools Docs Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/docs + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }} + + - name: Cache Python Tools Changelog Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/changelog + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|changelog|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/changelog.txt') }} + + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Update Debian changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-deb --draft + tools changelog update-deb + + - name: Update RPM changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-rpm --draft + tools changelog update-rpm + + - name: Update Release Notes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + if [ "${{ contains(fromJSON('["master"]'), github.ref_name) }}" == "true" ]; then + tools changelog update-release-notes --draft --next-release + tools changelog update-release-notes --next-release + else + tools changelog update-release-notes --draft + tools changelog update-release-notes + fi + + - name: Generate MAN Pages + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + LATEST_RELEASE: "${{ needs.prepare-workflow.outputs.salt-version }}" + SALT_ON_SALTSTACK: "1" + run: | + tools docs man + + - name: Update Changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-changelog-md --draft + tools changelog update-changelog-md + + - name: Show Changes Diff + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git diff --color + + - name: Configure Git + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject-packaging@vmware.com + + - name: Setup Pre-Commit + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: ./.github/actions/setup-pre-commit + with: + version: "3.0.4" + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + + - name: Commit Changes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + SKIP: lint-salt,lint-tests + run: | + # Run it twice so that pre-commit can fix anything that can be automatically fixed. + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" || \ + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Create release changes patch + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git format-patch --keep-subject --binary --stdout HEAD^ > salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + + - name: Upload Changes Diff Artifact + uses: actions/upload-artifact@v3 + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + path: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + retention-days: 7 + if-no-files-found: error + + build-docs: + name: Documentation + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-docs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-source-tarball + uses: ./.github/workflows/build-docs.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-source-tarball: + name: Build Source Tarball + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-source-tarball'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - prepare-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Cache Python Tools Build Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/build + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|build|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/build.txt') }} + + - name: Build Source Tarball + uses: ./.github/actions/build-source-tarball + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deps-onedir: + name: Build Dependencies Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-onedir'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + uses: ./.github/workflows/build-deps-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-salt-onedir: + name: Build Salt Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-salt-onedir'] }} + needs: + - prepare-workflow + - build-deps-onedir + - build-source-tarball + uses: ./.github/workflows/build-salt-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-rpm-pkgs: + name: Build RPM Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-rpm-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deb-pkgs: + name: Build DEB Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-deb-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-windows-pkgs: + name: Build Windows Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-windows-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: nightly + sign-packages: false + secrets: inherit + + build-macos-pkgs: + name: Build macOS Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-macos-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: nightly + sign-packages: true + secrets: inherit + + amazonlinux-2-pkg-tests: + name: Amazon Linux 2 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: amazonlinux-2 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + centos-7-pkg-tests: + name: CentOS 7 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centos-7 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + centosstream-8-pkg-tests: + name: CentOS Stream 8 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-8 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + centosstream-9-pkg-tests: + name: CentOS Stream 9 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-9 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + debian-10-pkg-tests: + name: Debian 10 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-10 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + debian-11-pkg-tests: + name: Debian 11 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + debian-11-arm64-pkg-tests: + name: Debian 11 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + photonos-3-pkg-tests: + name: Photon OS 3 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-3 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + photonos-4-pkg-tests: + name: Photon OS 4 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-4 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004-pkg-tests: + name: Ubuntu 20.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004-arm64-pkg-tests: + name: Ubuntu 20.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204-pkg-tests: + name: Ubuntu 22.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204-arm64-pkg-tests: + name: Ubuntu 22.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + macos-12-pkg-tests: + name: macOS 12 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-macos-pkgs + uses: ./.github/workflows/test-packages-action-macos.yml + with: + distro-slug: macos-12 + platform: darwin + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: macos + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2016-nsis-pkg-tests: + name: Windows 2016 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2016-msi-pkg-tests: + name: Windows 2016 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2019-nsis-pkg-tests: + name: Windows 2019 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2019-msi-pkg-tests: + name: Windows 2019 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2022-nsis-pkg-tests: + name: Windows 2022 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2022-msi-pkg-tests: + name: Windows 2022 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2016: + name: Windows 2016 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2016 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + windows-2019: + name: Windows 2019 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2019 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + windows-2022: + name: Windows 2022 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2022 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + macos-12: + name: macOS 12 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action-macos.yml + with: + distro-slug: macos-12 + nox-session: ci-test-onedir + platform: darwin + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + almalinux-8: + name: Alma Linux 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + almalinux-9: + name: Alma Linux 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + amazonlinux-2: + name: Amazon Linux 2 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: amazonlinux-2 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + archlinux-lts: + name: Arch Linux LTS + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: archlinux-lts + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + centos-7: + name: CentOS 7 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centos-7 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + centosstream-8: + name: CentOS Stream 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + centosstream-9: + name: CentOS Stream 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + debian-10: + name: Debian 10 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-10 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + debian-11: + name: Debian 11 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + debian-11-arm64: + name: Debian 11 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + fedora-36: + name: Fedora 36 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-36 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + fedora-37: + name: Fedora 37 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-37 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + fedora-38: + name: Fedora 38 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-38 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + opensuse-15: + name: Opensuse 15 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: opensuse-15 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + photonos-3: + name: Photon OS 3 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-3 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + photonos-4: + name: Photon OS 4 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-4 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004: + name: Ubuntu 20.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004-arm64: + name: Ubuntu 20.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204: + name: Ubuntu 22.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204-arm64: + name: Ubuntu 22.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + build-src-repo: + name: Build Source Repository + environment: nightly + runs-on: + - self-hosted + - linux + - repo-nightly + needs: + - prepare-workflow + - build-salt-onedir + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Source Tarball + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create src --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Copy Files For Source Only Artifact Uploads + run: | + mkdir artifacts/src + find artifacts/pkgs/repo -type f -print -exec cp {} artifacts/src \; + + - name: Upload Standalone Repository As An Artifact + uses: actions/upload-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-src-repo + path: | + artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.* + artifacts/src/*-GPG-* + retention-days: 7 + if-no-files-found: error + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: src-repo + + build-deb-repo: + name: Build DEB Repository + environment: nightly + runs-on: + - self-hosted + - linux + - repo-nightly + needs: + - prepare-workflow + - build-deb-pkgs + strategy: + fail-fast: false + matrix: + include: + - distro: debian + version: "10" + arch: x86_64 + - distro: debian + version: "10" + arch: aarch64 + - distro: debian + version: "11" + arch: x86_64 + - distro: debian + version: "11" + arch: aarch64 + - distro: ubuntu + version: "20.04" + arch: x86_64 + - distro: ubuntu + version: "20.04" + arch: aarch64 + - distro: ubuntu + version: "22.04" + arch: x86_64 + - distro: ubuntu + version: "22.04" + arch: aarch64 + + steps: + - uses: actions/checkout@v3 + + - name: Download System Dependencies + run: | + sudo apt update + sudo apt install -y devscripts apt-utils + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download DEB Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-deb + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create deb --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} --nightly-build-from=${{ github.ref_name }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo + + build-rpm-repo: + name: Build RPM Repository + environment: nightly + runs-on: + - self-hosted + - linux + - repo-nightly + needs: + - prepare-workflow + - build-rpm-pkgs + strategy: + fail-fast: false + matrix: + include: + - distro: amazon + version: "2" + arch: x86_64 + - distro: amazon + version: "2" + arch: aarch64 + - distro: redhat + version: "7" + arch: x86_64 + - distro: redhat + version: "7" + arch: aarch64 + - distro: redhat + version: "8" + arch: x86_64 + - distro: redhat + version: "8" + arch: aarch64 + - distro: redhat + version: "9" + arch: x86_64 + - distro: redhat + version: "9" + arch: aarch64 + - distro: fedora + version: "36" + arch: x86_64 + - distro: fedora + version: "36" + arch: aarch64 + - distro: fedora + version: "37" + arch: x86_64 + - distro: fedora + version: "37" + arch: aarch64 + - distro: fedora + version: "38" + arch: x86_64 + - distro: fedora + version: "38" + arch: aarch64 + - distro: photon + version: "3" + arch: x86_64 + - distro: photon + version: "3" + arch: aarch64 + - distro: photon + version: "4" + arch: x86_64 + - distro: photon + version: "4" + arch: aarch64 + + steps: + - uses: actions/checkout@v3 + + - name: Download System Dependencies + run: | + sudo apt update + sudo apt install -y rpm + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download RPM Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + env: + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo create rpm --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} --nightly-build-from=${{ github.ref_name }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo + + build-windows-repo: + name: Build Windows Repository + environment: nightly + runs-on: + - self-hosted + - linux + - repo-nightly + needs: + - prepare-workflow + - build-windows-pkgs + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Windows NSIS x86 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-NSIS + path: artifacts/pkgs/incoming + + - name: Download Windows MSI x86 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-MSI + path: artifacts/pkgs/incoming + + - name: Download Windows NSIS amd64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-NSIS + path: artifacts/pkgs/incoming + + - name: Download Windows MSI amd64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-MSI + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create windows --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: windows-repo + + build-macos-repo: + name: Build macOS Repository + environment: nightly + runs-on: + - self-hosted + - linux + - repo-nightly + needs: + - prepare-workflow + - build-macos-pkgs + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download macOS x86_64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86_64-macos + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create macos --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: macos-repo + + build-onedir-repo: + name: Build Onedir Repository + environment: nightly + runs-on: + - self-hosted + - linux + - repo-nightly + needs: + - prepare-workflow + - build-salt-onedir + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Linux x86_64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-x86_64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Linux aarch64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-aarch64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download macOS x86_64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-x86_64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive(zip) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.zip + path: artifacts/pkgs/incoming + + - name: Download Windows x86 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive(zip) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.zip + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create onedir --key-id=64CBBC8173D76B3F --nightly-build-from=${{ github.ref_name }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: onedir-repo + + publish-repositories: + name: Publish Repositories + if: ${{ always() && ! failure() && ! cancelled() }} + runs-on: + - self-hosted + - linux + - repo-nightly + environment: nightly + needs: + - prepare-workflow + - build-src-repo + - build-deb-repo + - build-rpm-repo + - build-windows-repo + - build-macos-repo + - build-onedir-repo + - windows-2016 + - windows-2019 + - windows-2022 + - macos-12 + - almalinux-8 + - almalinux-9 + - amazonlinux-2 + - archlinux-lts + - centos-7 + - centosstream-8 + - centosstream-9 + - debian-10 + - debian-11 + - debian-11-arm64 + - fedora-36 + - fedora-37 + - fedora-38 + - opensuse-15 + - photonos-3 + - photonos-4 + - ubuntu-2004 + - ubuntu-2004-arm64 + - ubuntu-2204 + - ubuntu-2204-arm64 + + steps: + - uses: actions/checkout@v3 + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Download Repository Artifact + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-nightly-repo + path: repo/ + + - name: Decompress Repository Artifacts + run: | + find repo/ -type f -name '*.tar.gz' -print -exec tar xvf {} \; + find repo/ -type f -name '*.tar.gz' -print -exec rm -f {} \; + + - name: Show Repository + run: | + tree -a artifacts/pkgs/repo/ + + - name: Upload Repository Contents (nightly) + env: + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo publish nightly --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} artifacts/pkgs/repo/ + + set-pipeline-exit-status: + # This step is just so we can make github require this step, to pass checks + # on a pull request instead of requiring all + name: Set the ${{ github.workflow }} Pipeline Exit Status + if: always() + runs-on: ubuntu-latest + needs: + - workflow-requirements + - trigger-branch-nightly-builds + - prepare-workflow + - pre-commit + - lint + - build-docs + - build-deps-onedir + - build-salt-onedir + - publish-repositories + - amazonlinux-2-pkg-tests + - centos-7-pkg-tests + - centosstream-8-pkg-tests + - centosstream-9-pkg-tests + - debian-10-pkg-tests + - debian-11-pkg-tests + - debian-11-arm64-pkg-tests + - photonos-3-pkg-tests + - photonos-4-pkg-tests + - ubuntu-2004-pkg-tests + - ubuntu-2004-arm64-pkg-tests + - ubuntu-2204-pkg-tests + - ubuntu-2204-arm64-pkg-tests + - macos-12-pkg-tests + - windows-2016-nsis-pkg-tests + - windows-2016-msi-pkg-tests + - windows-2019-nsis-pkg-tests + - windows-2019-msi-pkg-tests + - windows-2022-nsis-pkg-tests + - windows-2022-msi-pkg-tests + steps: + - name: Get workflow information + id: get-workflow-info + uses: technote-space/workflow-conclusion-action@v3 + + - name: Set Pipeline Exit Status + shell: bash + run: | + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + exit 1 + else + exit 0 + fi + + - name: Done + if: always() + run: + echo "All worflows finished" diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml deleted file mode 100644 index 14b6bfef056..00000000000 --- a/.github/workflows/pr-checks.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: PR Checks - -on: - pull_request_target: - types: [opened, synchronize] - -jobs: - - Check-Changed-Files-Docstrings: - name: Check Docstrings For Changed Files On PR - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 - with: - python-version: '3.9' - - - name: Install Dependencies - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - python -m pip install --upgrade pip - pip install pre-commit pygithub - - - name: Install Pre-Commit Hooks - run: | - pre-commit install --install-hooks - - - id: changed-files - name: Get Changed Files - uses: dorny/paths-filter@v2 - with: - token: ${{ github.token }} - list-files: json - filters: | - salt: - - added|modified: - - 'salt/**' - - - name: Check Docstrings For Changed Files On PR - id: check-known-missing-docstrings - if: github.event_name == 'pull_request_target' && steps.changed-files.outputs.salt == 'true' - continue-on-error: true - shell: bash - run: | - set -o pipefail - pre-commit run -v --hook-stage manual check-known-missing-docstrings --show-diff-on-failure --color=never --files ${{ join(fromJSON(steps.changed-files.outputs.salt_files), ' ') }} | tee output.txt - - - name: Comment on PR - # Comment on PRs if pre-commit triggered a failure - if: steps.check-known-missing-docstrings.outcome == 'failure' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - python .github/workflows/scripts/pr-docstring-comments.py \ - --org ${{ github.repository_owner }} \ - --repo ${{ github.event.repository.name }} \ - --issue ${{ github.event.number }} output.txt diff --git a/.github/workflows/pre-commit-action.yml b/.github/workflows/pre-commit-action.yml new file mode 100644 index 00000000000..41a3091619f --- /dev/null +++ b/.github/workflows/pre-commit-action.yml @@ -0,0 +1,68 @@ +--- +name: Pre-Commit + +on: + workflow_call: + inputs: + changed-files: + required: true + type: string + description: JSON string containing information about changed files + pre-commit-version: + required: true + type: string + description: The pre-commit version to install + cache-seed: + required: true + type: string + description: Seed used to invalidate caches + +jobs: + Pre-Commit: + name: Run Pre-Commit Against Salt + + runs-on: ubuntu-latest + + container: + image: python:3.10-slim-buster + + steps: + + - name: Install System Deps + run: | + echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list + apt-get update + apt-get install -y wget curl enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev + apt-get install -y git/buster-backports + + - uses: actions/checkout@v3 + - uses: ./.github/actions/setup-actionlint + with: + cache-seed: ${{ inputs.cache-seed }} + - uses: ./.github/actions/setup-shellcheck + with: + cache-seed: ${{ inputs.cache-seed }} + - uses: ./.github/actions/setup-pre-commit + with: + version: ${{ inputs.pre-commit-version }} + cache-seed: ${{ inputs.cache-seed }} + + - name: Check ALL Files On Branch + if: github.event_name != 'pull_request' + env: + SKIP: lint-salt,lint-tests,remove-import-headers,rstcheck + run: | + pre-commit run --show-diff-on-failure --color=always --all-files + + - name: Check Changed Files On PR + if: github.event_name == 'pull_request' && fromJSON(inputs.changed-files)['repo'] + env: + SKIP: lint-salt,lint-tests + GH_ACTIONS_ANNOTATE: "1" + run: | + pre-commit run --show-diff-on-failure --color=always --files ${{ join(fromJSON(inputs.changed-files)['repo_files'], ' ') }} + + - name: Check Docs On Deleted Files + if: github.event_name == 'pull_request' && fromJSON(inputs.changed-files)['deleted'] + run: | + pre-commit run --show-diff-on-failure --color=always check-docs --files ${{ join(fromJSON(inputs.changed-files)['deleted_files'], ' ') }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml deleted file mode 100644 index 49ca9de6df5..00000000000 --- a/.github/workflows/pre-commit.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Pre-Commit - -on: [push, pull_request] - -jobs: - Pre-Commit: - name: Run Pre-Commit Against Salt - - runs-on: ubuntu-latest - - container: - image: python:3.8.6-slim-buster - - steps: - - - name: Install System Deps - run: | - echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list - apt-get update - apt-get install -y enchant git gcc make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev - apt-get install -y git/buster-backports - - - uses: actions/checkout@v2 - - - name: Install Pre-Commit - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - python -m pip install --upgrade pip - pip install pre-commit - pre-commit install --install-hooks - - - id: changed-files - name: Get Changed Files - uses: dorny/paths-filter@v2 - with: - token: ${{ github.token }} - list-files: json - filters: | - repo: - - added|modified: - - '**' - deleted: - - deleted: - - '**' - - - name: Check ALL Files On Branch - if: github.event_name != 'pull_request' - env: - SKIP: lint-salt,lint-tests,remove-import-headers,rstcheck - run: | - pre-commit run --show-diff-on-failure --color=always --all-files - - - name: Check Changed Files On PR - if: github.event_name == 'pull_request' && steps.changed-files.outputs.repo == 'true' - env: - SKIP: lint-salt,lint-tests - run: | - pre-commit run --show-diff-on-failure --color=always --files ${{ join(fromJSON(steps.changed-files.outputs.repo_files), ' ') }} - - - name: Check Docs On Deleted Files - if: steps.changed-files.outputs.deleted == 'true' - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - pre-commit run --show-diff-on-failure --color=always check-docs --files ${{ join(fromJSON(steps.changed-files.outputs.deleted_files), ' ') }} diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml new file mode 100644 index 00000000000..b2ec9913fc6 --- /dev/null +++ b/.github/workflows/release-tag.yml @@ -0,0 +1,83 @@ +--- +name: Generate Tag and Github Release + +on: + workflow_dispatch: + inputs: + saltVersion: + description: 'Salt Version' + required: true + saltRepo: + description: 'Salt Repo' + default: saltstack/salt + saltBranch: + description: 'Salt Branch' + default: freeze + reTag: + description: 'Re Tag (Deletes tag and release)' + default: false + + +env: + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +permissions: + contents: read + +jobs: + GenerateTagRelease: + permissions: + contents: write # for dev-drprasad/delete-tag-and-release to delete tags or releases + name: Generate Tag and Github Release + runs-on: ubuntu-latest + steps: + - uses: dev-drprasad/delete-tag-and-release@v0.2.0 + if: github.event.inputs.reTag == 'true' + with: + delete_release: true # default: false + tag_name: v${{ github.event.inputs.saltVersion }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/checkout@v3 + with: + repository: ${{ github.event.inputs.saltRepo }} + ref: ${{ github.event.inputs.saltBranch }} + - name: Bump version and push tag + id: tag_version + uses: mathieudutour/github-tag-action@v5.6 + with: + create_annotated_tag: True + github_token: ${{ secrets.GITHUB_TOKEN }} + custom_tag: ${{ github.event.inputs.saltVersion }} + + - name: Set up Python 3.8 + uses: actions/setup-python@v4 + with: + python-version: 3.8 + + - uses: actions/checkout@v3 + - name: Install pypa/build + run: | + python -m pip install build --user + - name: Build a binary wheel and a source tarball + run: | + git fetch --tags origin + git checkout v${{ github.event.inputs.saltVersion }} + chmod 700 conf/cloud.*.d + chmod 600 conf/cloud + chmod 600 conf/cloud.profiles + chmod 600 conf/cloud.providers + python3 setup.py --ssh-packaging sdist + python -m build --sdist --outdir dist/ . + - name: Create a GitHub release + uses: ncipollo/release-action@v1 + with: + tag: ${{ steps.tag_version.outputs.new_tag }} + name: Release ${{ steps.tag_version.outputs.new_tag }} + body: | + WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information. + Official Salt packages can be found at https://repo.saltproject.io/ + artifacts: dist/salt*.tar.gz diff --git a/.github/workflows/release-update-winrepo.yml b/.github/workflows/release-update-winrepo.yml new file mode 100644 index 00000000000..91ce9df6f73 --- /dev/null +++ b/.github/workflows/release-update-winrepo.yml @@ -0,0 +1,71 @@ +--- +name: Update Winrepo + +on: + release: + types: [released] + workflow_dispatch: + inputs: + salt-version: + type: string + required: true + description: > + The Salt version to set prior to building packages and staging the release. + (DO NOT prefix the version with a v, ie, 3006.0 NOT v3006.0). + +permissions: + contents: read + +jobs: + update-winrepo: + name: Update Winrepo + runs-on: ubuntu-latest + steps: + + - name: Checkout Salt + uses: actions/checkout@v3 + with: + path: salt + + - name: Checkout WinRepo + uses: actions/checkout@v3 + with: + path: winrepo + repository: twangboy/salt-winrepo-ng + + - name: Set Up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Add Version to Minion Definition File + working-directory: salt + run: | + python .github/workflows/scripts/update_winrepo.py \ + --file ../winrepo/salt-minion.sls \ + --version ${{ inputs.salt-version || github.ref_name }} + + - name: Commit Changes + working-directory: winrepo + run: | + git status + git add . + git config user.name 'saltbot-open' + git config user.email 'saltbot-open@users.noreply.github.com' + git commit -m "Adding salt minion ${{ inputs.salt-version && format('v{0}', inputs.salt-version) || github.ref_name }}" + + - name: Create Pull Request + id: cpr + uses: peter-evans/create-pull-request@v4 + with: + path: winrepo + push-to-fork: saltbot-open/salt-winrepo-ng + token: ${{ secrets.SALTBOT_OPEN_SALT_WINREPO_NG }} + +# - name: Enable Pull Request Automerge +# if: steps.cpr.outputs.pull-request-operation == 'created' +# uses: peter-evans/enable-pull-request-automerge@v2 +# with: +# token: ${{ secrets.SALTBOT_OPEN_SALT_WINREPO_NG }} +# pull-request-number: ${{ steps.cpr.outputs.pull-request-number }} +# merge-method: squash diff --git a/.github/workflows/release-upload-virustotal.yml b/.github/workflows/release-upload-virustotal.yml new file mode 100644 index 00000000000..71594ac244e --- /dev/null +++ b/.github/workflows/release-upload-virustotal.yml @@ -0,0 +1,44 @@ +--- +name: Upload VirusTotal + +on: + release: + types: [released] + workflow_dispatch: + inputs: + salt-version: + type: string + required: true + description: > + The Salt version to get from staging to upload to VirusTotal. + (DO NOT prefix the version with a v, ie, 3006.0 NOT v3006.0). + +permissions: + contents: read + +jobs: + upload-virustotal: + name: Upload VirusTotal + environment: release + runs-on: + - self-hosted + - linux + - repo-release + steps: + + - name: Checkout Salt + uses: actions/checkout@v3 + + - name: Set Up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Upload to VirusTotal + env: + VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }} + run: | + tools release upload-virustotal ${{ inputs.salt-version || github.ref_name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..0dd338bdd8a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,1034 @@ +# Do not edit these workflows directly as the changes made will be overwritten. +# Instead, edit the template '.github/workflows/templates/release.yml.jinja' +--- + +name: Release +run-name: "Release (branch: ${{ github.ref_name }}; version: ${{ inputs.salt-version }})" + +on: + workflow_dispatch: + inputs: + salt-version: + type: string + required: true + description: > + The Salt version to get from staging to publish the release. + (DO NOT prefix the version with a v, ie, 3006.0 NOT v3006.0). + skip-salt-pkg-download-test-suite: + type: boolean + default: false + description: Skip running the Salt packages download test suite. + +env: + COLUMNS: 190 + CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + RELENV_DATA: "${{ github.workspace }}/.relenv" + +permissions: + contents: write # To be able to publish the release + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }} + cancel-in-progress: false + +jobs: + + check-requirements: + name: Check Requirements + runs-on: ubuntu-latest + environment: release-check + steps: + - name: Check For Admin Permission + uses: actions-cool/check-user-permission@v2 + with: + require: admin + username: ${{ github.triggering_actor }} + + - name: Check Branch + run: | + echo "Trying to run the staging workflow from branch ${{ github.ref_name }}" + if [ "${{ contains(fromJSON('["master", "3006.x"]'), github.ref_name) }}" != "true" ]; then + echo "Running the staging workflow from the ${{ github.ref_name }} branch is not allowed" + echo "Allowed branches: master, 3006.x" + exit 1 + else + echo "Allowed to release from branch ${{ github.ref_name }}" + fi + + prepare-workflow: + name: Prepare Workflow Run + runs-on: + - self-hosted + - linux + - repo-release + environment: release + needs: + - check-requirements + outputs: + salt-version: ${{ steps.setup-salt-version.outputs.salt-version }} + cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }} + latest-release: ${{ steps.get-salt-releases.outputs.latest-release }} + releases: ${{ steps.get-salt-releases.outputs.releases }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Full clone to also get the tags to get the right salt version + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Pretty Print The GH Actions Event + run: + tools ci print-gh-event + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + validate-version: true + + - name: Check Existing Releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }} + + - name: Check Release Staged + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools pkg repo confirm-staged --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }} + + - name: Get Salt Releases + id: get-salt-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools ci get-releases + + - name: Check Salt Releases + run: | + echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.' + echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.' + + - name: Set Cache Seed Output + id: set-cache-seed + run: | + echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT" + + download-onedir-artifact: + name: Download Staging Onedir Artifact + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + runs-on: + - self-hosted + - linux + - repo-release + environment: release + needs: + - prepare-workflow + strategy: + fail-fast: false + matrix: + include: + - platform: linux + arch: x86_64 + - platform: linux + arch: aarch64 + - platform: windows + arch: amd64 + - platform: windows + arch: x86 + - platform: darwin + arch: x86_64 + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Onedir Tarball Artifact + run: | + tools release download-onedir-artifact --platform=${{ matrix.platform }} --arch=${{ matrix.arch }} ${{ inputs.salt-version }} + + - name: Upload Onedir Tarball as an Artifact + uses: actions/upload-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-onedir-${{ matrix.platform }}-${{ matrix.arch }}.tar.xz + path: artifacts/salt-${{ inputs.salt-version }}-onedir-${{ matrix.platform }}-${{ matrix.arch }}.tar.xz* + retention-days: 7 + if-no-files-found: error + + backup: + name: Backup + runs-on: + - self-hosted + - linux + - repo-release + needs: + - prepare-workflow + environment: release + outputs: + backup-complete: ${{ steps.backup.outputs.backup-complete }} + + steps: + - name: Clone The Salt Repository + uses: actions/checkout@v3 + + - name: Setup Rclone + uses: AnimMouse/setup-rclone@v1 + with: + version: v1.61.1 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Backup Previous Releases + id: backup + run: | + tools pkg repo backup-previous-releases + + publish-repositories: + name: Publish Repositories + runs-on: + - self-hosted + - linux + - repo-release + needs: + - prepare-workflow + - backup + - download-onedir-artifact + environment: release + + steps: + - name: Clone The Salt Repository + uses: actions/checkout@v3 + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Publish Release Repository + env: + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo publish release ${{ needs.prepare-workflow.outputs.salt-version }} + + almalinux-8-pkg-download-tests: + name: Test Alma Linux 8 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-8 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + almalinux-8-arm64-pkg-download-tests: + name: Test Alma Linux 8 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-8-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + almalinux-9-pkg-download-tests: + name: Test Alma Linux 9 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-9 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + almalinux-9-arm64-pkg-download-tests: + name: Test Alma Linux 9 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-9-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + amazonlinux-2-pkg-download-tests: + name: Test Amazon Linux 2 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: amazonlinux-2 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + amazonlinux-2-arm64-pkg-download-tests: + name: Test Amazon Linux 2 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: amazonlinux-2-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centos-7-pkg-download-tests: + name: Test CentOS 7 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centos-7 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centos-7-arm64-pkg-download-tests: + name: Test CentOS 7 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centos-7-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-8-pkg-download-tests: + name: Test CentOS Stream 8 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-8 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-8-arm64-pkg-download-tests: + name: Test CentOS Stream 8 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-8-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-9-pkg-download-tests: + name: Test CentOS Stream 9 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-9 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-9-arm64-pkg-download-tests: + name: Test CentOS Stream 9 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-9-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + debian-10-pkg-download-tests: + name: Test Debian 10 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: debian-10 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + debian-11-pkg-download-tests: + name: Test Debian 11 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: debian-11 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + debian-11-arm64-pkg-download-tests: + name: Test Debian 11 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: debian-11-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-36-pkg-download-tests: + name: Test Fedora 36 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-36 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-36-arm64-pkg-download-tests: + name: Test Fedora 36 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-36-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-37-pkg-download-tests: + name: Test Fedora 37 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-37 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-37-arm64-pkg-download-tests: + name: Test Fedora 37 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-37-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-38-pkg-download-tests: + name: Test Fedora 38 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-38 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-38-arm64-pkg-download-tests: + name: Test Fedora 38 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-38-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + photonos-3-pkg-download-tests: + name: Test Photon OS 3 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: photonos-3 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + photonos-4-pkg-download-tests: + name: Test Photon OS 4 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: photonos-4 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2004-pkg-download-tests: + name: Test Ubuntu 20.04 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-20.04 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2004-arm64-pkg-download-tests: + name: Test Ubuntu 20.04 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-20.04-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2204-pkg-download-tests: + name: Test Ubuntu 22.04 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-22.04 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2204-arm64-pkg-download-tests: + name: Test Ubuntu 22.04 Arm64 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-22.04-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + macos-12-pkg-download-tests: + name: Test macOS 12 Package Downloads + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-macos.yml + with: + distro-slug: macos-12 + platform: darwin + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + windows-2022-nsis-amd64-pkg-download-tests: + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + name: Test Windows 2022 amd64 NSIS Package Downloads + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-windows.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + windows-2022-msi-amd64-pkg-download-tests: + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + name: Test Windows 2022 amd64 MSI Package Downloads + needs: + - prepare-workflow + - publish-repositories + - download-onedir-artifact + uses: ./.github/workflows/test-package-downloads-action-windows.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: release + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + release: + name: Release v${{ needs.prepare-workflow.outputs.salt-version }} + if: ${{ always() && ! failure() && ! cancelled() }} + runs-on: + - self-hosted + - linux + - repo-release + needs: + - prepare-workflow + - backup + - publish-repositories + - almalinux-8-pkg-download-tests + - almalinux-8-arm64-pkg-download-tests + - almalinux-9-pkg-download-tests + - almalinux-9-arm64-pkg-download-tests + - amazonlinux-2-pkg-download-tests + - amazonlinux-2-arm64-pkg-download-tests + - centos-7-pkg-download-tests + - centos-7-arm64-pkg-download-tests + - centosstream-8-pkg-download-tests + - centosstream-8-arm64-pkg-download-tests + - centosstream-9-pkg-download-tests + - centosstream-9-arm64-pkg-download-tests + - debian-10-pkg-download-tests + - debian-11-pkg-download-tests + - debian-11-arm64-pkg-download-tests + - fedora-36-pkg-download-tests + - fedora-36-arm64-pkg-download-tests + - fedora-37-pkg-download-tests + - fedora-37-arm64-pkg-download-tests + - fedora-38-pkg-download-tests + - fedora-38-arm64-pkg-download-tests + - photonos-3-pkg-download-tests + - photonos-4-pkg-download-tests + - ubuntu-2004-pkg-download-tests + - ubuntu-2004-arm64-pkg-download-tests + - ubuntu-2204-pkg-download-tests + - ubuntu-2204-arm64-pkg-download-tests + - macos-12-pkg-download-tests + - windows-2022-nsis-amd64-pkg-download-tests + - windows-2022-msi-amd64-pkg-download-tests + environment: release + steps: + - name: Clone The Salt Repository + uses: actions/checkout@v3 + with: + ssh-key: ${{ secrets.GHA_SSH_KEY }} + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + id: get-secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Prepare Release + id: prepare-release + run: | + tools pkg repo publish github --repository ${{ github.repository }} --key-id=64CBBC8173D76B3F ${{ needs.prepare-workflow.outputs.salt-version }} + + - name: Configure Git + shell: bash + run: | + git config --global --add safe.directory "$(pwd)" + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject-packaging@vmware.com + git config --global user.signingkey 64CBBC8173D76B3F + git config --global commit.gpgsign true + + - name: Apply The Release Patch + run: | + git am --committer-date-is-author-date release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + rm release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + + - name: Tag The v${{ needs.prepare-workflow.outputs.salt-version }} Release + run: | + git tag -m "Release v${{ needs.prepare-workflow.outputs.salt-version }}" -as v${{ needs.prepare-workflow.outputs.salt-version }} + + - name: Push Changes + uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839 + with: + ssh: true + tags: true + atomic: true + branch: ${{ github.ref }} + + - name: Create Github Release + uses: ncipollo/release-action@v1.12.0 + with: + artifactErrorsFailBuild: true + artifacts: ${{ steps.prepare-release.outputs.release-artifacts }} + bodyFile: ${{ steps.prepare-release.outputs.release-messsage-file }} + draft: false + generateReleaseNotes: false + makeLatest: fromJSON(${{ steps.prepare-release.outputs.make-latest }}) + name: v${{ needs.prepare-workflow.outputs.salt-version }} + prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }} + removeArtifacts: true + replacesArtifacts: true + tag: v${{ needs.prepare-workflow.outputs.salt-version }} + + - name: Upload PyPi Artifacts + uses: actions/upload-artifact@v3 + with: + name: pypi-artifacts + path: | + release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.asc + retention-days: 7 + if-no-files-found: error + + publish-pypi: + name: Publish to PyPi + if: ${{ always() && ! failure() && ! cancelled() && github.event.repository.fork != true }} + needs: + - prepare-workflow + - release + environment: release + runs-on: + - self-hosted + - linux + - repo-release + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + id: get-secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + TWINE_PASSWORD=$(aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/publishing/publish-pypi \ + --query SecretString --output text | jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "$SECRETS_KEY_FILE" -d -) + echo "::add-mask::$TWINE_PASSWORD" + echo "twine-password=$TWINE_PASSWORD" >> "${GITHUB_OUTPUT}" + + - name: Download PyPi Artifacts + uses: actions/download-artifact@v3 + with: + name: pypi-artifacts + path: artifacts/release + + - name: Publish to PyPi + env: + TWINE_PASSWORD: "${{ steps.get-secrets.outputs.twine-password }}" + run: | + tools pkg pypi-upload artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + + set-pipeline-exit-status: + # This step is just so we can make github require this step, to pass checks + # on a pull request instead of requiring all + name: Set the ${{ github.workflow }} Pipeline Exit Status + if: always() + runs-on: ubuntu-latest + needs: + - check-requirements + - prepare-workflow + - publish-repositories + - release + - publish-pypi + steps: + - name: Get workflow information + id: get-workflow-info + uses: technote-space/workflow-conclusion-action@v3 + + - run: | + # shellcheck disable=SC2129 + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + echo 'To restore the release bucket run:' >> "${GITHUB_STEP_SUMMARY}" + echo '```' >> "${GITHUB_STEP_SUMMARY}" + echo 'tools pkg repo restore-previous-releases' >> "${GITHUB_STEP_SUMMARY}" + echo '```' >> "${GITHUB_STEP_SUMMARY}" + fi + + - name: Set Pipeline Exit Status + shell: bash + run: | + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + exit 1 + else + exit 0 + fi + + - name: Done + if: always() + run: + echo "All worflows finished" diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 00000000000..fda566fbb3e --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,1429 @@ +# Do not edit these workflows directly as the changes made will be overwritten. +# Instead, edit the template '.github/workflows/templates/scheduled.yml.jinja' +--- + +name: Scheduled +run-name: "Scheduled (branch: ${{ github.ref_name }})" + +on: + schedule: + # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule + - cron: '0 */8 * * *' # Run every 8 hours + +env: + COLUMNS: 190 + CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + RELENV_DATA: "${{ github.workspace }}/.relenv" + +permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + actions: write # to trigger branch scheduled builds + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: false + +jobs: + + workflow-requirements: + name: Check Workflow Requirements + runs-on: ubuntu-latest + outputs: + requirements-met: ${{ steps.check-requirements.outputs.requirements-met }} + steps: + - name: Check Requirements + id: check-requirements + run: | + if [ "${{ vars.RUN_SCHEDULED_BUILDS }}" = "1" ]; then + MSG="Running workflow because RUN_SCHEDULED_BUILDS=1" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=true" >> "${GITHUB_OUTPUT}" + elif [ "${{ github.event.repository.fork }}" = "true" ]; then + MSG="Not running workflow because ${{ github.repository }} is a fork" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=false" >> "${GITHUB_OUTPUT}" + else + MSG="Running workflow because ${{ github.repository }} is not a fork" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=true" >> "${GITHUB_OUTPUT}" + fi + + trigger-branch-scheduled-builds: + name: Trigger Branch Workflows + if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }} + runs-on: + - ubuntu-latest + needs: + - workflow-requirements + steps: + - name: Trigger 3006.x branch + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh workflow run scheduled.yml --repo ${{ github.repository }} --ref 3006.x + + prepare-workflow: + name: Prepare Workflow Run + runs-on: ubuntu-latest + if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }} + needs: + - workflow-requirements + outputs: + jobs: ${{ steps.define-jobs.outputs.jobs }} + runners: ${{ steps.runner-types.outputs.runners }} + changed-files: ${{ steps.process-changed-files.outputs.changed-files }} + pull-labels: ${{ steps.get-pull-labels.outputs.labels }} + testrun: ${{ steps.define-testrun.outputs.testrun }} + salt-version: ${{ steps.setup-salt-version.outputs.salt-version }} + cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }} + latest-release: ${{ steps.get-salt-releases.outputs.latest-release }} + releases: ${{ steps.get-salt-releases.outputs.releases }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Full clone to also get the tags to get the right salt version + + - name: Get Changed Files + if: ${{ github.event_name == 'pull_request'}} + id: changed-files + uses: dorny/paths-filter@v2 + with: + token: ${{ github.token }} + list-files: json + filters: | + repo: + - added|modified: + - '**' + doc-requirements: + - added|modified: &doc_requirements + - requirements/static/ci/py3.*/docs.txt + lint-requirements: + - added|modified: &lint_requirements + - requirements/static/ci/py3.*/lint.txt + pkg_requirements: + - added|modified: &pkg_requirements + - requirements/static/pkg/py3.*/darwin.txt + - requirements/static/pkg/py3.*/linux.txt + - requirements/static/pkg/py3.*/freebsd.txt + - requirements/static/pkg/py3.*/windows.txt + test_requirements: + - added|modified: &test_requirements + - requirements/static/ci/py3.*/darwin.txt + - requirements/static/ci/py3.*/linux.txt + - requirements/static/ci/py3.*/freebsd.txt + - requirements/static/ci/py3.*/windows.txt + - requirements/static/ci/py3.*/darwin-crypto.txt + - requirements/static/ci/py3.*/linux-crypto.txt + - requirements/static/ci/py3.*/freebsd-crypto.txt + - requirements/static/ci/py3.*/windows-crypto.txt + deleted: + - deleted: + - '**' + docs: + - added|modified: + - doc/** + - *doc_requirements + workflows: + - added|modified: + - cicd/shared-gh-workflows-context.yml + - .github/actions/**/action.yml + - .github/workflows/*.yml + - .github/workflows/templates/*.yml.jinja2 + salt: + - added|modified: &salt_added_modified + - setup.py + - noxfile.py + - salt/**/*.py + - tasks/**/*.py + - tools/**/*.py + tests: + - added|modified: &tests_added_modified + - tests/**/*.py + lint: + - added|modified: + - .pylintrc + - *lint_requirements + golden_images: + - added|modified: + - cicd/golden-images.json + pkg_tests: + - added|modified: &pkg_tests_added_modified + - pkg/** + - *pkg_requirements + - *salt_added_modified + testrun: + - added|modified: + - *pkg_requirements + - *test_requirements + - *salt_added_modified + - *tests_added_modified + - *pkg_tests_added_modified + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Pretty Print The GH Actions Event + run: + tools ci print-gh-event + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "" + validate-version: true + + - name: Get Pull Number + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-number + uses: ./.github/actions/get-pull-number + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + sha: ${{ github.sha }} + pull-number: ${{ github.event.pull_request.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Request + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-request + uses: ./.github/actions/get-pull-request + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + pull-number: ${{ steps.get-pull-number.outputs.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Labels + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-labels + uses: ./.github/actions/get-pull-labels + with: + pull-request: ${{ steps.get-pull-request.outputs.pull-request }} + + - name: Write Changed Files To A Local File + run: + echo '${{ toJSON(steps.changed-files.outputs) }}' > changed-files.json + + - name: Check Local Changed Files Contents + if: ${{ github.event_name == 'pull_request' }} + run: + cat changed-files.json + + - name: Process Changed Files + id: process-changed-files + run: | + tools ci process-changed-files ${{ github.event_name }} changed-files.json + + - name: Check Collected Changed Files + if: ${{ github.event_name == 'pull_request' }} + run: | + echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' + + - name: Define Runner Types + id: runner-types + run: | + tools ci runner-types ${{ github.event_name }} + + - name: Check Defined Runners + run: | + echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' + + - name: Define Jobs + id: define-jobs + run: | + tools ci define-jobs ${{ github.event_name }} changed-files.json + + - name: Check Defined Jobs + run: | + echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' + + - name: Get Salt Releases + id: get-salt-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools ci get-releases + + - name: Check Salt Releases + run: | + echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.' + echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.' + + - name: Define Testrun + id: define-testrun + run: | + tools ci define-testrun ${{ github.event_name }} changed-files.json + + - name: Check Defined Test Run + run: | + echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' + + - name: Check Contents of generated testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + run: | + cat testrun-changed-files.txt || true + + - name: Upload testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + uses: actions/upload-artifact@v3 + with: + name: testrun-changed-files.txt + path: testrun-changed-files.txt + + - name: Set Cache Seed Output + id: set-cache-seed + run: | + echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT" + pre-commit: + name: Pre-Commit + if: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/pre-commit-action.yml + needs: + - prepare-workflow + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + pre-commit-version: "3.0.4" + + lint: + name: Lint + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['lint'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/lint-action.yml + needs: + - prepare-workflow + with: + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + + prepare-release: + name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}" + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['prepare-release'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + runs-on: + - ubuntu-latest + needs: + - prepare-workflow + steps: + - uses: actions/checkout@v3 + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Cache Python Tools Docs Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/docs + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }} + + - name: Cache Python Tools Changelog Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/changelog + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|changelog|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/changelog.txt') }} + + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Update Debian changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-deb --draft + tools changelog update-deb + + - name: Update RPM changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-rpm --draft + tools changelog update-rpm + + - name: Update Release Notes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-release-notes --draft + tools changelog update-release-notes + + - name: Generate MAN Pages + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + LATEST_RELEASE: "${{ needs.prepare-workflow.outputs.salt-version }}" + SALT_ON_SALTSTACK: "1" + run: | + tools docs man + + - name: Update Changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-changelog-md --draft + tools changelog update-changelog-md + + - name: Show Changes Diff + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git diff --color + + - name: Configure Git + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject-packaging@vmware.com + + - name: Setup Pre-Commit + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: ./.github/actions/setup-pre-commit + with: + version: "3.0.4" + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + + - name: Commit Changes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + SKIP: lint-salt,lint-tests + run: | + # Run it twice so that pre-commit can fix anything that can be automatically fixed. + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" || \ + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Create release changes patch + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git format-patch --keep-subject --binary --stdout HEAD^ > salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + + - name: Upload Changes Diff Artifact + uses: actions/upload-artifact@v3 + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + path: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + retention-days: 7 + if-no-files-found: error + + build-docs: + name: Documentation + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-docs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-source-tarball + uses: ./.github/workflows/build-docs.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-source-tarball: + name: Build Source Tarball + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-source-tarball'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - prepare-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Cache Python Tools Build Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/build + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|build|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/build.txt') }} + + - name: Build Source Tarball + uses: ./.github/actions/build-source-tarball + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deps-onedir: + name: Build Dependencies Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-onedir'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + uses: ./.github/workflows/build-deps-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-salt-onedir: + name: Build Salt Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-salt-onedir'] }} + needs: + - prepare-workflow + - build-deps-onedir + - build-source-tarball + uses: ./.github/workflows/build-salt-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-rpm-pkgs: + name: Build RPM Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-rpm-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deb-pkgs: + name: Build DEB Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-deb-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-windows-pkgs: + name: Build Windows Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-windows-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-macos-pkgs: + name: Build macOS Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-macos-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + amazonlinux-2-pkg-tests: + name: Amazon Linux 2 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: amazonlinux-2 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + centos-7-pkg-tests: + name: CentOS 7 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centos-7 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + centosstream-8-pkg-tests: + name: CentOS Stream 8 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-8 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + centosstream-9-pkg-tests: + name: CentOS Stream 9 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-9 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + debian-10-pkg-tests: + name: Debian 10 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-10 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + debian-11-pkg-tests: + name: Debian 11 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + debian-11-arm64-pkg-tests: + name: Debian 11 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + photonos-3-pkg-tests: + name: Photon OS 3 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-3 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + photonos-4-pkg-tests: + name: Photon OS 4 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-4 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004-pkg-tests: + name: Ubuntu 20.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004-arm64-pkg-tests: + name: Ubuntu 20.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204-pkg-tests: + name: Ubuntu 22.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204-arm64-pkg-tests: + name: Ubuntu 22.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + macos-12-pkg-tests: + name: macOS 12 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-macos-pkgs + uses: ./.github/workflows/test-packages-action-macos.yml + with: + distro-slug: macos-12 + platform: darwin + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: macos + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2016-nsis-pkg-tests: + name: Windows 2016 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2016-msi-pkg-tests: + name: Windows 2016 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2019-nsis-pkg-tests: + name: Windows 2019 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2019-msi-pkg-tests: + name: Windows 2019 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2022-nsis-pkg-tests: + name: Windows 2022 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2022-msi-pkg-tests: + name: Windows 2022 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: false + skip-junit-reports: false + + windows-2016: + name: Windows 2016 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2016 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + windows-2019: + name: Windows 2019 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2019 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + windows-2022: + name: Windows 2022 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2022 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + macos-12: + name: macOS 12 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action-macos.yml + with: + distro-slug: macos-12 + nox-session: ci-test-onedir + platform: darwin + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + almalinux-8: + name: Alma Linux 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + almalinux-9: + name: Alma Linux 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + amazonlinux-2: + name: Amazon Linux 2 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: amazonlinux-2 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + archlinux-lts: + name: Arch Linux LTS + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: archlinux-lts + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + centos-7: + name: CentOS 7 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centos-7 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + centosstream-8: + name: CentOS Stream 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + centosstream-9: + name: CentOS Stream 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + debian-10: + name: Debian 10 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-10 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + debian-11: + name: Debian 11 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + debian-11-arm64: + name: Debian 11 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + fedora-36: + name: Fedora 36 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-36 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + fedora-37: + name: Fedora 37 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-37 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + fedora-38: + name: Fedora 38 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-38 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + opensuse-15: + name: Opensuse 15 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: opensuse-15 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + photonos-3: + name: Photon OS 3 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-3 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + photonos-4: + name: Photon OS 4 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-4 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004: + name: Ubuntu 20.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2004-arm64: + name: Ubuntu 20.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204: + name: Ubuntu 22.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + ubuntu-2204-arm64: + name: Ubuntu 22.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: false + skip-junit-reports: false + + set-pipeline-exit-status: + # This step is just so we can make github require this step, to pass checks + # on a pull request instead of requiring all + name: Set the ${{ github.workflow }} Pipeline Exit Status + if: always() + runs-on: ubuntu-latest + needs: + - workflow-requirements + - trigger-branch-scheduled-builds + - prepare-workflow + - pre-commit + - lint + - build-docs + - build-deps-onedir + - build-salt-onedir + - windows-2016 + - windows-2019 + - windows-2022 + - macos-12 + - almalinux-8 + - almalinux-9 + - amazonlinux-2 + - archlinux-lts + - centos-7 + - centosstream-8 + - centosstream-9 + - debian-10 + - debian-11 + - debian-11-arm64 + - fedora-36 + - fedora-37 + - fedora-38 + - opensuse-15 + - photonos-3 + - photonos-4 + - ubuntu-2004 + - ubuntu-2004-arm64 + - ubuntu-2204 + - ubuntu-2204-arm64 + - amazonlinux-2-pkg-tests + - centos-7-pkg-tests + - centosstream-8-pkg-tests + - centosstream-9-pkg-tests + - debian-10-pkg-tests + - debian-11-pkg-tests + - debian-11-arm64-pkg-tests + - photonos-3-pkg-tests + - photonos-4-pkg-tests + - ubuntu-2004-pkg-tests + - ubuntu-2004-arm64-pkg-tests + - ubuntu-2204-pkg-tests + - ubuntu-2204-arm64-pkg-tests + - macos-12-pkg-tests + - windows-2016-nsis-pkg-tests + - windows-2016-msi-pkg-tests + - windows-2019-nsis-pkg-tests + - windows-2019-msi-pkg-tests + - windows-2022-nsis-pkg-tests + - windows-2022-msi-pkg-tests + steps: + - name: Get workflow information + id: get-workflow-info + uses: technote-space/workflow-conclusion-action@v3 + + - name: Set Pipeline Exit Status + shell: bash + run: | + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + exit 1 + else + exit 0 + fi + + - name: Done + if: always() + run: + echo "All worflows finished" diff --git a/.github/workflows/scripts/pr-docstring-comments.py b/.github/workflows/scripts/pr-docstring-comments.py deleted file mode 100644 index efe099e8d0d..00000000000 --- a/.github/workflows/scripts/pr-docstring-comments.py +++ /dev/null @@ -1,120 +0,0 @@ -import argparse -import os -import pathlib -import sys - -import github -from github.GithubException import GithubException - -COMMENT_HEADER = "### Hi! I'm your friendly PR bot!" -COMMENT_TEMPLATE = """\ -{comment_header} - -You might be wondering what I'm doing commenting here on your PR. - -**Yes, as a matter of fact, I am...** - -I'm just here to help us improve the documentation. I can't respond to -questions or anything, but what I *can* do, I do well! - -**Okay... so what do you do?** - -I detect modules that are missing docstrings or "CLI Example" on existing docstrings! -When I was created we had a *lot* of these. The documentation for these -modules need some love and attention to make Salt better for our users. - -**So what does that have to do with my PR?** - -I noticed that in this PR there are some files changed that have some of these -issues. So I'm leaving this comment to let you know your options. - -**Okay, what are they?** - -Well, my favorite, is that since you were making changes here I'm hoping that -you would be the most familiar with this module and be able to add some other -examples or fix any of the reported issues. - -**If I can, then what?** - -Well, you can either add them to this PR or add them to another PR. Either way is fine! - -**Well... what if I can't, or don't want to?** - -That's also fine! We appreciate *all* contributions to the Salt Project. If you -can't add those other examples, either because you're too busy, or unfamiliar, -or you just aren't interested, we still appreciate the contributions that -you've made already. - -Whatever approach you decide to take, just drop a comment here letting us know! - -
-Detected Issues (click me) -
{issues_output}
-
- ---- - -Thanks again! -""" - - -def delete_previous_comments(pr, created_comment_id): - for comment in pr.get_issue_comments(): - if comment.user.login != "github-actions[bot]": - # Not a comment made by this bot - continue - if comment.id == created_comment_id: - # This is the comment we have just created - continue - if not comment.body.startswith(COMMENT_HEADER): - # This comment does not start with our header - continue - # We have a match, delete it - print(f"Deleting previous comment {comment}") - comment.delete() - - -def comment_on_pr(options, issues_output): - gh = github.Github(os.environ["GITHUB_TOKEN"]) - org = gh.get_organization(options.org) - print(f"Loaded Organization: {org.login}", file=sys.stderr, flush=True) - repo = org.get_repo(options.repo) - print(f"Loaded Repository: {repo.full_name}", file=sys.stderr, flush=True) - pr = repo.get_pull(options.issue) - print(f"Loaded PR: {pr}", file=sys.stderr, flush=True) - comment = pr.create_issue_comment( - COMMENT_TEMPLATE.format( - comment_header=COMMENT_HEADER, issues_output=issues_output - ) - ) - print(f"Created Comment: {comment}") - delete_previous_comments(pr, comment.id) - - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument("--org", required=True, help="The Github Organization") - parser.add_argument("--repo", required=True, help="The Organization Repository") - parser.add_argument("--issue", required=True, type=int, help="The issue number") - parser.add_argument( - "issues_output_path", metavar="ISSUES_OUTPUT_PATH", type=pathlib.Path - ) - - if not os.environ.get("GITHUB_TOKEN"): - parser.exit(status=1, message="GITHUB_TOKEN environment variable not set") - - options = parser.parse_args() - if not options.issues_output_path.is_file(): - parser.exit(1, message=f"The path {options.issues_output_path} is not a file") - issues_output = options.issues_output_path.read_text().strip() - if not issues_output: - parser.exit(1, message=f"The file {options.issues_output_path} is empty") - try: - comment_on_pr(options, issues_output) - parser.exit(0) - except GithubException as exc: - parser.exit(1, message=str(exc)) - - -if __name__ == "__main__": - main() diff --git a/.github/workflows/scripts/update_winrepo.py b/.github/workflows/scripts/update_winrepo.py new file mode 100644 index 00000000000..b12d6558a4d --- /dev/null +++ b/.github/workflows/scripts/update_winrepo.py @@ -0,0 +1,31 @@ +import argparse +import os + +# Where are we +print(os.getcwd()) + +arg_parser = argparse.ArgumentParser() +arg_parser.add_argument("-f", "--file", help="the winrepo file to edit") +arg_parser.add_argument("-v", "--version", help="The version to add") + +args = arg_parser.parse_args() +file = args.file +version = args.version + +if version.startswith("v"): + version = version[1:] + +with open(file) as f: + current_contents = f.readlines() + +new_contents = [] + +added = False +for line in current_contents: + new_contents.append(line) + if "for version in [" in line and not added: + new_contents.append(f" '{version}',\n") + added = True + +with open(file, "w") as f: + f.writelines(new_contents) diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 00000000000..53f5fd62454 --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,2820 @@ +# Do not edit these workflows directly as the changes made will be overwritten. +# Instead, edit the template '.github/workflows/templates/staging.yml.jinja' +--- + +name: Stage Release +run-name: "Stage Release (branch: ${{ github.ref_name }}; version: ${{ inputs.salt-version }})" + +on: + workflow_dispatch: + inputs: + salt-version: + type: string + required: true + description: > + The Salt version to set prior to building packages and staging the release. + (DO NOT prefix the version with a v, ie, 3006.0 NOT v3006.0). + sign-windows-packages: + type: boolean + default: false + description: Sign Windows Packages + skip-salt-test-suite: + type: boolean + default: false + description: Skip running the Salt test suite. + skip-salt-pkg-test-suite: + type: boolean + default: false + description: Skip running the Salt packages test suite. + skip-salt-pkg-download-test-suite: + type: boolean + default: false + description: Skip running the Salt packages download test suite. + +env: + COLUMNS: 190 + CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + RELENV_DATA: "${{ github.workspace }}/.relenv" + +permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }} + cancel-in-progress: false + +jobs: + + check-requirements: + name: Check Requirements + runs-on: ubuntu-latest + environment: staging-check + steps: + - name: Check For Admin Permission + uses: actions-cool/check-user-permission@v2 + with: + require: admin + username: ${{ github.triggering_actor }} + + - name: Check Branch + run: | + echo "Trying to run the staging workflow from branch ${{ github.ref_name }}" + if [ "${{ contains(fromJSON('["master", "3006.x"]'), github.ref_name) }}" != "true" ]; then + echo "Running the staging workflow from the ${{ github.ref_name }} branch is not allowed" + echo "Allowed branches: master, 3006.x" + exit 1 + else + echo "Allowed to release from branch ${{ github.ref_name }}" + fi + + prepare-workflow: + name: Prepare Workflow Run + runs-on: ubuntu-latest + needs: + - check-requirements + outputs: + jobs: ${{ steps.define-jobs.outputs.jobs }} + runners: ${{ steps.runner-types.outputs.runners }} + changed-files: ${{ steps.process-changed-files.outputs.changed-files }} + pull-labels: ${{ steps.get-pull-labels.outputs.labels }} + testrun: ${{ steps.define-testrun.outputs.testrun }} + salt-version: ${{ steps.setup-salt-version.outputs.salt-version }} + cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }} + latest-release: ${{ steps.get-salt-releases.outputs.latest-release }} + releases: ${{ steps.get-salt-releases.outputs.releases }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Full clone to also get the tags to get the right salt version + + - name: Get Changed Files + if: ${{ github.event_name == 'pull_request'}} + id: changed-files + uses: dorny/paths-filter@v2 + with: + token: ${{ github.token }} + list-files: json + filters: | + repo: + - added|modified: + - '**' + doc-requirements: + - added|modified: &doc_requirements + - requirements/static/ci/py3.*/docs.txt + lint-requirements: + - added|modified: &lint_requirements + - requirements/static/ci/py3.*/lint.txt + pkg_requirements: + - added|modified: &pkg_requirements + - requirements/static/pkg/py3.*/darwin.txt + - requirements/static/pkg/py3.*/linux.txt + - requirements/static/pkg/py3.*/freebsd.txt + - requirements/static/pkg/py3.*/windows.txt + test_requirements: + - added|modified: &test_requirements + - requirements/static/ci/py3.*/darwin.txt + - requirements/static/ci/py3.*/linux.txt + - requirements/static/ci/py3.*/freebsd.txt + - requirements/static/ci/py3.*/windows.txt + - requirements/static/ci/py3.*/darwin-crypto.txt + - requirements/static/ci/py3.*/linux-crypto.txt + - requirements/static/ci/py3.*/freebsd-crypto.txt + - requirements/static/ci/py3.*/windows-crypto.txt + deleted: + - deleted: + - '**' + docs: + - added|modified: + - doc/** + - *doc_requirements + workflows: + - added|modified: + - cicd/shared-gh-workflows-context.yml + - .github/actions/**/action.yml + - .github/workflows/*.yml + - .github/workflows/templates/*.yml.jinja2 + salt: + - added|modified: &salt_added_modified + - setup.py + - noxfile.py + - salt/**/*.py + - tasks/**/*.py + - tools/**/*.py + tests: + - added|modified: &tests_added_modified + - tests/**/*.py + lint: + - added|modified: + - .pylintrc + - *lint_requirements + golden_images: + - added|modified: + - cicd/golden-images.json + pkg_tests: + - added|modified: &pkg_tests_added_modified + - pkg/** + - *pkg_requirements + - *salt_added_modified + testrun: + - added|modified: + - *pkg_requirements + - *test_requirements + - *salt_added_modified + - *tests_added_modified + - *pkg_tests_added_modified + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Pretty Print The GH Actions Event + run: + tools ci print-gh-event + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ inputs.salt-version }}" + validate-version: true + + - name: Get Pull Number + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-number + uses: ./.github/actions/get-pull-number + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + sha: ${{ github.sha }} + pull-number: ${{ github.event.pull_request.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Request + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-request + uses: ./.github/actions/get-pull-request + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + pull-number: ${{ steps.get-pull-number.outputs.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Labels + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-labels + uses: ./.github/actions/get-pull-labels + with: + pull-request: ${{ steps.get-pull-request.outputs.pull-request }} + + - name: Check Existing Releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }} + + - name: Write Changed Files To A Local File + run: + echo '${{ toJSON(steps.changed-files.outputs) }}' > changed-files.json + + - name: Check Local Changed Files Contents + if: ${{ github.event_name == 'pull_request' }} + run: + cat changed-files.json + + - name: Process Changed Files + id: process-changed-files + run: | + tools ci process-changed-files ${{ github.event_name }} changed-files.json + + - name: Check Collected Changed Files + if: ${{ github.event_name == 'pull_request' }} + run: | + echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' + + - name: Define Runner Types + id: runner-types + run: | + tools ci runner-types ${{ github.event_name }} + + - name: Check Defined Runners + run: | + echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' + + - name: Define Jobs + id: define-jobs + run: | + tools ci define-jobs${{ inputs.skip-salt-test-suite && ' --skip-tests' || '' }}${{ inputs.skip-salt-pkg-test-suite && ' --skip-pkg-tests' || '' }}${{ inputs.skip-salt-pkg-download-test-suite && ' --skip-pkg-download-tests' || '' }} ${{ github.event_name }} changed-files.json + + - name: Check Defined Jobs + run: | + echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' + + - name: Get Salt Releases + id: get-salt-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools ci get-releases + + - name: Check Salt Releases + run: | + echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.' + echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.' + + - name: Define Testrun + id: define-testrun + run: | + tools ci define-testrun ${{ github.event_name }} changed-files.json + + - name: Check Defined Test Run + run: | + echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' + + - name: Check Contents of generated testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + run: | + cat testrun-changed-files.txt || true + + - name: Upload testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + uses: actions/upload-artifact@v3 + with: + name: testrun-changed-files.txt + path: testrun-changed-files.txt + + - name: Set Cache Seed Output + id: set-cache-seed + run: | + echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT" + pre-commit: + name: Pre-Commit + if: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/pre-commit-action.yml + needs: + - prepare-workflow + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + pre-commit-version: "3.0.4" + + lint: + name: Lint + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['lint'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/lint-action.yml + needs: + - prepare-workflow + with: + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + + prepare-release: + name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}" + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['prepare-release'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + runs-on: + - self-hosted + - linux + - medium + - x86_64 + needs: + - prepare-workflow + steps: + - uses: actions/checkout@v3 + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Cache Python Tools Docs Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/docs + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }} + + - name: Cache Python Tools Changelog Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/changelog + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|changelog|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/changelog.txt') }} + + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + release: true + + - name: Update Debian changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-deb --draft + tools changelog update-deb + + - name: Update RPM changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-rpm --draft + tools changelog update-rpm + + - name: Update Release Notes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-release-notes --draft --release + tools changelog update-release-notes --release + + - name: Generate MAN Pages + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + LATEST_RELEASE: "${{ needs.prepare-workflow.outputs.salt-version }}" + SALT_ON_SALTSTACK: "1" + run: | + tools docs man + + - name: Update Changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-changelog-md --draft + tools changelog update-changelog-md + + - name: Show Changes Diff + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git diff --color + + - name: Configure Git + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject-packaging@vmware.com + + - name: Setup Pre-Commit + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: ./.github/actions/setup-pre-commit + with: + version: "3.0.4" + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + + - name: Commit Changes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + SKIP: lint-salt,lint-tests + run: | + # Run it twice so that pre-commit can fix anything that can be automatically fixed. + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" || \ + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Create release changes patch + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git format-patch --keep-subject --binary --stdout HEAD^ > salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + + - name: Upload Changes Diff Artifact + uses: actions/upload-artifact@v3 + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + path: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + retention-days: 7 + if-no-files-found: error + + build-docs: + name: Documentation + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-docs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-source-tarball + uses: ./.github/workflows/build-docs.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-source-tarball: + name: Build Source Tarball + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-source-tarball'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - prepare-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Cache Python Tools Build Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/build + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|build|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/build.txt') }} + + - name: Build Source Tarball + uses: ./.github/actions/build-source-tarball + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deps-onedir: + name: Build Dependencies Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-deps-onedir'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + uses: ./.github/workflows/build-deps-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-salt-onedir: + name: Build Salt Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-salt-onedir'] }} + needs: + - prepare-workflow + - build-deps-onedir + - build-source-tarball + uses: ./.github/workflows/build-salt-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "0.12.3" + python-version-linux: "3.10.11" + python-version-macos: "3.10.11" + python-version-windows: "3.10.11" + + build-rpm-pkgs: + name: Build RPM Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-rpm-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-deb-pkgs: + name: Build DEB Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-deb-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + build-windows-pkgs: + name: Build Windows Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-windows-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + sign-packages: ${{ inputs.sign-windows-packages }} + secrets: inherit + + build-macos-pkgs: + name: Build macOS Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-macos-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + sign-packages: true + secrets: inherit + + amazonlinux-2-pkg-tests: + name: Amazon Linux 2 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: amazonlinux-2 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + centos-7-pkg-tests: + name: CentOS 7 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centos-7 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + centosstream-8-pkg-tests: + name: CentOS Stream 8 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-8 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + centosstream-9-pkg-tests: + name: CentOS Stream 9 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: centosstream-9 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + debian-10-pkg-tests: + name: Debian 10 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-10 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + debian-11-pkg-tests: + name: Debian 11 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + debian-11-arm64-pkg-tests: + name: Debian 11 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: debian-11-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + photonos-3-pkg-tests: + name: Photon OS 3 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-3 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + photonos-4-pkg-tests: + name: Photon OS 4 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-rpm-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: photonos-4 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: rpm + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2004-pkg-tests: + name: Ubuntu 20.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2004-arm64-pkg-tests: + name: Ubuntu 20.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2204-pkg-tests: + name: Ubuntu 22.04 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04 + platform: linux + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2204-arm64-pkg-tests: + name: Ubuntu 22.04 Arm64 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-deb-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + platform: linux + arch: aarch64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: deb + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + macos-12-pkg-tests: + name: macOS 12 Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-macos-pkgs + uses: ./.github/workflows/test-packages-action-macos.yml + with: + distro-slug: macos-12 + platform: darwin + arch: x86_64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: macos + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + windows-2016-nsis-pkg-tests: + name: Windows 2016 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + windows-2016-msi-pkg-tests: + name: Windows 2016 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2016 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + windows-2019-nsis-pkg-tests: + name: Windows 2019 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + windows-2019-msi-pkg-tests: + name: Windows 2019 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2019 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + windows-2022-nsis-pkg-tests: + name: Windows 2022 NSIS Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + windows-2022-msi-pkg-tests: + name: Windows 2022 MSI Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + skip-code-coverage: true + skip-junit-reports: true + + windows-2016: + name: Windows 2016 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2016 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + windows-2019: + name: Windows 2019 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2019 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + windows-2022: + name: Windows 2022 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: windows-2022 + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + macos-12: + name: macOS 12 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action-macos.yml + with: + distro-slug: macos-12 + nox-session: ci-test-onedir + platform: darwin + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + almalinux-8: + name: Alma Linux 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + almalinux-9: + name: Alma Linux 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: almalinux-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + amazonlinux-2: + name: Amazon Linux 2 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: amazonlinux-2 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + archlinux-lts: + name: Arch Linux LTS + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: archlinux-lts + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + centos-7: + name: CentOS 7 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centos-7 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + centosstream-8: + name: CentOS Stream 8 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-8 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + centosstream-9: + name: CentOS Stream 9 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: centosstream-9 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + debian-10: + name: Debian 10 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-10 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + debian-11: + name: Debian 11 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + debian-11-arm64: + name: Debian 11 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: debian-11-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + fedora-36: + name: Fedora 36 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-36 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + fedora-37: + name: Fedora 37 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-37 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + fedora-38: + name: Fedora 38 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: fedora-38 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + opensuse-15: + name: Opensuse 15 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: opensuse-15 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + photonos-3: + name: Photon OS 3 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-3 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + photonos-4: + name: Photon OS 4 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: photonos-4 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2004: + name: Ubuntu 20.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2004-arm64: + name: Ubuntu 20.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-20.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2204: + name: Ubuntu 22.04 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04 + nox-session: ci-test-onedir + platform: linux + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + ubuntu-2204-arm64: + name: Ubuntu 22.04 Arm64 + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: ubuntu-22.04-arm64 + nox-session: ci-test-onedir + platform: linux + arch: aarch64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: true + skip-junit-reports: true + + build-src-repo: + name: Build Source Repository + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + needs: + - prepare-workflow + - build-salt-onedir + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Source Tarball + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create src --key-id=64CBBC8173D76B3F \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Copy Files For Source Only Artifact Uploads + run: | + mkdir artifacts/src + find artifacts/pkgs/repo -type f -print -exec cp {} artifacts/src \; + + - name: Upload Standalone Repository As An Artifact + uses: actions/upload-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-src-repo + path: | + artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.* + artifacts/src/*-GPG-* + retention-days: 7 + if-no-files-found: error + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: src-repo + + build-deb-repo: + name: Build DEB Repository + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + needs: + - prepare-workflow + - build-deb-pkgs + strategy: + fail-fast: false + matrix: + include: + - distro: debian + version: "10" + arch: x86_64 + - distro: debian + version: "10" + arch: aarch64 + - distro: debian + version: "11" + arch: x86_64 + - distro: debian + version: "11" + arch: aarch64 + - distro: ubuntu + version: "20.04" + arch: x86_64 + - distro: ubuntu + version: "20.04" + arch: aarch64 + - distro: ubuntu + version: "22.04" + arch: x86_64 + - distro: ubuntu + version: "22.04" + arch: aarch64 + + steps: + - uses: actions/checkout@v3 + + - name: Download System Dependencies + run: | + sudo apt update + sudo apt install -y devscripts apt-utils + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download DEB Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-deb + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create deb --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo + + build-rpm-repo: + name: Build RPM Repository + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + needs: + - prepare-workflow + - build-rpm-pkgs + strategy: + fail-fast: false + matrix: + include: + - distro: amazon + version: "2" + arch: x86_64 + - distro: amazon + version: "2" + arch: aarch64 + - distro: redhat + version: "7" + arch: x86_64 + - distro: redhat + version: "7" + arch: aarch64 + - distro: redhat + version: "8" + arch: x86_64 + - distro: redhat + version: "8" + arch: aarch64 + - distro: redhat + version: "9" + arch: x86_64 + - distro: redhat + version: "9" + arch: aarch64 + - distro: fedora + version: "36" + arch: x86_64 + - distro: fedora + version: "36" + arch: aarch64 + - distro: fedora + version: "37" + arch: x86_64 + - distro: fedora + version: "37" + arch: aarch64 + - distro: fedora + version: "38" + arch: x86_64 + - distro: fedora + version: "38" + arch: aarch64 + - distro: photon + version: "3" + arch: x86_64 + - distro: photon + version: "3" + arch: aarch64 + - distro: photon + version: "4" + arch: x86_64 + - distro: photon + version: "4" + arch: aarch64 + + steps: + - uses: actions/checkout@v3 + + - name: Download System Dependencies + run: | + sudo apt update + sudo apt install -y rpm + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download RPM Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + env: + SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} + SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo create rpm --key-id=64CBBC8173D76B3F --distro-arch=${{ matrix.arch }} \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo + + build-windows-repo: + name: Build Windows Repository + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + needs: + - prepare-workflow + - build-windows-pkgs + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Windows NSIS x86 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-NSIS + path: artifacts/pkgs/incoming + + - name: Download Windows MSI x86 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-MSI + path: artifacts/pkgs/incoming + + - name: Download Windows NSIS amd64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-NSIS + path: artifacts/pkgs/incoming + + - name: Download Windows MSI amd64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-MSI + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create windows --key-id=64CBBC8173D76B3F \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: windows-repo + + build-macos-repo: + name: Build macOS Repository + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + needs: + - prepare-workflow + - build-macos-pkgs + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download macOS x86_64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86_64-macos + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create macos --key-id=64CBBC8173D76B3F \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: macos-repo + + build-onedir-repo: + name: Build Onedir Repository + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + needs: + - prepare-workflow + - build-salt-onedir + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Linux x86_64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-x86_64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Linux aarch64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-aarch64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download macOS x86_64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-x86_64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive(zip) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.zip + path: artifacts/pkgs/incoming + + - name: Download Windows x86 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive(zip) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.zip + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create onedir --key-id=64CBBC8173D76B3F \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: onedir-repo + + publish-repositories: + name: Publish Repositories + if: ${{ always() && ! failure() && ! cancelled() }} + runs-on: + - self-hosted + - linux + - repo-staging + environment: staging + needs: + - prepare-workflow + - build-src-repo + - build-deb-repo + - build-rpm-repo + - build-windows-repo + - build-macos-repo + - build-onedir-repo + + steps: + - uses: actions/checkout@v3 + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Download Repository Artifact + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-repo + path: repo/ + + - name: Decompress Repository Artifacts + run: | + find repo/ -type f -name '*.tar.gz' -print -exec tar xvf {} \; + find repo/ -type f -name '*.tar.gz' -print -exec rm -f {} \; + + - name: Show Repository + run: | + tree -a artifacts/pkgs/repo/ + + - name: Upload Repository Contents (staging) + env: + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo publish staging --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} artifacts/pkgs/repo/ + + upload-release-artifacts: + name: Upload Release Artifacts + needs: + - prepare-workflow + - build-docs + - build-src-repo + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + steps: + - uses: actions/checkout@v3 + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Download Release Patch + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + path: artifacts/release + + - name: Download Source Repository + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-staging-src-repo + path: artifacts/release + + - name: Download Release Documentation (HTML) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-docs-html.tar.xz + path: artifacts/release + + - name: Download Release Documentation (ePub) + uses: actions/download-artifact@v3 + with: + name: Salt-${{ needs.prepare-workflow.outputs.salt-version }}.epub + path: artifacts/release + + - name: Show Release Artifacts + run: | + tree -a artifacts/release + + - name: Upload Release Artifacts + run: | + tools release upload-artifacts ${{ needs.prepare-workflow.outputs.salt-version }} artifacts/release + + - name: Upload PyPi Artifacts + uses: actions/upload-artifact@v3 + with: + name: pypi-artifacts + path: | + artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.asc + retention-days: 7 + if-no-files-found: error + + almalinux-8-pkg-download-tests: + name: Test Alma Linux 8 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-8 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + almalinux-8-arm64-pkg-download-tests: + name: Test Alma Linux 8 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-8-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + almalinux-9-pkg-download-tests: + name: Test Alma Linux 9 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-9 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + almalinux-9-arm64-pkg-download-tests: + name: Test Alma Linux 9 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: almalinux-9-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + amazonlinux-2-pkg-download-tests: + name: Test Amazon Linux 2 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: amazonlinux-2 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + amazonlinux-2-arm64-pkg-download-tests: + name: Test Amazon Linux 2 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: amazonlinux-2-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centos-7-pkg-download-tests: + name: Test CentOS 7 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centos-7 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centos-7-arm64-pkg-download-tests: + name: Test CentOS 7 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centos-7-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-8-pkg-download-tests: + name: Test CentOS Stream 8 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-8 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-8-arm64-pkg-download-tests: + name: Test CentOS Stream 8 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-8-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-9-pkg-download-tests: + name: Test CentOS Stream 9 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-9 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + centosstream-9-arm64-pkg-download-tests: + name: Test CentOS Stream 9 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: centosstream-9-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + debian-10-pkg-download-tests: + name: Test Debian 10 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: debian-10 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + debian-11-pkg-download-tests: + name: Test Debian 11 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: debian-11 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + debian-11-arm64-pkg-download-tests: + name: Test Debian 11 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: debian-11-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-36-pkg-download-tests: + name: Test Fedora 36 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-36 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-36-arm64-pkg-download-tests: + name: Test Fedora 36 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-36-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-37-pkg-download-tests: + name: Test Fedora 37 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-37 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-37-arm64-pkg-download-tests: + name: Test Fedora 37 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-37-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-38-pkg-download-tests: + name: Test Fedora 38 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-38 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + fedora-38-arm64-pkg-download-tests: + name: Test Fedora 38 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: fedora-38-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + photonos-3-pkg-download-tests: + name: Test Photon OS 3 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: photonos-3 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + photonos-4-pkg-download-tests: + name: Test Photon OS 4 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: photonos-4 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2004-pkg-download-tests: + name: Test Ubuntu 20.04 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-20.04 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2004-arm64-pkg-download-tests: + name: Test Ubuntu 20.04 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-20.04-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2204-pkg-download-tests: + name: Test Ubuntu 22.04 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-22.04 + platform: linux + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + ubuntu-2204-arm64-pkg-download-tests: + name: Test Ubuntu 22.04 Arm64 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: ubuntu-22.04-arm64 + platform: linux + arch: aarch64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + macos-12-pkg-download-tests: + name: Test macOS 12 Package Downloads + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-macos.yml + with: + distro-slug: macos-12 + platform: darwin + arch: x86_64 + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + windows-2022-nsis-amd64-pkg-download-tests: + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + name: Test Windows 2022 amd64 NSIS Package Downloads + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-windows.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + pkg-type: NSIS + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + windows-2022-msi-amd64-pkg-download-tests: + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + name: Test Windows 2022 amd64 MSI Package Downloads + needs: + - prepare-workflow + - publish-repositories + uses: ./.github/workflows/test-package-downloads-action-windows.yml + with: + distro-slug: windows-2022 + platform: windows + arch: amd64 + pkg-type: MSI + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|3.10.11 + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: staging + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + publish-pypi: + name: Publish to PyPi(test) + if: ${{ github.event.repository.fork != true }} + needs: + - prepare-workflow + - upload-release-artifacts + - windows-2016 + - windows-2019 + - windows-2022 + - macos-12 + - almalinux-8 + - almalinux-9 + - amazonlinux-2 + - archlinux-lts + - centos-7 + - centosstream-8 + - centosstream-9 + - debian-10 + - debian-11 + - debian-11-arm64 + - fedora-36 + - fedora-37 + - fedora-38 + - opensuse-15 + - photonos-3 + - photonos-4 + - ubuntu-2004 + - ubuntu-2004-arm64 + - ubuntu-2204 + - ubuntu-2204-arm64 + - amazonlinux-2-pkg-tests + - centos-7-pkg-tests + - centosstream-8-pkg-tests + - centosstream-9-pkg-tests + - debian-10-pkg-tests + - debian-11-pkg-tests + - debian-11-arm64-pkg-tests + - photonos-3-pkg-tests + - photonos-4-pkg-tests + - ubuntu-2004-pkg-tests + - ubuntu-2004-arm64-pkg-tests + - ubuntu-2204-pkg-tests + - ubuntu-2204-arm64-pkg-tests + - macos-12-pkg-tests + - windows-2016-nsis-pkg-tests + - windows-2016-msi-pkg-tests + - windows-2019-nsis-pkg-tests + - windows-2019-msi-pkg-tests + - windows-2022-nsis-pkg-tests + - windows-2022-msi-pkg-tests + - almalinux-8-pkg-download-tests + - almalinux-8-arm64-pkg-download-tests + - almalinux-9-pkg-download-tests + - almalinux-9-arm64-pkg-download-tests + - amazonlinux-2-pkg-download-tests + - amazonlinux-2-arm64-pkg-download-tests + - centos-7-pkg-download-tests + - centos-7-arm64-pkg-download-tests + - centosstream-8-pkg-download-tests + - centosstream-8-arm64-pkg-download-tests + - centosstream-9-pkg-download-tests + - centosstream-9-arm64-pkg-download-tests + - debian-10-pkg-download-tests + - debian-11-pkg-download-tests + - debian-11-arm64-pkg-download-tests + - fedora-36-pkg-download-tests + - fedora-36-arm64-pkg-download-tests + - fedora-37-pkg-download-tests + - fedora-37-arm64-pkg-download-tests + - fedora-38-pkg-download-tests + - fedora-38-arm64-pkg-download-tests + - photonos-3-pkg-download-tests + - photonos-4-pkg-download-tests + - ubuntu-2004-pkg-download-tests + - ubuntu-2004-arm64-pkg-download-tests + - ubuntu-2204-pkg-download-tests + - ubuntu-2204-arm64-pkg-download-tests + - macos-12-pkg-download-tests + - windows-2022-nsis-amd64-pkg-download-tests + - windows-2022-msi-amd64-pkg-download-tests + environment: staging + runs-on: + - self-hosted + - linux + - repo-staging + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + id: get-secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + TWINE_PASSWORD=$(aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/publishing/publish-test-pypi \ + --query SecretString --output text | jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "$SECRETS_KEY_FILE" -d -) + echo "::add-mask::$TWINE_PASSWORD" + echo "twine-password=$TWINE_PASSWORD" >> "${GITHUB_OUTPUT}" + + - name: Download PyPi Artifacts + uses: actions/download-artifact@v3 + with: + name: pypi-artifacts + path: artifacts/release + + - name: Publish to Test PyPi + env: + TWINE_PASSWORD: "${{ steps.get-secrets.outputs.twine-password }}" + run: | + tools pkg pypi-upload --test artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + + set-pipeline-exit-status: + # This step is just so we can make github require this step, to pass checks + # on a pull request instead of requiring all + name: Set the ${{ github.workflow }} Pipeline Exit Status + if: always() + runs-on: ubuntu-latest + needs: + - check-requirements + - prepare-workflow + - pre-commit + - lint + - build-docs + - build-deps-onedir + - build-salt-onedir + - publish-repositories + - upload-release-artifacts + - publish-pypi + steps: + - name: Get workflow information + id: get-workflow-info + uses: technote-space/workflow-conclusion-action@v3 + + - name: Set Pipeline Exit Status + shell: bash + run: | + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + exit 1 + else + exit 0 + fi + + - name: Done + if: always() + run: + echo "All worflows finished" diff --git a/.github/workflows/templates/README.md b/.github/workflows/templates/README.md new file mode 100644 index 00000000000..3e5f5a876aa --- /dev/null +++ b/.github/workflows/templates/README.md @@ -0,0 +1,20 @@ +# Workflow Templates + +The templates are used to generate the actual workflows that run on GitHub Actions. +They use [Jinja2](https://jinja.palletsprojects.com) as the template engine. + +## To Note + +Let's try to keep the Jinja usage to the bare minimum because, as time passes, +the complexity just piles up making it harder to read and interpret the templates. + +### Changes To Default Jinja Syntax + +By default Jinja uses `{% ... %}`, `{{ ... }}`, `{# ... #}`, etc to do it's magic. +In order not to clash with the GitHub Actions syntax, and to also avoid having to +add bunch of `{% raw %} ... {% endraw %}` blocks, we changed some things: + +* Instead of `{%` and `%}` use `<%` and `%>` +* Instead of `{{` and `}}` use `<{` and `}>` + +The rest of Jinja2 defaults apply. diff --git a/.github/workflows/templates/build-deb-repo.yml.jinja b/.github/workflows/templates/build-deb-repo.yml.jinja new file mode 100644 index 00000000000..4f88e516a3d --- /dev/null +++ b/.github/workflows/templates/build-deb-repo.yml.jinja @@ -0,0 +1,91 @@ + + strategy: + fail-fast: false + matrix: + include: + <%- for distro, version, arch in ( + ("debian", "10", "x86_64"), + ("debian", "10", "aarch64"), + ("debian", "11", "x86_64"), + ("debian", "11", "aarch64"), + ("ubuntu", "20.04", "x86_64"), + ("ubuntu", "20.04", "aarch64"), + ("ubuntu", "22.04", "x86_64"), + ("ubuntu", "22.04", "aarch64"), + ) %> + - distro: <{ distro }> + version: "<{ version }>" + arch: <{ arch }> + <%- endfor %> + + steps: + - uses: actions/checkout@v3 + + - name: Download System Dependencies + run: | + sudo apt update + sudo apt install -y devscripts apt-utils + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download DEB Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-deb + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create deb --key-id=<{ gpg_key_id }> --distro-arch=${{ matrix.arch }} <% if gh_environment == 'nightly' -%> --nightly-build-from=${{ github.ref_name }} <%- endif %> \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo diff --git a/.github/workflows/templates/build-macos-repo.yml.jinja b/.github/workflows/templates/build-macos-repo.yml.jinja new file mode 100644 index 00000000000..f4494b24d74 --- /dev/null +++ b/.github/workflows/templates/build-macos-repo.yml.jinja @@ -0,0 +1,66 @@ + + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download macOS x86_64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86_64-macos + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create macos --key-id=<{ gpg_key_id }> <% if gh_environment == 'nightly' -%> --nightly-build-from=${{ github.ref_name }} <%- endif %> \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: macos-repo diff --git a/.github/workflows/templates/build-onedir-repo.yml.jinja b/.github/workflows/templates/build-onedir-repo.yml.jinja new file mode 100644 index 00000000000..b68049c9a5c --- /dev/null +++ b/.github/workflows/templates/build-onedir-repo.yml.jinja @@ -0,0 +1,102 @@ + + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Linux x86_64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-x86_64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Linux aarch64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-linux-aarch64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download macOS x86_64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-darwin-x86_64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive(zip) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-amd64.zip + path: artifacts/pkgs/incoming + + - name: Download Windows x86 Onedir Archive + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.tar.xz + path: artifacts/pkgs/incoming + + - name: Download Windows amd64 Onedir Archive(zip) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-onedir-windows-x86.zip + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create onedir --key-id=<{ gpg_key_id }> <% if gh_environment == 'nightly' -%> --nightly-build-from=${{ github.ref_name }} <%- endif %> \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: onedir-repo diff --git a/.github/workflows/templates/build-packages.yml.jinja b/.github/workflows/templates/build-packages.yml.jinja new file mode 100644 index 00000000000..7646dd6e3e5 --- /dev/null +++ b/.github/workflows/templates/build-packages.yml.jinja @@ -0,0 +1,29 @@ +<%- for pkg_type, display_name, runner_type in ( + ("rpm", "RPM", "self-hosted"), + ("deb", "DEB", "self-hosted"), + ("windows", "Windows", "github-hosted"), + ("macos", "macOS", "github-hosted"), + ) %> + + <%- set job_name = "build-{}-pkgs".format(pkg_type) %> + + <{ job_name }>: + name: Build <{ display_name }> Packages + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['build-pkgs'] && fromJSON(needs.prepare-workflow.outputs.runners)['<{ runner_type }>'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/build-<{ pkg_type }>-packages.yml + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + <%- if pkg_type in ("macos", "windows") and gh_environment %> + environment: <{ gh_environment }> + <%- if pkg_type == "macos" %> + sign-packages: true + <%- else %> + sign-packages: <% if gh_environment == 'nightly' -%> false <%- else -%> ${{ inputs.sign-windows-packages }} <%- endif %> + <%- endif %> + secrets: inherit + <%- endif %> + +<%- endfor %> diff --git a/.github/workflows/templates/build-repos.yml.jinja b/.github/workflows/templates/build-repos.yml.jinja new file mode 100644 index 00000000000..85cea3e38db --- /dev/null +++ b/.github/workflows/templates/build-repos.yml.jinja @@ -0,0 +1,29 @@ +<%- for type, display_name, needs_pkg in ( + ("src", "Source", False), + ("deb", "DEB", True), + ("rpm", "RPM", True), + ("windows", "Windows", True), + ("macos", "macOS", True), + ("onedir", "Onedir", False), + ) %> + + <%- set job_name = "build-{}-repo".format(type) %> + <%- do build_repo_needs.append(job_name) %> + + <{ job_name }>: + name: Build <{ display_name }> Repository + environment: <{ gh_environment }> + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + needs: + - prepare-workflow + <%- if needs_pkg %> + - build-<{ type }>-pkgs + <%- else %> + - build-salt-onedir + <%- endif %> + <%- include "build-{}-repo.yml.jinja".format(type) %> + +<%- endfor %> diff --git a/.github/workflows/templates/build-rpm-repo.yml.jinja b/.github/workflows/templates/build-rpm-repo.yml.jinja new file mode 100644 index 00000000000..6f1b27c6eca --- /dev/null +++ b/.github/workflows/templates/build-rpm-repo.yml.jinja @@ -0,0 +1,108 @@ + + strategy: + fail-fast: false + matrix: + include: + <%- for distro, version, arch in ( + ("amazon", "2", "x86_64"), + ("amazon", "2", "aarch64"), + ("redhat", "7", "x86_64"), + ("redhat", "7", "aarch64"), + ("redhat", "8", "x86_64"), + ("redhat", "8", "aarch64"), + ("redhat", "9", "x86_64"), + ("redhat", "9", "aarch64"), + ("fedora", "36", "x86_64"), + ("fedora", "36", "aarch64"), + ("fedora", "37", "x86_64"), + ("fedora", "37", "aarch64"), + ("fedora", "38", "x86_64"), + ("fedora", "38", "aarch64"), + ("photon", "3", "x86_64"), + ("photon", "3", "aarch64"), + ("photon", "4", "x86_64"), + ("photon", "4", "aarch64"), + ) %> + - distro: <{ distro }> + version: "<{ version }>" + arch: <{ arch }> + <%- endfor %> + + steps: + - uses: actions/checkout@v3 + + - name: Download System Dependencies + run: | + sudo apt update + sudo apt install -y rpm + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download RPM Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-${{ matrix.arch }}-rpm + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + env: + <%- if gh_environment == 'staging' %> + SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} + SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} + <%- endif %> + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo create rpm --key-id=<{ gpg_key_id }> --distro-arch=${{ matrix.arch }} <% if gh_environment == 'nightly' -%> --nightly-build-from=${{ github.ref_name }} <%- endif %> \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --distro=${{ matrix.distro }} --distro-version=${{ matrix.version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: ${{ matrix.distro }}-${{ matrix.version }}-${{ matrix.arch }}-repo diff --git a/.github/workflows/templates/build-src-repo.yml.jinja b/.github/workflows/templates/build-src-repo.yml.jinja new file mode 100644 index 00000000000..6a9c2634e96 --- /dev/null +++ b/.github/workflows/templates/build-src-repo.yml.jinja @@ -0,0 +1,82 @@ + + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Source Tarball + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create src --key-id=<{ gpg_key_id }> <% if gh_environment == 'nightly' -%> --nightly-build-from=${{ github.ref_name }} <%- endif %> \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Copy Files For Source Only Artifact Uploads + run: | + mkdir artifacts/src + find artifacts/pkgs/repo -type f -print -exec cp {} artifacts/src \; + + - name: Upload Standalone Repository As An Artifact + uses: actions/upload-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-src-repo + path: | + artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + artifacts/src/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.* + artifacts/src/*-GPG-* + retention-days: 7 + if-no-files-found: error + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: src-repo diff --git a/.github/workflows/templates/build-windows-repo.yml.jinja b/.github/workflows/templates/build-windows-repo.yml.jinja new file mode 100644 index 00000000000..0142e5cc09c --- /dev/null +++ b/.github/workflows/templates/build-windows-repo.yml.jinja @@ -0,0 +1,84 @@ + + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Windows NSIS x86 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-NSIS + path: artifacts/pkgs/incoming + + - name: Download Windows MSI x86 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-x86-MSI + path: artifacts/pkgs/incoming + + - name: Download Windows NSIS amd64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-NSIS + path: artifacts/pkgs/incoming + + - name: Download Windows MSI amd64 Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-amd64-MSI + path: artifacts/pkgs/incoming + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Create Repository Path + run: | + mkdir -p artifacts/pkgs/repo + + - name: Create Repository + run: | + tools pkg repo create windows --key-id=<{ gpg_key_id }> <% if gh_environment == 'nightly' -%> --nightly-build-from=${{ github.ref_name }} <%- endif %> \ + --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} \ + --incoming=artifacts/pkgs/incoming --repo-path=artifacts/pkgs/repo + + - name: Upload Repository As An Artifact + uses: ./.github/actions/upload-artifact + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo + path: artifacts/pkgs/repo/* + retention-days: 7 + if-no-files-found: error + archive-name: windows-repo diff --git a/.github/workflows/templates/ci.yml.jinja b/.github/workflows/templates/ci.yml.jinja new file mode 100644 index 00000000000..538c0f91a33 --- /dev/null +++ b/.github/workflows/templates/ci.yml.jinja @@ -0,0 +1,327 @@ +<%- extends 'layout.yml.jinja' %> +<%- set pre_commit_version = "3.0.4" %> + +<%- block on %> +on: + push: {} + pull_request: {} +<%- endblock on %> + + +<%- block jobs %> + <{- super() }> + + <%- set job_name = "pre-commit" %> + <%- if includes.get(job_name, True) %> + <{ job_name }>: + <%- do conclusion_needs.append(job_name) %> + name: Pre-Commit + if: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/pre-commit-action.yml + needs: + - prepare-workflow + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + pre-commit-version: "<{ pre_commit_version }>" + + <%- endif %> + + + <%- set job_name = "lint" %> + <%- if includes.get(job_name, True) %> + + lint: + <%- do conclusion_needs.append('lint') %> + name: Lint + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + uses: ./.github/workflows/lint-action.yml + needs: + - prepare-workflow + with: + changed-files: ${{ needs.prepare-workflow.outputs.changed-files }} + + <%- endif %> + + + <%- set job_name = "prepare-release" %> + <%- if includes.get(job_name, True) %> + + <{ job_name }>: + name: "Prepare Release: ${{ needs.prepare-workflow.outputs.salt-version }}" + <%- if prepare_actual_release %> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + runs-on: + - self-hosted + - linux + - medium + - x86_64 + <%- else %> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + runs-on: + - ubuntu-latest + <%- endif %> + needs: + - prepare-workflow + steps: + - uses: actions/checkout@v3 + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Cache Python Tools Docs Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/docs + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|docs|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/docs.txt') }} + + - name: Cache Python Tools Changelog Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/changelog + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|changelog|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/changelog.txt') }} + + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + <%- if prepare_actual_release %> + release: true + <%- endif %> + + - name: Update Debian changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-deb --draft + tools changelog update-deb + + - name: Update RPM changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-rpm --draft + tools changelog update-rpm + + - name: Update Release Notes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + <%- if gh_environment == 'nightly' %> + if [ "${{ contains(fromJSON('["master"]'), github.ref_name) }}" == "true" ]; then + tools changelog update-release-notes --draft <%- if prepare_actual_release %> --release <%- endif %> --next-release + tools changelog update-release-notes <%- if prepare_actual_release %> --release <%- endif %> --next-release + else + tools changelog update-release-notes --draft <%- if prepare_actual_release %> --release <%- endif %> + tools changelog update-release-notes <%- if prepare_actual_release %> --release <%- endif %> + fi + <%- else %> + tools changelog update-release-notes --draft <%- if prepare_actual_release %> --release <%- endif %> + tools changelog update-release-notes <%- if prepare_actual_release %> --release <%- endif %> + <%- endif %> + + - name: Generate MAN Pages + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + LATEST_RELEASE: "${{ needs.prepare-workflow.outputs.salt-version }}" + SALT_ON_SALTSTACK: "1" + run: | + tools docs man + + - name: Update Changelog + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + tools changelog update-changelog-md --draft + tools changelog update-changelog-md + + - name: Show Changes Diff + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git diff --color + + - name: Configure Git + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject-packaging@vmware.com + + - name: Setup Pre-Commit + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + uses: ./.github/actions/setup-pre-commit + with: + version: "<{ pre_commit_version }>" + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + + - name: Commit Changes + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + env: + SKIP: lint-salt,lint-tests + run: | + # Run it twice so that pre-commit can fix anything that can be automatically fixed. + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" || \ + git commit -am "Release v${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Create release changes patch + shell: bash + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + run: | + git format-patch --keep-subject --binary --stdout HEAD^ > salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + + - name: Upload Changes Diff Artifact + uses: actions/upload-artifact@v3 + if: ${{ startsWith(github.event.ref, 'refs/tags') == false }} + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + path: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + retention-days: 7 + if-no-files-found: error + + <%- endif %> + + + <%- set job_name = "build-docs" %> + <%- if includes.get(job_name, True) %> + + <{ job_name }>: + <%- do conclusion_needs.append(job_name) %> + name: Documentation + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-source-tarball + uses: ./.github/workflows/build-docs.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + <%- endif %> + + + <%- set job_name = "build-source-tarball" %> + <%- if includes.get(job_name, True) %> + + <{ job_name }>: + name: Build Source Tarball + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - prepare-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Get Python Version + id: get-python-version + uses: ./.github/actions/get-python-version + with: + python-binary: python3 + + - name: Setup Python Tools Scripts + id: python-tools-scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + - name: Cache Python Tools Build Virtualenv + uses: actions/cache@v3 + with: + path: .tools-venvs/build + key: ${{ needs.prepare-workflow.outputs.cache-seed }}|${{ github.workflow }}|${{ github.job }}|tools-venvs|${{ steps.python-tools-scripts.outputs.version }}|build|${{ steps.get-python-version.outputs.version }}|${{ hashFiles('requirements/**/build.txt') }} + + - name: Build Source Tarball + uses: ./.github/actions/build-source-tarball + with: + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + + <%- endif %> + + + <%- set job_name = "build-deps-onedir" %> + <%- if includes.get(job_name, True) %> + + <{ job_name }>: + <%- do conclusion_needs.append(job_name) %> + name: Build Dependencies Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + uses: ./.github/workflows/build-deps-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "<{ relenv_version }>" + python-version-linux: "<{ python_version_linux }>" + python-version-macos: "<{ python_version_macos }>" + python-version-windows: "<{ python_version_windows }>" + + <%- endif %> + + + <%- set job_name = "build-salt-onedir" %> + <%- if includes.get(job_name, True) %> + + <{ job_name }>: + <%- do conclusion_needs.append(job_name) %> + name: Build Salt Onedir + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['<{ job_name }>'] }} + needs: + - prepare-workflow + - build-deps-onedir + - build-source-tarball + uses: ./.github/workflows/build-salt-onedir.yml + with: + cache-seed: ${{ needs.prepare-workflow.outputs.cache-seed }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + relenv-version: "<{ relenv_version }>" + python-version-linux: "<{ python_version_linux }>" + python-version-macos: "<{ python_version_macos }>" + python-version-windows: "<{ python_version_windows }>" + + <%- endif %> + + + <%- set job_name = "build-pkgs" %> + <%- if includes.get(job_name, True) %> + <%- include "build-packages.yml.jinja" %> + <%- endif %> + + + <%- set job_name = "pkg-tests" %> + <%- if includes.get(job_name, True) %> + <%- include "test-salt-pkg.yml.jinja" %> + <%- endif %> + + + <%- set job_name = "salt-tests" %> + <%- if includes.get(job_name, True) %> + <%- include "test-salt.yml.jinja" %> + <%- endif %> + +<%- endblock jobs %> diff --git a/.github/workflows/templates/layout.yml.jinja b/.github/workflows/templates/layout.yml.jinja new file mode 100644 index 00000000000..4e0fa686e3e --- /dev/null +++ b/.github/workflows/templates/layout.yml.jinja @@ -0,0 +1,356 @@ +# Do not edit these workflows directly as the changes made will be overwritten. +# Instead, edit the template '<{ template }>' +<%- set prepare_workflow_if_check = prepare_workflow_if_check|default(False) %> +<%- set prepare_workflow_skip_test_suite = prepare_workflow_skip_test_suite|default("") %> +<%- set prepare_workflow_skip_pkg_test_suite = prepare_workflow_skip_pkg_test_suite|default("") %> +<%- set prepare_workflow_skip_pkg_download_test_suite = prepare_workflow_skip_pkg_download_test_suite|default("") %> +<%- set prepare_workflow_salt_version_input = prepare_workflow_salt_version_input|default("") %> +<%- set skip_test_coverage_check = skip_test_coverage_check|default("${{ github.event_name == 'pull_request' }}") %> +<%- set skip_junit_reports_check = skip_junit_reports_check|default("${{ github.event_name == 'pull_request' }}") %> +<%- set gpg_key_id = "64CBBC8173D76B3F" %> +<%- set prepare_actual_release = prepare_actual_release | default(False) %> +<%- set release_branches = ["master", "3006.x"] %> +--- +<%- block name %> +name: <{ workflow_name }> +run-name: "<{ workflow_name }> (${{ github.event_name == 'pull_request' && format('pr: #{0}', github.event.number) || format('{0}: {1}', startsWith(github.event.ref, 'refs/tags') && 'tag' || 'branch', github.ref_name) }})" +<%- endblock name %> + +<%- block on %> + +on: + push: {} + pull_request: + types: + - labeled + - unlabeled + - opened + - reopened + - synchronize + +<%- endblock on %> + +<%- block env %> + +env: + COLUMNS: 190 + CACHE_SEED: SEED-3 # Bump the number to invalidate all caches + RELENV_DATA: "${{ github.workspace }}/.relenv" + +<%- endblock env %> + +<%- block permissions %> + +permissions: + contents: read # for dorny/paths-filter to fetch a list of changed files + pull-requests: read # for dorny/paths-filter to read pull requests + +<%- endblock permissions %> + +<%- block concurrency %> + +concurrency: + # Concurrency is defined in a way that concurrent builds against branches do + # not cancel previous builds. + # However, for every new build against the same pull request source branch, + # all older builds against that same branch get canceled. + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +<%- endblock concurrency %> + +<%- block jobs %> + +jobs: + + <%- block pre_jobs %> + <%- endblock pre_jobs %> + + <%- if includes.get("prepare-workflow", True) %> + <%- block prepare_workflow_job %> + <%- do conclusion_needs.append("prepare-workflow") %> + + prepare-workflow: + name: Prepare Workflow Run + runs-on: ubuntu-latest + <%- if prepare_workflow_if_check %> + if: <{ prepare_workflow_if_check }> + <%- endif %> + <%- if prepare_workflow_needs %> + needs: + <%- for need in prepare_workflow_needs.iter(consume=False) %> + - <{ need }> + <%- endfor %> + <%- endif %> + outputs: + jobs: ${{ steps.define-jobs.outputs.jobs }} + runners: ${{ steps.runner-types.outputs.runners }} + changed-files: ${{ steps.process-changed-files.outputs.changed-files }} + pull-labels: ${{ steps.get-pull-labels.outputs.labels }} + testrun: ${{ steps.define-testrun.outputs.testrun }} + salt-version: ${{ steps.setup-salt-version.outputs.salt-version }} + cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }} + latest-release: ${{ steps.get-salt-releases.outputs.latest-release }} + releases: ${{ steps.get-salt-releases.outputs.releases }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Full clone to also get the tags to get the right salt version + + - name: Get Changed Files + if: ${{ github.event_name == 'pull_request'}} + id: changed-files + uses: dorny/paths-filter@v2 + with: + token: ${{ github.token }} + list-files: json + filters: | + repo: + - added|modified: + - '**' + doc-requirements: + - added|modified: &doc_requirements + - requirements/static/ci/py3.*/docs.txt + lint-requirements: + - added|modified: &lint_requirements + - requirements/static/ci/py3.*/lint.txt + pkg_requirements: + - added|modified: &pkg_requirements + - requirements/static/pkg/py3.*/darwin.txt + - requirements/static/pkg/py3.*/linux.txt + - requirements/static/pkg/py3.*/freebsd.txt + - requirements/static/pkg/py3.*/windows.txt + test_requirements: + - added|modified: &test_requirements + - requirements/static/ci/py3.*/darwin.txt + - requirements/static/ci/py3.*/linux.txt + - requirements/static/ci/py3.*/freebsd.txt + - requirements/static/ci/py3.*/windows.txt + - requirements/static/ci/py3.*/darwin-crypto.txt + - requirements/static/ci/py3.*/linux-crypto.txt + - requirements/static/ci/py3.*/freebsd-crypto.txt + - requirements/static/ci/py3.*/windows-crypto.txt + deleted: + - deleted: + - '**' + docs: + - added|modified: + - doc/** + - *doc_requirements + workflows: + - added|modified: + - cicd/shared-gh-workflows-context.yml + - .github/actions/**/action.yml + - .github/workflows/*.yml + - .github/workflows/templates/*.yml.jinja2 + salt: + - added|modified: &salt_added_modified + - setup.py + - noxfile.py + - salt/**/*.py + - tasks/**/*.py + - tools/**/*.py + tests: + - added|modified: &tests_added_modified + - tests/**/*.py + lint: + - added|modified: + - .pylintrc + - *lint_requirements + golden_images: + - added|modified: + - cicd/golden-images.json + pkg_tests: + - added|modified: &pkg_tests_added_modified + - pkg/** + - *pkg_requirements + - *salt_added_modified + testrun: + - added|modified: + - *pkg_requirements + - *test_requirements + - *salt_added_modified + - *tests_added_modified + - *pkg_tests_added_modified + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Pretty Print The GH Actions Event + run: + tools ci print-gh-event + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "<{ prepare_workflow_salt_version_input }>" + validate-version: true + + - name: Get Pull Number + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-number + uses: ./.github/actions/get-pull-number + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + sha: ${{ github.sha }} + pull-number: ${{ github.event.pull_request.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Request + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-request + uses: ./.github/actions/get-pull-request + with: + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + pull-number: ${{ steps.get-pull-number.outputs.number }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get Pull Labels + if: ${{ github.event_name == 'pull_request' }} + id: get-pull-labels + uses: ./.github/actions/get-pull-labels + with: + pull-request: ${{ steps.get-pull-request.outputs.pull-request }} + + <%- if prepare_actual_release %> + + - name: Check Existing Releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }} + + <%- endif %> + + - name: Write Changed Files To A Local File + run: + echo '${{ toJSON(steps.changed-files.outputs) }}' > changed-files.json + + - name: Check Local Changed Files Contents + if: ${{ github.event_name == 'pull_request' }} + run: + cat changed-files.json + + - name: Process Changed Files + id: process-changed-files + run: | + tools ci process-changed-files ${{ github.event_name }} changed-files.json + + - name: Check Collected Changed Files + if: ${{ github.event_name == 'pull_request' }} + run: | + echo '${{ steps.process-changed-files.outputs.changed-files }}' | jq -C '.' + + - name: Define Runner Types + id: runner-types + run: | + tools ci runner-types ${{ github.event_name }} + + - name: Check Defined Runners + run: | + echo '${{ steps.runner-types.outputs.runners }}' | jq -C '.' + + - name: Define Jobs + id: define-jobs + run: | + tools ci define-jobs<{ prepare_workflow_skip_test_suite }><{ prepare_workflow_skip_pkg_test_suite }><{ prepare_workflow_skip_pkg_download_test_suite }> ${{ github.event_name }} changed-files.json + + - name: Check Defined Jobs + run: | + echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.' + + - name: Get Salt Releases + id: get-salt-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools ci get-releases + + - name: Check Salt Releases + run: | + echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.' + echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.' + + - name: Define Testrun + id: define-testrun + run: | + tools ci define-testrun ${{ github.event_name }} changed-files.json + + - name: Check Defined Test Run + run: | + echo '${{ steps.define-testrun.outputs.testrun }}' | jq -C '.' + + - name: Check Contents of generated testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + run: | + cat testrun-changed-files.txt || true + + - name: Upload testrun-changed-files.txt + if: ${{ fromJSON(steps.define-testrun.outputs.testrun)['type'] != 'full' }} + uses: actions/upload-artifact@v3 + with: + name: testrun-changed-files.txt + path: testrun-changed-files.txt + + - name: Set Cache Seed Output + id: set-cache-seed + run: | + echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT" + <%- endblock prepare_workflow_job %> + <%- endif %> + +<%- endblock jobs %> + + set-pipeline-exit-status: + # This step is just so we can make github require this step, to pass checks + # on a pull request instead of requiring all + name: Set the ${{ github.workflow }} Pipeline Exit Status + if: always() + runs-on: ubuntu-latest + needs: + <%- for need in prepare_workflow_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + <%- for need in conclusion_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + <%- for need in test_salt_needs.iter(consume=False) %> + - <{ need }> + <%- endfor %> + <%- for need in test_salt_pkg_needs.iter(consume=False) %> + - <{ need }> + <%- endfor %> + <%- for need in test_repo_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + steps: + - name: Get workflow information + id: get-workflow-info + uses: technote-space/workflow-conclusion-action@v3 + + <%- block set_pipeline_exit_status_extra_steps %> + <%- endblock set_pipeline_exit_status_extra_steps %> + + - name: Set Pipeline Exit Status + shell: bash + run: | + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + exit 1 + else + exit 0 + fi + + - name: Done + if: always() + run: + echo "All worflows finished" diff --git a/.github/workflows/templates/nightly.yml.jinja b/.github/workflows/templates/nightly.yml.jinja new file mode 100644 index 00000000000..d78faa49c0a --- /dev/null +++ b/.github/workflows/templates/nightly.yml.jinja @@ -0,0 +1,118 @@ +<%- set gh_environment = gh_environment|default("nightly") %> +<%- set skip_test_coverage_check = skip_test_coverage_check|default("false") %> +<%- set skip_junit_reports_check = skip_junit_reports_check|default("false") %> +<%- set prepare_workflow_skip_test_suite = "${{ inputs.skip-salt-test-suite && ' --skip-tests' || '' }}" %> +<%- set prepare_workflow_skip_pkg_test_suite = "${{ inputs.skip-salt-pkg-test-suite && ' --skip-pkg-tests' || '' }}" %> +<%- set prepare_workflow_if_check = prepare_workflow_if_check|default("${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }}") %> +<%- extends 'ci.yml.jinja' %> + +<%- block name %> + +name: <{ workflow_name }> +run-name: "<{ workflow_name }> (branch: ${{ github.ref_name }})" + +<%- endblock name %> + +<%- block on %> + +on: + workflow_dispatch: + inputs: + skip-salt-test-suite: + type: boolean + default: false + description: Skip running the Salt test suite. + skip-salt-pkg-test-suite: + type: boolean + default: false + description: Skip running the Salt packages test suite. + schedule: + # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule + - cron: '0 1 * * *' # Every day at 1AM + +<%- endblock on %> + +<%- block concurrency %> + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: false + +<%- endblock concurrency %> + +<%- block permissions %> +<{- super() }> +<%- if workflow_slug == "nightly" %> + actions: write # to trigger branch nightly builds +<%- endif %> +<%- endblock permissions %> + +<%- block pre_jobs %> + + <%- include "workflow-requirements-check.yml.jinja" %> + <%- include "trigger-branch-workflows.yml.jinja" %> + +<%- endblock pre_jobs %> + +<%- block jobs %> + <{- super() }> + + <%- if includes.get("build-repos", True) %> + <%- include "build-repos.yml.jinja" %> + <%- endif %> + + publish-repositories: + <%- do conclusion_needs.append('publish-repositories') %> + name: Publish Repositories + if: ${{ always() && ! failure() && ! cancelled() }} + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + environment: <{ gh_environment }> + needs: + - prepare-workflow + <%- for need in build_repo_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + <%- if workflow_slug == "nightly" %> + <%- for need in test_salt_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + <%- endif %> + + steps: + - uses: actions/checkout@v3 + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Download Repository Artifact + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-repo + path: repo/ + + - name: Decompress Repository Artifacts + run: | + find repo/ -type f -name '*.tar.gz' -print -exec tar xvf {} \; + find repo/ -type f -name '*.tar.gz' -print -exec rm -f {} \; + + - name: Show Repository + run: | + tree -a artifacts/pkgs/repo/ + + - name: Upload Repository Contents (<{ gh_environment }>) + env: + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo publish <{ gh_environment }> --salt-version=${{ needs.prepare-workflow.outputs.salt-version }} artifacts/pkgs/repo/ + +<%- endblock jobs %> diff --git a/.github/workflows/templates/release.yml.jinja b/.github/workflows/templates/release.yml.jinja new file mode 100644 index 00000000000..ad651fcfaae --- /dev/null +++ b/.github/workflows/templates/release.yml.jinja @@ -0,0 +1,486 @@ +<%- set prepare_workflow_salt_version_input = "${{ inputs.salt-version }}" %> +<%- set prepare_workflow_skip_pkg_download_test_suite = "${{ inputs.skip-salt-pkg-download-test-suite && ' --skip-pkg-download-tests' || '' }}" %> +<%- set gh_environment = "release" %> +<%- extends 'layout.yml.jinja' %> + + +<%- block name %> + +name: <{ workflow_name }> +run-name: "<{ workflow_name }> (branch: ${{ github.ref_name }}; version: ${{ inputs.salt-version }})" + +<%- endblock name %> + + +<%- block on %> + +on: + workflow_dispatch: + inputs: + salt-version: + type: string + required: true + description: > + The Salt version to get from staging to publish the release. + (DO NOT prefix the version with a v, ie, 3006.0 NOT v3006.0). + skip-salt-pkg-download-test-suite: + type: boolean + default: false + description: Skip running the Salt packages download test suite. + +<%- endblock on %> + +<%- block concurrency %> + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }} + cancel-in-progress: false + +<%- endblock concurrency %> + +<%- block permissions %> + +permissions: + contents: write # To be able to publish the release + +<%- endblock permissions %> + +<%- block pre_jobs %> + + <%- set job_name = "check-requirements" %> + + <{ job_name }>: + <%- do prepare_workflow_needs.append(job_name) %> + name: Check Requirements + runs-on: ubuntu-latest + environment: <{ gh_environment }>-check + steps: + - name: Check For Admin Permission + uses: actions-cool/check-user-permission@v2 + with: + require: admin + username: ${{ github.triggering_actor }} + + - name: Check Branch + run: | + echo "Trying to run the staging workflow from branch ${{ github.ref_name }}" + if [ "${{ contains(fromJSON('<{ release_branches|tojson }>'), github.ref_name) }}" != "true" ]; then + echo "Running the staging workflow from the ${{ github.ref_name }} branch is not allowed" + echo "Allowed branches: <{ release_branches|join(', ') }>" + exit 1 + else + echo "Allowed to release from branch ${{ github.ref_name }}" + fi + + +<%- endblock pre_jobs %> + +<%- if includes.get("prepare-workflow", True) %> +<%- block prepare_workflow_job %> +<%- do conclusion_needs.append("prepare-workflow") %> + + prepare-workflow: + name: Prepare Workflow Run + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + environment: <{ gh_environment }> + <%- if prepare_workflow_needs %> + needs: + <%- for need in prepare_workflow_needs.iter(consume=False) %> + - <{ need }> + <%- endfor %> + <%- endif %> + outputs: + salt-version: ${{ steps.setup-salt-version.outputs.salt-version }} + cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }} + latest-release: ${{ steps.get-salt-releases.outputs.latest-release }} + releases: ${{ steps.get-salt-releases.outputs.releases }} + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Full clone to also get the tags to get the right salt version + + - name: Set up Python 3.10 + uses: actions/setup-python@v4 + with: + python-version: "3.10" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Pretty Print The GH Actions Event + run: + tools ci print-gh-event + + - name: Setup Salt Version + id: setup-salt-version + uses: ./.github/actions/setup-salt-version + with: + salt-version: "<{ prepare_workflow_salt_version_input }>" + validate-version: true + + - name: Check Existing Releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools pkg repo confirm-unreleased --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }} + + - name: Check Release Staged + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools pkg repo confirm-staged --repository ${{ github.repository }} ${{ steps.setup-salt-version.outputs.salt-version }} + + - name: Get Salt Releases + id: get-salt-releases + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + tools ci get-releases + + - name: Check Salt Releases + run: | + echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.' + echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.' + + - name: Set Cache Seed Output + id: set-cache-seed + run: | + echo "cache-seed=${{ env.CACHE_SEED }}" >> "$GITHUB_OUTPUT" + + <%- endblock prepare_workflow_job %> + <%- endif %> + +<%- block jobs %> + <{- super() }> + + download-onedir-artifact: + name: Download Staging Onedir Artifact + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + environment: <{ gh_environment }> + needs: + - prepare-workflow + strategy: + fail-fast: false + matrix: + include: + - platform: linux + arch: x86_64 + - platform: linux + arch: aarch64 + - platform: windows + arch: amd64 + - platform: windows + arch: x86 + - platform: darwin + arch: x86_64 + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Download Onedir Tarball Artifact + run: | + tools release download-onedir-artifact --platform=${{ matrix.platform }} --arch=${{ matrix.arch }} ${{ inputs.salt-version }} + + - name: Upload Onedir Tarball as an Artifact + uses: actions/upload-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-onedir-${{ matrix.platform }}-${{ matrix.arch }}.tar.xz + path: artifacts/salt-${{ inputs.salt-version }}-onedir-${{ matrix.platform }}-${{ matrix.arch }}.tar.xz* + retention-days: 7 + if-no-files-found: error + + backup: + name: Backup + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + needs: + - prepare-workflow + environment: <{ gh_environment }> + outputs: + backup-complete: ${{ steps.backup.outputs.backup-complete }} + + steps: + - name: Clone The Salt Repository + uses: actions/checkout@v3 + + - name: Setup Rclone + uses: AnimMouse/setup-rclone@v1 + with: + version: v1.61.1 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Backup Previous Releases + id: backup + run: | + tools pkg repo backup-previous-releases + + publish-repositories: + <%- do conclusion_needs.append('publish-repositories') %> + name: Publish Repositories + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + needs: + - prepare-workflow + - backup + - download-onedir-artifact + environment: <{ gh_environment }> + + steps: + - name: Clone The Salt Repository + uses: actions/checkout@v3 + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Publish Release Repository + env: + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + tools pkg repo publish <{ gh_environment }> ${{ needs.prepare-workflow.outputs.salt-version }} + + <%- if includes.get("test-pkg-downloads", True) %> + <%- include "test-pkg-repo-downloads.yml.jinja" %> + <%- endif %> + + release: + <%- do conclusion_needs.append('release') %> + name: Release v${{ needs.prepare-workflow.outputs.salt-version }} + if: ${{ always() && ! failure() && ! cancelled() }} + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + needs: + - prepare-workflow + - backup + - publish-repositories + <%- for need in test_repo_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + environment: <{ gh_environment }> + steps: + - name: Clone The Salt Repository + uses: actions/checkout@v3 + with: + ssh-key: ${{ secrets.GHA_SSH_KEY }} + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + id: get-secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text | jq .default_key -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \ + | gpg --import - + sync + aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \ + --query SecretString --output text| jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d - + sync + rm "$SECRETS_KEY_FILE" + echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf" + + - name: Prepare Release + id: prepare-release + run: | + tools pkg repo publish github --repository ${{ github.repository }} --key-id=<{ gpg_key_id }> ${{ needs.prepare-workflow.outputs.salt-version }} + + - name: Configure Git + shell: bash + run: | + git config --global --add safe.directory "$(pwd)" + git config --global user.name "Salt Project Packaging" + git config --global user.email saltproject-packaging@vmware.com + git config --global user.signingkey <{ gpg_key_id }> + git config --global commit.gpgsign true + + - name: Apply The Release Patch + run: | + git am --committer-date-is-author-date release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + rm release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + + - name: Tag The v${{ needs.prepare-workflow.outputs.salt-version }} Release + run: | + git tag -m "Release v${{ needs.prepare-workflow.outputs.salt-version }}" -as v${{ needs.prepare-workflow.outputs.salt-version }} + + - name: Push Changes + uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839 + with: + ssh: true + tags: true + atomic: true + branch: ${{ github.ref }} + + - name: Create Github Release + uses: ncipollo/release-action@v1.12.0 + with: + artifactErrorsFailBuild: true + artifacts: ${{ steps.prepare-release.outputs.release-artifacts }} + bodyFile: ${{ steps.prepare-release.outputs.release-messsage-file }} + draft: false + generateReleaseNotes: false + makeLatest: fromJSON(${{ steps.prepare-release.outputs.make-latest }}) + name: v${{ needs.prepare-workflow.outputs.salt-version }} + prerelease: ${{ contains(needs.prepare-workflow.outputs.salt-version, 'rc') }} + removeArtifacts: true + replacesArtifacts: true + tag: v${{ needs.prepare-workflow.outputs.salt-version }} + + - name: Upload PyPi Artifacts + uses: actions/upload-artifact@v3 + with: + name: pypi-artifacts + path: | + release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + release-artifacts/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.asc + retention-days: 7 + if-no-files-found: error + + {#- Disable automatic backup restore + restore: + <%- do conclusion_needs.append('restore') %> + name: Restore Release Bucket From Backup + if: ${{ always() && needs.backup.outputs.backup-complete == 'true' && (failure() || cancelled()) }} + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + needs: + - backup + - release + <%- for need in test_repo_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + environment: <{ gh_environment }> + steps: + - name: Clone The Salt Repository + uses: actions/checkout@v3 + with: + ssh-key: ${{ secrets.GHA_SSH_KEY }} + + - name: Setup Rclone + uses: AnimMouse/setup-rclone@v1 + with: + version: v1.61.1 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Restore Release Bucket + run: | + tools pkg repo restore-previous-releases + #} + + publish-pypi: + <%- do conclusion_needs.append('publish-pypi') %> + name: Publish to PyPi + if: ${{ always() && ! failure() && ! cancelled() && github.event.repository.fork != true }} + needs: + - prepare-workflow + - release {#- Disable automatic backup restore + - restore #} + environment: <{ gh_environment }> + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + id: get-secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + TWINE_PASSWORD=$(aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/publishing/publish-pypi \ + --query SecretString --output text | jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "$SECRETS_KEY_FILE" -d -) + echo "::add-mask::$TWINE_PASSWORD" + echo "twine-password=$TWINE_PASSWORD" >> "${GITHUB_OUTPUT}" + + - name: Download PyPi Artifacts + uses: actions/download-artifact@v3 + with: + name: pypi-artifacts + path: artifacts/release + + - name: Publish to PyPi + env: + TWINE_PASSWORD: "${{ steps.get-secrets.outputs.twine-password }}" + run: | + tools pkg pypi-upload artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + +<%- endblock jobs %> + +<%- block set_pipeline_exit_status_extra_steps %> + + - run: | + # shellcheck disable=SC2129 + if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then + echo 'To restore the release bucket run:' >> "${GITHUB_STEP_SUMMARY}" + echo '```' >> "${GITHUB_STEP_SUMMARY}" + echo 'tools pkg repo restore-previous-releases' >> "${GITHUB_STEP_SUMMARY}" + echo '```' >> "${GITHUB_STEP_SUMMARY}" + fi +<%- endblock set_pipeline_exit_status_extra_steps %> diff --git a/.github/workflows/templates/scheduled.yml.jinja b/.github/workflows/templates/scheduled.yml.jinja new file mode 100644 index 00000000000..4c78a978a44 --- /dev/null +++ b/.github/workflows/templates/scheduled.yml.jinja @@ -0,0 +1,45 @@ +<%- set prepare_workflow_if_check = "${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }}" %> +<%- set skip_test_coverage_check = "false" %> +<%- set skip_junit_reports_check = "false" %> +<%- extends 'ci.yml.jinja' %> + + +<%- block name %> + +name: <{ workflow_name }> +run-name: "<{ workflow_name }> (branch: ${{ github.ref_name }})" + +<%- endblock name %> + + +<%- block on %> + +on: + schedule: + # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule + - cron: '0 */8 * * *' # Run every 8 hours + +<%- endblock %> + +<%- block concurrency %> + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: false + +<%- endblock %> + + +<%- block permissions %> +<{- super() }> +<%- if workflow_slug == "scheduled" %> + actions: write # to trigger branch scheduled builds +<%- endif %> +<%- endblock permissions %> + +<%- block pre_jobs %> + + <%- include "workflow-requirements-check.yml.jinja" %> + <%- include "trigger-branch-workflows.yml.jinja" %> + +<%- endblock pre_jobs %> diff --git a/.github/workflows/templates/staging.yml.jinja b/.github/workflows/templates/staging.yml.jinja new file mode 100644 index 00000000000..548faa7a5e2 --- /dev/null +++ b/.github/workflows/templates/staging.yml.jinja @@ -0,0 +1,234 @@ +<%- set prepare_workflow_if_check = False %> +<%- set prepare_workflow_salt_version_input = "${{ inputs.salt-version }}" %> +<%- set prepare_workflow_skip_test_suite = "${{ inputs.skip-salt-test-suite && ' --skip-tests' || '' }}" %> +<%- set prepare_workflow_skip_pkg_test_suite = "${{ inputs.skip-salt-pkg-test-suite && ' --skip-pkg-tests' || '' }}" %> +<%- set prepare_workflow_skip_pkg_download_test_suite = "${{ inputs.skip-salt-pkg-download-test-suite && ' --skip-pkg-download-tests' || '' }}" %> +<%- set gh_environment = "staging" %> +<%- set prepare_actual_release = True %> +<%- set skip_test_coverage_check = "true" %> +<%- set skip_junit_reports_check = "true" %> +<%- extends 'nightly.yml.jinja' %> + +<%- block name %> + +name: <{ workflow_name }> +run-name: "<{ workflow_name }> (branch: ${{ github.ref_name }}; version: ${{ inputs.salt-version }})" + +<%- endblock name %> + +<%- block on %> + +on: + workflow_dispatch: + inputs: + salt-version: + type: string + required: true + description: > + The Salt version to set prior to building packages and staging the release. + (DO NOT prefix the version with a v, ie, 3006.0 NOT v3006.0). + sign-windows-packages: + type: boolean + default: false + description: Sign Windows Packages + skip-salt-test-suite: + type: boolean + default: false + description: Skip running the Salt test suite. + skip-salt-pkg-test-suite: + type: boolean + default: false + description: Skip running the Salt packages test suite. + skip-salt-pkg-download-test-suite: + type: boolean + default: false + description: Skip running the Salt packages download test suite. + +<%- endblock on %> + +<%- block concurrency %> + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }} + cancel-in-progress: false + +<%- endblock concurrency %> + + +<%- block pre_jobs %> + + <%- set job_name = "check-requirements" %> + + <{ job_name }>: + <%- do prepare_workflow_needs.append(job_name) %> + name: Check Requirements + runs-on: ubuntu-latest + environment: <{ gh_environment }>-check + steps: + - name: Check For Admin Permission + uses: actions-cool/check-user-permission@v2 + with: + require: admin + username: ${{ github.triggering_actor }} + + - name: Check Branch + run: | + echo "Trying to run the staging workflow from branch ${{ github.ref_name }}" + if [ "${{ contains(fromJSON('<{ release_branches|tojson }>'), github.ref_name) }}" != "true" ]; then + echo "Running the staging workflow from the ${{ github.ref_name }} branch is not allowed" + echo "Allowed branches: <{ release_branches|join(', ') }>" + exit 1 + else + echo "Allowed to release from branch ${{ github.ref_name }}" + fi + +<%- endblock pre_jobs %> + + +<%- block jobs %> + <{- super() }> + + upload-release-artifacts: + <%- do conclusion_needs.append('upload-release-artifacts') %> + name: Upload Release Artifacts + needs: + - prepare-workflow + - build-docs + - build-src-repo + environment: <{ gh_environment }> + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + steps: + - uses: actions/checkout@v3 + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Download Release Patch + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch + path: artifacts/release + + - name: Download Source Repository + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-<{ gh_environment }>-src-repo + path: artifacts/release + + - name: Download Release Documentation (HTML) + uses: actions/download-artifact@v3 + with: + name: salt-${{ needs.prepare-workflow.outputs.salt-version }}-docs-html.tar.xz + path: artifacts/release + + - name: Download Release Documentation (ePub) + uses: actions/download-artifact@v3 + with: + name: Salt-${{ needs.prepare-workflow.outputs.salt-version }}.epub + path: artifacts/release + + - name: Show Release Artifacts + run: | + tree -a artifacts/release + + {#- + + - name: Download Release Documentation (PDF) + uses: actions/download-artifact@v3 + with: + name: Salt-${{ needs.prepare-workflow.outputs.salt-version }}.pdf + path: artifacts/release + + #} + + - name: Upload Release Artifacts + run: | + tools release upload-artifacts ${{ needs.prepare-workflow.outputs.salt-version }} artifacts/release + + - name: Upload PyPi Artifacts + uses: actions/upload-artifact@v3 + with: + name: pypi-artifacts + path: | + artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz.asc + retention-days: 7 + if-no-files-found: error + + <%- if includes.get("test-pkg-downloads", True) %> + <%- include "test-pkg-repo-downloads.yml.jinja" %> + <%- endif %> + + publish-pypi: + <%- do conclusion_needs.append('publish-pypi') %> + name: Publish to PyPi(test) + if: ${{ github.event.repository.fork != true }} + needs: + - prepare-workflow + - upload-release-artifacts + <%- for need in test_salt_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + <%- for need in test_salt_pkg_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + <%- for need in test_repo_needs.iter(consume=True) %> + - <{ need }> + <%- endfor %> + environment: <{ gh_environment }> + runs-on: + - self-hosted + - linux + - repo-<{ gh_environment }> + steps: + - uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Setup GnuPG + run: | + sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg + GNUPGHOME="$(mktemp -d -p /run/gpg)" + echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV" + cat < "${GNUPGHOME}/gpg.conf" + batch + no-tty + pinentry-mode loopback + EOF + + - name: Get Secrets + id: get-secrets + env: + SECRETS_KEY: ${{ secrets.SECRETS_KEY }} + run: | + SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX) + echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE" + TWINE_PASSWORD=$(aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/publishing/publish-test-pypi \ + --query SecretString --output text | jq .default_passphrase -r | base64 -d \ + | gpg --passphrase-file "$SECRETS_KEY_FILE" -d -) + echo "::add-mask::$TWINE_PASSWORD" + echo "twine-password=$TWINE_PASSWORD" >> "${GITHUB_OUTPUT}" + + - name: Download PyPi Artifacts + uses: actions/download-artifact@v3 + with: + name: pypi-artifacts + path: artifacts/release + + - name: Publish to Test PyPi + env: + TWINE_PASSWORD: "${{ steps.get-secrets.outputs.twine-password }}" + run: | + tools pkg pypi-upload --test artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz + +<%- endblock jobs %> diff --git a/.github/workflows/templates/test-pkg-repo-downloads.yml.jinja b/.github/workflows/templates/test-pkg-repo-downloads.yml.jinja new file mode 100644 index 00000000000..ac826f6e9fe --- /dev/null +++ b/.github/workflows/templates/test-pkg-repo-downloads.yml.jinja @@ -0,0 +1,131 @@ + + <%- set linux_pkg_tests = ( + ("almalinux-8", "Alma Linux 8", "x86_64"), + ("almalinux-8-arm64", "Alma Linux 8 Arm64", "aarch64"), + ("almalinux-9", "Alma Linux 9", "x86_64"), + ("almalinux-9-arm64", "Alma Linux 9 Arm64", "aarch64"), + ("amazonlinux-2", "Amazon Linux 2", "x86_64"), + ("amazonlinux-2-arm64", "Amazon Linux 2 Arm64", "aarch64"), + ("centos-7", "CentOS 7", "x86_64"), + ("centos-7-arm64", "CentOS 7 Arm64", "aarch64"), + ("centosstream-8", "CentOS Stream 8", "x86_64"), + ("centosstream-8-arm64", "CentOS Stream 8 Arm64", "aarch64"), + ("centosstream-9", "CentOS Stream 9", "x86_64"), + ("centosstream-9-arm64", "CentOS Stream 9 Arm64", "aarch64"), + ("debian-10", "Debian 10", "x86_64"), + ("debian-11", "Debian 11", "x86_64"), + ("debian-11-arm64", "Debian 11 Arm64", "aarch64"), + ("fedora-36", "Fedora 36", "x86_64"), + ("fedora-36-arm64", "Fedora 36 Arm64", "aarch64"), + ("fedora-37", "Fedora 37", "x86_64"), + ("fedora-37-arm64", "Fedora 37 Arm64", "aarch64"), + ("fedora-38", "Fedora 38", "x86_64"), + ("fedora-38-arm64", "Fedora 38 Arm64", "aarch64"), + ("photonos-3", "Photon OS 3", "x86_64"), + ("photonos-4", "Photon OS 4", "x86_64"), + ("ubuntu-20.04", "Ubuntu 20.04", "x86_64"), + ("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64"), + ("ubuntu-22.04", "Ubuntu 22.04", "x86_64"), + ("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64") + ) %> + + + <%- for slug, display_name, arch in linux_pkg_tests %> + <%- set job_name = "{}-pkg-download-tests".format(slug.replace(".", "")) %> + + <{ job_name }>: + <%- do test_repo_needs.append(job_name) %> + name: Test <{ display_name }> Package Downloads + <%- if gh_environment == "staging" %> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + <%- else %> + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + <%- endif %> + needs: + - prepare-workflow + - publish-repositories + <%- if gh_environment == "release" %> + - download-onedir-artifact + <%- endif %> + uses: ./.github/workflows/test-package-downloads-action-linux.yml + with: + distro-slug: <{ slug }> + platform: linux + arch: <{ arch }> + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_linux }> + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: <{ gh_environment }> + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + + <%- endfor %> + + + <%- for slug, display_name, arch in ( + ("macos-12", "macOS 12", "x86_64"), + ) %> + <%- set job_name = "{}-pkg-download-tests".format(slug.replace(".", "")) %> + + <{ job_name }>: + <%- do test_repo_needs.append(job_name) %> + name: Test <{ display_name }> Package Downloads + <%- if gh_environment == "staging" %> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + <%- else %> + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + <%- endif %> + needs: + - prepare-workflow + - publish-repositories + <%- if gh_environment == "release" %> + - download-onedir-artifact + <%- endif %> + uses: ./.github/workflows/test-package-downloads-action-macos.yml + with: + distro-slug: <{ slug }> + platform: darwin + arch: <{ arch }> + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_macos }> + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: <{ gh_environment }> + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + <%- endfor %> + + + <%- for slug, display_name, arch in ( + ("windows-2022", "Windows 2022", "amd64"), + ) %> + <%- for pkg_type in ("NSIS", "MSI") %> + <%- set job_name = "{}-{}-{}-pkg-download-tests".format(slug.replace(".", ""), pkg_type.lower(), arch.lower()) %> + + <{ job_name }>: + <%- do test_repo_needs.append(job_name) %> + <%- if gh_environment == "staging" %> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg-download'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + <%- else %> + if: ${{ inputs.skip-salt-pkg-download-test-suite == false }} + <%- endif %> + name: Test <{ display_name }> <{ arch }> <{ pkg_type }> Package Downloads + needs: + - prepare-workflow + - publish-repositories + <%- if gh_environment == "release" %> + - download-onedir-artifact + <%- endif %> + uses: ./.github/workflows/test-package-downloads-action-windows.yml + with: + distro-slug: <{ slug }> + platform: windows + arch: <{ arch }> + pkg-type: <{ pkg_type }> + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_windows }> + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + environment: <{ gh_environment }> + skip-code-coverage: true + latest-release: "${{ needs.prepare-workflow.outputs.latest-release }}" + secrets: inherit + <%- endfor %> + <%- endfor %> diff --git a/.github/workflows/templates/test-salt-pkg.yml.jinja b/.github/workflows/templates/test-salt-pkg.yml.jinja new file mode 100644 index 00000000000..99fc85db4fb --- /dev/null +++ b/.github/workflows/templates/test-salt-pkg.yml.jinja @@ -0,0 +1,111 @@ + + <%- set linux_pkg_tests = ( + ("almalinux-8", "Alma Linux 8", "x86_64", "rpm"), + ("almalinux-9", "Alma Linux 9", "x86_64", "rpm"), + ("amazonlinux-2", "Amazon Linux 2", "x86_64", "rpm"), + ("centos-7", "CentOS 7", "x86_64", "rpm"), + ("centosstream-8", "CentOS Stream 8", "x86_64", "rpm"), + ("centosstream-9", "CentOS Stream 9", "x86_64", "rpm"), + ("debian-10", "Debian 10", "x86_64", "deb"), + ("debian-11", "Debian 11", "x86_64", "deb"), + ("debian-11-arm64", "Debian 11 Arm64", "aarch64", "deb"), + ("fedora-36", "Fedora 36", "x86_64", "rpm"), + ("fedora-37", "Fedora 37", "x86_64", "rpm"), + ("fedora-38", "Fedora 38", "x86_64", "rpm"), + ("ubuntu-20.04", "Ubuntu 20.04", "x86_64", "deb"), + ("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64", "deb"), + ("ubuntu-22.04", "Ubuntu 22.04", "x86_64", "deb"), + ("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64", "deb") + ) %> + + <%- set linux_pkg_tests = ( + ("amazonlinux-2", "Amazon Linux 2", "x86_64", "rpm"), + ("centos-7", "CentOS 7", "x86_64", "rpm"), + ("centosstream-8", "CentOS Stream 8", "x86_64", "rpm"), + ("centosstream-9", "CentOS Stream 9", "x86_64", "rpm"), + ("debian-10", "Debian 10", "x86_64", "deb"), + ("debian-11", "Debian 11", "x86_64", "deb"), + ("debian-11-arm64", "Debian 11 Arm64", "aarch64", "deb"), + ("photonos-3", "Photon OS 3", "x86_64", "rpm"), + ("photonos-4", "Photon OS 4", "x86_64", "rpm"), + ("ubuntu-20.04", "Ubuntu 20.04", "x86_64", "deb"), + ("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64", "deb"), + ("ubuntu-22.04", "Ubuntu 22.04", "x86_64", "deb"), + ("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64", "deb") + ) %> + + <%- for slug, display_name, arch, pkg_type in linux_pkg_tests %> + <%- set job_name = "{}-pkg-tests".format(slug.replace(".", "")) %> + + <{ job_name }>: + <%- do test_salt_pkg_needs.append(job_name) %> + name: <{ display_name }> Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-<{ pkg_type }>-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: <{ slug }> + platform: linux + arch: <{ arch }> + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: <{ pkg_type }> + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_linux }> + skip-code-coverage: <{ skip_test_coverage_check }> + skip-junit-reports: <{ skip_junit_reports_check }> + + <%- endfor %> + + + + <%- for slug, display_name, arch in (("macos-12", "macOS 12", "x86_64"),) %> + <%- set job_name = "{}-pkg-tests".format(slug.replace(".", "")) %> + + <{ job_name }>: + <%- do test_salt_pkg_needs.append(job_name) %> + name: <{ display_name }> Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-macos-pkgs + uses: ./.github/workflows/test-packages-action-macos.yml + with: + distro-slug: <{ slug }> + platform: darwin + arch: <{ arch }> + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: macos + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_macos }> + skip-code-coverage: <{ skip_test_coverage_check }> + skip-junit-reports: <{ skip_junit_reports_check }> + + <%- endfor %> + + + <%- for slug, display_name, arch in (("windows-2016", "Windows 2016", "amd64"), + ("windows-2019", "Windows 2019", "amd64"), + ("windows-2022", "Windows 2022", "amd64")) %> + <%- for pkg_type in ("NSIS", "MSI") %> + <%- set job_name = "{}-{}-pkg-tests".format(slug.replace(".", ""), pkg_type.lower()) %> + + <{ job_name }>: + <%- do test_salt_pkg_needs.append(job_name) %> + name: <{ display_name }> <{ pkg_type }> Package Tests + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test-pkg'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-windows-pkgs + uses: ./.github/workflows/test-packages-action.yml + with: + distro-slug: <{ slug }> + platform: windows + arch: <{ arch }> + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + pkg-type: <{ pkg_type }> + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_windows }> + skip-code-coverage: <{ skip_test_coverage_check }> + skip-junit-reports: <{ skip_junit_reports_check }> + + <%- endfor %> + <%- endfor %> diff --git a/.github/workflows/templates/test-salt.yml.jinja b/.github/workflows/templates/test-salt.yml.jinja new file mode 100644 index 00000000000..2eb0fb5e50e --- /dev/null +++ b/.github/workflows/templates/test-salt.yml.jinja @@ -0,0 +1,93 @@ + + <%- for slug, display_name, arch in (("windows-2016", "Windows 2016", "amd64"), + ("windows-2019", "Windows 2019", "amd64"), + ("windows-2022", "Windows 2022", "amd64")) %> + + <{ slug.replace(".", "") }>: + <%- do test_salt_needs.append(slug.replace(".", "")) %> + name: <{ display_name }> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: <{ slug }> + nox-session: ci-test-onedir + platform: windows + arch: amd64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_windows }> + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: <{ skip_test_coverage_check }> + skip-junit-reports: <{ skip_junit_reports_check }> + + <%- endfor %> + + <%- for slug, display_name, arch in (("macos-12", "macOS 12", "x86_64"),) %> + + <{ slug.replace(".", "") }>: + <%- do test_salt_needs.append(slug.replace(".", "")) %> + name: <{ display_name }> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action-macos.yml + with: + distro-slug: <{ slug }> + nox-session: ci-test-onedir + platform: darwin + arch: x86_64 + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_macos }> + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: <{ skip_test_coverage_check }> + skip-junit-reports: <{ skip_junit_reports_check }> + + <%- endfor %> + + <%- for slug, display_name, arch in (("almalinux-8", "Alma Linux 8", "x86_64"), + ("almalinux-9", "Alma Linux 9", "x86_64"), + ("amazonlinux-2", "Amazon Linux 2", "x86_64"), + ("archlinux-lts", "Arch Linux LTS", "x86_64"), + ("centos-7", "CentOS 7", "x86_64"), + ("centosstream-8", "CentOS Stream 8", "x86_64"), + ("centosstream-9", "CentOS Stream 9", "x86_64"), + ("debian-10", "Debian 10", "x86_64"), + ("debian-11", "Debian 11", "x86_64"), + ("debian-11-arm64", "Debian 11 Arm64", "aarch64"), + ("fedora-36", "Fedora 36", "x86_64"), + ("fedora-37", "Fedora 37", "x86_64"), + ("fedora-38", "Fedora 38", "x86_64"), + ("opensuse-15", "Opensuse 15", "x86_64"), + ("photonos-3", "Photon OS 3", "x86_64"), + ("photonos-4", "Photon OS 4", "x86_64"), + ("ubuntu-20.04", "Ubuntu 20.04", "x86_64"), + ("ubuntu-20.04-arm64", "Ubuntu 20.04 Arm64", "aarch64"), + ("ubuntu-22.04", "Ubuntu 22.04", "x86_64"), + ("ubuntu-22.04-arm64", "Ubuntu 22.04 Arm64", "aarch64")) %> + + <{ slug.replace(".", "") }>: + <%- do test_salt_needs.append(slug.replace(".", "")) %> + name: <{ display_name }> + if: ${{ fromJSON(needs.prepare-workflow.outputs.jobs)['test'] && fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }} + needs: + - prepare-workflow + - build-salt-onedir + uses: ./.github/workflows/test-action.yml + with: + distro-slug: <{ slug }> + nox-session: ci-test-onedir + platform: linux + arch: <{ arch }> + testrun: ${{ needs.prepare-workflow.outputs.testrun }} + salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}" + cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}|<{ python_version_linux }> + pull-labels: ${{ needs.prepare-workflow.outputs.pull-labels }} + skip-code-coverage: <{ skip_test_coverage_check }> + skip-junit-reports: <{ skip_junit_reports_check }> + + <%- endfor %> diff --git a/.github/workflows/templates/trigger-branch-workflows.yml.jinja b/.github/workflows/templates/trigger-branch-workflows.yml.jinja new file mode 100644 index 00000000000..30f48ffc048 --- /dev/null +++ b/.github/workflows/templates/trigger-branch-workflows.yml.jinja @@ -0,0 +1,21 @@ + + + <%- set job_name = "trigger-branch-{}-builds".format(workflow_slug) %> + <%- set branches = ["3006.x"] %> + + <{ job_name }>: + <%- do conclusion_needs.append(job_name) %> + name: Trigger Branch Workflows + if: ${{ github.event_name == 'schedule' && fromJSON(needs.workflow-requirements.outputs.requirements-met) }} + runs-on: + - ubuntu-latest + needs: + - workflow-requirements + steps: + <%- for branch in branches %> + - name: Trigger <{ branch }> branch + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh workflow run <{ workflow_slug }>.yml --repo ${{ github.repository }} --ref <{ branch }> + <%- endfor %> diff --git a/.github/workflows/templates/workflow-requirements-check.yml.jinja b/.github/workflows/templates/workflow-requirements-check.yml.jinja new file mode 100644 index 00000000000..419ee3f6f52 --- /dev/null +++ b/.github/workflows/templates/workflow-requirements-check.yml.jinja @@ -0,0 +1,29 @@ + + <%- set job_name = "workflow-requirements" %> + + <{ job_name }>: + <%- do prepare_workflow_needs.append(job_name) %> + name: Check Workflow Requirements + runs-on: ubuntu-latest + outputs: + requirements-met: ${{ steps.check-requirements.outputs.requirements-met }} + steps: + - name: Check Requirements + id: check-requirements + run: | + if [ "${{ vars.RUN_SCHEDULED_BUILDS }}" = "1" ]; then + MSG="Running workflow because RUN_SCHEDULED_BUILDS=1" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=true" >> "${GITHUB_OUTPUT}" + elif [ "${{ github.event.repository.fork }}" = "true" ]; then + MSG="Not running workflow because ${{ github.repository }} is a fork" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=false" >> "${GITHUB_OUTPUT}" + else + MSG="Running workflow because ${{ github.repository }} is not a fork" + echo "${MSG}" + echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}" + echo "requirements-met=true" >> "${GITHUB_OUTPUT}" + fi diff --git a/.github/workflows/test-action-macos.yml b/.github/workflows/test-action-macos.yml new file mode 100644 index 00000000000..b8088c64522 --- /dev/null +++ b/.github/workflows/test-action-macos.yml @@ -0,0 +1,567 @@ +--- +name: Test Artifact(macOS) + +on: + workflow_call: + inputs: + distro-slug: + required: true + type: string + description: The OS slug to run tests against + nox-session: + required: true + type: string + description: The nox session to run + testrun: + required: true + type: string + description: JSON string containing information about what and how to run the test suite + python-version: + required: false + type: string + description: The python version to run tests with + default: "3.9" + salt-version: + type: string + required: true + description: The Salt version to set prior to running tests. + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + platform: + required: true + type: string + description: The platform being tested + arch: + required: true + type: string + description: The platform arch being tested + package-name: + required: false + type: string + description: The onedir package name to use + default: salt + pull-labels: + required: false + type: string + description: List of all the pull labels + default: '["test:slow", "test:core"]' + skip-code-coverage: + required: false + type: boolean + description: Skip code coverage + default: false + skip-junit-reports: + required: false + type: boolean + description: Skip Publishing JUnit Reports + default: false + + +env: + NOX_VERSION: "2022.8.7" + COLUMNS: 190 + PIP_INDEX_URL: "https://pypi-proxy.saltstack.net/root/local/+simple/" + PIP_EXTRA_INDEX_URL: "https://pypi.org/simple" + +jobs: + + generate-matrix: + name: Generate Test Matrix + runs-on: ubuntu-latest + outputs: + matrix-include: ${{ steps.generate-matrix.outputs.matrix }} + transport-matrix-include: ${{ steps.generate-transport-matrix.outputs.matrix }} + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Generate Test Matrix + id: generate-matrix + run: | + TEST_MATRIX=$(tools ci matrix ${{ inputs.distro-slug }}) + echo "$TEST_MATRIX" + echo "matrix=$TEST_MATRIX" >> "$GITHUB_OUTPUT" + + - name: Generate Transport Matrix + id: generate-transport-matrix + run: | + TRANSPORT_MATRIX=$(tools ci transport-matrix ${{ inputs.distro-slug }}) + echo "$TRANSPORT_MATRIX" + echo "matrix=$TRANSPORT_MATRIX" >> "$GITHUB_OUTPUT" + + dependencies: + name: Setup Test Dependencies + runs-on: ${{ inputs.distro-slug }} + timeout-minutes: 90 + needs: + - generate-matrix + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.transport-matrix-include) }} + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + id: nox-dependencies-cache + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ matrix.transport }}|${{ inputs.python-version }}|${{ hashFiles('requirements/**/*.txt') }} + + - name: Download Onedir Tarball as an Artifact + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Set up Python ${{ inputs.python-version }} + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + + - name: Install System Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + brew install openssl@3 + + - name: Install Nox + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Define Nox Session + id: define-nox-session + run: | + if [ "${{ matrix.transport }}" != "tcp" ]; then + echo NOX_SESSION=${{ inputs.nox-session}} >> "$GITHUB_ENV" + echo "nox-session=${{ inputs.nox-session}}" >> "$GITHUB_OUTPUT" + else + echo NOX_SESSION=${{ inputs.nox-session}}-tcp >> "$GITHUB_ENV" + echo "nox-session=${{ inputs.nox-session}}-tcp" >> "$GITHUB_OUTPUT" + fi + + - name: Install Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + env: + PRINT_TEST_SELECTION: "0" + PRINT_SYSTEM_INFO: "0" + run: | + export PYCURL_SSL_LIBRARY=openssl + export LDFLAGS="-L/usr/local/opt/openssl@3/lib" + export CPPFLAGS="-I/usr/local/opt/openssl@3/include" + export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig" + nox --install-only -e ${{ env.NOX_SESSION }} + + - name: Cleanup .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + nox -e "pre-archive-cleanup(pkg=False)" + + - name: Compress .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + nox -e compress-dependencies -- ${{ inputs.distro-slug }} + + - name: Upload Nox Requirements Tarball + uses: actions/upload-artifact@v3 + with: + name: nox-${{ inputs.distro-slug }}-${{ steps.define-nox-session.outputs.nox-session }} + path: nox.${{ inputs.distro-slug }}.tar.* + + test: + name: Test + runs-on: ${{ inputs.distro-slug }} + timeout-minutes: 360 # 6 Hours + needs: + - generate-matrix + - dependencies + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup Salt Version + run: | + echo "${{ inputs.salt-version }}" > salt/_version.txt + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Install System Dependencies + run: | + brew install tree + + - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ matrix.transport }}|${{ inputs.python-version }}|${{ hashFiles('requirements/**/*.txt') }} + # If we get a cache miss here it means the dependencies step failed to save the cache + fail-on-cache-miss: true + + - name: Set up Python ${{ inputs.python-version }} + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Decompress .nox Directory + run: | + nox -e decompress-dependencies -- ${{ inputs.distro-slug }} + + - name: Define Nox Session + run: | + if [ "${{ matrix.transport }}" != "tcp" ]; then + echo NOX_SESSION=${{ inputs.nox-session}} >> "$GITHUB_ENV" + else + echo NOX_SESSION=${{ inputs.nox-session}}-tcp >> "$GITHUB_ENV" + fi + + - name: Download testrun-changed-files.txt + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }} + uses: actions/download-artifact@v3 + with: + name: testrun-changed-files.txt + + - name: Show System Info & Test Plan + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "1" + PRINT_TEST_PLAN_ONLY: "1" + PRINT_SYSTEM_INFO: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "1" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- -k "mac or darwin" + + - name: Get Test Flags + id: get-test-flags + shell: bash + env: + PULL_LABELS: ${{ inputs.pull-labels }} + run: | + echo "$PULL_LABELS" + # shellcheck disable=SC2086 + no_fast_tests="$(jq -c '. | any(index("test:no-fast"))' <<< $PULL_LABELS)" + # shellcheck disable=SC2086 + slow_tests="$(jq -c '. | any(index("test:slow"))' <<< $PULL_LABELS)" + # shellcheck disable=SC2086 + core_tests="$(jq -c '. | any(index("test:core"))' <<< $PULL_LABELS)" + # shellcheck disable=SC2086 + flaky_jail_tests="$(jq -c '. | any(index("test:flaky-jail"))' <<< $PULL_LABELS)" + echo "$no_fast_tests" + echo "$slow_tests" + echo "$core_tests" + echo "$flaky_jail_tests" + # shellcheck disable=SC2086 + { + echo "no_fast_tests=$no_fast_tests"; + echo "slow_tests=$slow_tests"; + echo "core_tests=$core_tests"; + echo "flaky_jail_tests=$flaky_jail_tests"; + } >> "$GITHUB_OUTPUT" + + - name: Run Fast/Changed Tests + id: run-fast-changed-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.no_fast_tests == 'true' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + -k "mac or darwin" --suppress-no-test-exit-code \ + --from-filenames=testrun-changed-files.txt + + - name: Run Slow/Changed Tests + id: run-slow-changed-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.slow_tests == 'false' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + -k "mac or darwin" --suppress-no-test-exit-code --no-fast-tests --slow-tests \ + --from-filenames=testrun-changed-files.txt + + - name: Run Core/Changed Tests + id: run-core-changed-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.core_tests == 'false' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + -k "mac or darwin" --suppress-no-test-exit-code --no-fast-tests --core-tests \ + --from-filenames=testrun-changed-files.txt + + - name: Run Fast Tests + id: run-fast-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.no_fast_tests == 'false' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + -k "mac or darwin" --suppress-no-test-exit-code + + - name: Run Slow Tests + id: run-slow-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.slow_tests == 'true' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + -k "mac or darwin" --suppress-no-test-exit-code --no-fast-tests --slow-tests + + - name: Run Core Tests + id: run-core-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.core_tests == 'true' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + -k "mac or darwin" --suppress-no-test-exit-code --no-fast-tests --core-tests + + - name: Run Flaky Tests + id: run-flaky-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.flaky_jail_tests == 'true' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + -k "mac or darwin" --suppress-no-test-exit-code --no-fast-tests --flaky-jail + + - name: Run Full Tests + id: run-full-tests + if: ${{ fromJSON(inputs.testrun)['type'] == 'full' }} + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + sudo -E nox -e ${{ env.NOX_SESSION }} -- ${{ matrix.tests-chunk }} -- \ + --slow-tests --core-tests -k "mac or darwin" + + - name: Fix file ownership + run: | + sudo chown -R "$(id -un)" . + + - name: Combine Coverage Reports + if: always() && inputs.skip-code-coverage == false && job.status != 'cancelled' + run: | + nox -e combine-coverage + + - name: Prepare Test Run Artifacts + id: download-artifacts-from-vm + if: always() && job.status != 'cancelled' + run: | + # Delete the salt onedir, we won't need it anymore and it will prevent + # from it showing in the tree command below + rm -rf artifacts/salt* + tree -a artifacts + if [ "${{ inputs.skip-code-coverage }}" != "true" ]; then + mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ env.NOX_SESSION }}.${{ matrix.tests-chunk }} + echo "COVERAGE_FILE=artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ env.NOX_SESSION }}.${{ matrix.tests-chunk }}" >> GITHUB_ENV + fi + + - name: Upload Code Coverage Test Run Artifacts + if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: | + artifacts/coverage/ + + - name: Upload JUnit XML Test Run Artifacts + if: always() && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: | + artifacts/xml-unittests-output/ + + - name: Upload Test Run Log Artifacts + if: always() && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: | + artifacts/logs + + + report: + name: Reports for ${{ inputs.distro-slug }}(${{ matrix.transport }}) + if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped' + runs-on: ubuntu-latest + needs: + - generate-matrix + - test + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.transport-matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Define Nox Session + run: | + if [ "${{ matrix.transport }}" != "tcp" ]; then + echo NOX_SESSION=${{ inputs.nox-session }} >> "$GITHUB_ENV" + else + echo NOX_SESSION=${{ inputs.nox-session }}-tcp >> "$GITHUB_ENV" + fi + + - name: Download Code Coverage Test Run Artifacts + uses: actions/download-artifact@v3 + if: ${{ inputs.skip-code-coverage == false }} + id: download-coverage-artifacts + with: + name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: artifacts/coverage/ + + - name: Download JUnit XML Test Run Artifacts + uses: actions/download-artifact@v3 + id: download-junit-artifacts + with: + name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: artifacts/xml-unittests-output/ + + - name: Show Downloaded Test Run Artifacts + run: | + tree -a artifacts + + - name: Set up Python ${{ inputs.python-version }} + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Combine Code Coverage + if: ${{ inputs.skip-code-coverage == false }} + continue-on-error: true + run: | + nox --force-color -e combine-coverage + + - name: Upload Code Coverage DB + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + uses: actions/upload-artifact@v3 + with: + name: code-coverage + path: artifacts/coverage + + - name: Report Salt Code Coverage + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + continue-on-error: true + run: | + nox --force-color -e report-coverage -- salt + + - name: Report Tests Code Coverage + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + continue-on-error: true + run: | + nox --force-color -e report-coverage -- tests + + - name: Report Combined Code Coverage + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + continue-on-error: true + run: | + nox --force-color -e report-coverage + + - name: Publish Test Report + uses: mikepenz/action-junit-report@v3 + # always run even if the previous steps fails + if: always() && inputs.skip-junit-reports == false && steps.download-junit-artifacts.outcome == 'success' + with: + check_name: Test Results(${{ inputs.distro-slug }}) + report_paths: 'artifacts/xml-unittests-output/*.xml' + annotate_only: true diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml new file mode 100644 index 00000000000..0982e7446eb --- /dev/null +++ b/.github/workflows/test-action.yml @@ -0,0 +1,537 @@ +--- +name: Test Artifact + +on: + workflow_call: + inputs: + distro-slug: + required: true + type: string + description: The OS slug to run tests against + nox-session: + required: true + type: string + description: The nox session to run + testrun: + required: true + type: string + description: JSON string containing information about what and how to run the test suite + salt-version: + type: string + required: true + description: The Salt version to set prior to running tests. + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + platform: + required: true + type: string + description: The platform being tested + arch: + required: true + type: string + description: The platform arch being tested + package-name: + required: false + type: string + description: The onedir package name to use + default: salt + pull-labels: + required: false + type: string + description: List of all the pull labels + default: '["test:slow", "test:core"]' + skip-code-coverage: + required: false + type: boolean + description: Skip code coverage + default: false + skip-junit-reports: + required: false + type: boolean + description: Skip Publishing JUnit Reports + default: false + + +env: + NOX_VERSION: "2022.8.7" + COLUMNS: 190 + AWS_MAX_ATTEMPTS: "10" + AWS_RETRY_MODE: "adaptive" + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + +jobs: + + generate-matrix: + name: Generate Test Matrix + runs-on: + - self-hosted + - linux + - x86_64 + outputs: + matrix-include: ${{ steps.generate-matrix.outputs.matrix }} + transport-matrix-include: ${{ steps.generate-transport-matrix.outputs.matrix }} + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Generate Test Matrix + id: generate-matrix + run: | + TEST_MATRIX=$(tools ci matrix ${{ inputs.distro-slug }}) + echo "$TEST_MATRIX" + echo "matrix=$TEST_MATRIX" >> "$GITHUB_OUTPUT" + + - name: Generate Transport Matrix + id: generate-transport-matrix + run: | + TRANSPORT_MATRIX=$(tools ci transport-matrix ${{ inputs.distro-slug }}) + echo "$TRANSPORT_MATRIX" + echo "matrix=$TRANSPORT_MATRIX" >> "$GITHUB_OUTPUT" + + dependencies: + name: Setup Test Dependencies + needs: + - generate-matrix + runs-on: + - self-hosted + - linux + - bastion + timeout-minutes: 90 + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.transport-matrix-include) }} + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + id: nox-dependencies-cache + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ matrix.transport }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + + - name: Download Onedir Tarball as an Artifact + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: PyPi Proxy + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt + + - name: Setup Python Tools Scripts + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: ./.github/actions/setup-python-tools-scripts + + - name: Define Nox Session + id: define-nox-session + run: | + if [ "${{ matrix.transport }}" != "tcp" ]; then + echo NOX_SESSION=${{ inputs.nox-session}} >> "$GITHUB_ENV" + echo "nox-session=${{ inputs.nox-session}}" >> "$GITHUB_OUTPUT" + else + echo NOX_SESSION=${{ inputs.nox-session}}-tcp >> "$GITHUB_ENV" + echo "nox-session=${{ inputs.nox-session}}-tcp" >> "$GITHUB_OUTPUT" + fi + + - name: Get Salt Project GitHub Actions Bot Environment + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + id: spin-up-vm + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Install Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm install-dependencies --nox-session=${{ env.NOX_SESSION }} ${{ inputs.distro-slug }} + + - name: Cleanup .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm pre-archive-cleanup ${{ inputs.distro-slug }} + + - name: Compress .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm compress-dependencies ${{ inputs.distro-slug }} + + - name: Download Compressed .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm download-dependencies ${{ inputs.distro-slug }} + + - name: Destroy VM + if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} + + - name: Upload Nox Requirements Tarball + uses: actions/upload-artifact@v3 + with: + name: nox-${{ inputs.distro-slug }}-${{ steps.define-nox-session.outputs.nox-session }} + path: nox.${{ inputs.distro-slug }}.tar.* + + test: + name: Test + runs-on: + - self-hosted + - linux + - bastion + timeout-minutes: 300 # 5 Hours - More than this and something is wrong + needs: + - dependencies + - generate-matrix + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup Salt Version + run: | + echo "${{ inputs.salt-version }}" > salt/_version.txt + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ matrix.transport }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + # If we get a cache miss here it means the dependencies step failed to save the cache + fail-on-cache-miss: true + + - name: PyPi Proxy + run: | + sed -i '7s;^;--index-url=https://pypi-proxy.saltstack.net/root/local/+simple/ --extra-index-url=https://pypi.org/simple\n;' requirements/static/ci/*/*.txt + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Define Nox Session + run: | + if [ "${{ matrix.transport }}" != "tcp" ]; then + echo NOX_SESSION=${{ inputs.nox-session }} >> "$GITHUB_ENV" + else + echo NOX_SESSION=${{ inputs.nox-session }}-tcp >> "$GITHUB_ENV" + fi + + - name: Download testrun-changed-files.txt + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' }} + uses: actions/download-artifact@v3 + with: + name: testrun-changed-files.txt + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + id: spin-up-vm + env: + TESTS_CHUNK: ${{ matrix.tests-chunk }} + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Decompress .nox Directory + run: | + tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }} + + - name: Show System Info & Test Plan + run: | + tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} ${{ inputs.distro-slug }} \ + ${{ matrix.tests-chunk }} + + - name: Get Test Flags + id: get-test-flags + shell: bash + env: + PULL_LABELS: ${{ inputs.pull-labels }} + run: | + echo "$PULL_LABELS" + # shellcheck disable=SC2086 + no_fast_tests="$(jq -c '. | any(index("test:no-fast"))' <<< $PULL_LABELS)" + # shellcheck disable=SC2086 + slow_tests="$(jq -c '. | any(index("test:slow"))' <<< $PULL_LABELS)" + # shellcheck disable=SC2086 + core_tests="$(jq -c '. | any(index("test:core"))' <<< $PULL_LABELS)" + # shellcheck disable=SC2086 + flaky_jail_tests="$(jq -c '. | any(index("test:flaky-jail"))' <<< $PULL_LABELS)" + echo "$no_fast_tests" + echo "$slow_tests" + echo "$core_tests" + echo "$flaky_jail_tests" + # shellcheck disable=SC2086 + { + echo "no_fast_tests=$no_fast_tests"; + echo "slow_tests=$slow_tests"; + echo "core_tests=$core_tests"; + echo "flaky_jail_tests=$flaky_jail_tests"; + } >> "$GITHUB_OUTPUT" + + - name: Run Fast/Changed Tests + id: run-fast-changed-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.no_fast_tests == 'true' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ inputs.distro-slug }} \ + ${{ matrix.tests-chunk }} -- --suppress-no-test-exit-code \ + --from-filenames=testrun-changed-files.txt + + - name: Run Slow/Changed Tests + id: run-slow-changed-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.slow_tests == 'false' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ inputs.distro-slug }} \ + ${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests --suppress-no-test-exit-code \ + --from-filenames=testrun-changed-files.txt + + - name: Run Core/Changed Tests + id: run-core-changed-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.core_tests == 'false' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ inputs.distro-slug }} \ + ${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests --suppress-no-test-exit-code \ + --from-filenames=testrun-changed-files.txt + + - name: Run Fast Tests + id: run-fast-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.no_fast_tests == 'false' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \ + ${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} + + - name: Run Slow Tests + id: run-slow-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.slow_tests == 'true' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ inputs.distro-slug }} \ + ${{ matrix.tests-chunk }} -- --no-fast-tests --slow-tests + + - name: Run Core Tests + id: run-core-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.core_tests == 'true' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ inputs.distro-slug }} \ + ${{ matrix.tests-chunk }} -- --no-fast-tests --core-tests + + - name: Run Flaky Tests + id: run-flaky-tests + if: ${{ fromJSON(inputs.testrun)['type'] != 'full' && steps.get-test-flags.outputs.flaky_jail_tests == 'true' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ inputs.distro-slug }} \ + ${{ matrix.tests-chunk }} -- --no-fast-tests --flaky-jail + + - name: Run Full Tests + id: run-full-tests + if: ${{ fromJSON(inputs.testrun)['type'] == 'full' }} + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + --nox-session=${{ env.NOX_SESSION }} --rerun-failures ${{ (inputs.skip-code-coverage && matrix.tests-chunk != 'unit') && '--skip-code-coverage' || '' }} \ + ${{ inputs.distro-slug }} ${{ matrix.tests-chunk }} -- --slow-tests --core-tests + + - name: Combine Coverage Reports + if: always() && inputs.skip-code-coverage == false && steps.spin-up-vm.outcome == 'success' && job.status != 'cancelled' + run: | + tools --timestamps vm combine-coverage ${{ inputs.distro-slug }} + + - name: Download Test Run Artifacts + id: download-artifacts-from-vm + if: always() && steps.spin-up-vm.outcome == 'success' && job.status != 'cancelled' + run: | + tools --timestamps vm download-artifacts ${{ inputs.distro-slug }} + # Delete the salt onedir, we won't need it anymore and it will prevent + # from it showing in the tree command below + rm -rf artifacts/salt* + tree -a artifacts + if [ "${{ inputs.skip-code-coverage }}" != "true" ]; then + mv artifacts/coverage/.coverage artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ env.NOX_SESSION }}.${{ matrix.tests-chunk }} + echo "COVERAGE_FILE=artifacts/coverage/.coverage.${{ inputs.distro-slug }}.${{ env.NOX_SESSION }}.${{ matrix.tests-chunk }}" >> GITHUB_ENV + fi + + - name: Destroy VM + if: always() + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true + + - name: Upload Code Coverage Test Run Artifacts + if: always() && inputs.skip-code-coverage == false && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: | + artifacts/coverage/ + + - name: Upload JUnit XML Test Run Artifacts + if: always() && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: | + artifacts/xml-unittests-output/ + + - name: Upload Test Run Log Artifacts + if: always() && steps.download-artifacts-from-vm.outcome == 'success' && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: testrun-log-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: | + artifacts/logs + + + report: + name: Reports for ${{ inputs.distro-slug }}(${{ matrix.transport }}) + if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped' + runs-on: + - self-hosted + - linux + - x86_64 + needs: + - generate-matrix + - test + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.transport-matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Define Nox Session + run: | + if [ "${{ matrix.transport }}" != "tcp" ]; then + echo NOX_SESSION=${{ inputs.nox-session }} >> "$GITHUB_ENV" + else + echo NOX_SESSION=${{ inputs.nox-session }}-tcp >> "$GITHUB_ENV" + fi + + - name: Download Code Coverage Test Run Artifacts + uses: actions/download-artifact@v3 + if: ${{ inputs.skip-code-coverage == false }} + id: download-coverage-artifacts + with: + name: testrun-coverage-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: artifacts/coverage/ + + - name: Download JUnit XML Test Run Artifacts + uses: actions/download-artifact@v3 + id: download-junit-artifacts + with: + name: testrun-junit-artifacts-${{ inputs.distro-slug }}-${{ env.NOX_SESSION }} + path: artifacts/xml-unittests-output/ + + - name: Show Downloaded Test Run Artifacts + run: | + tree -a artifacts + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Combine Code Coverage + if: ${{ inputs.skip-code-coverage == false }} + continue-on-error: true + run: | + nox --force-color -e combine-coverage + + - name: Upload Code Coverage DB + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + uses: actions/upload-artifact@v3 + with: + name: code-coverage + path: artifacts/coverage + + - name: Report Salt Code Coverage + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + continue-on-error: true + run: | + nox --force-color -e report-coverage -- salt + + - name: Report Tests Code Coverage + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + continue-on-error: true + run: | + nox --force-color -e report-coverage -- tests + + - name: Report Combined Code Coverage + if: always() && inputs.skip-code-coverage == false && steps.download-coverage-artifacts.outcome == 'success' + continue-on-error: true + run: | + nox --force-color -e report-coverage + + - name: Publish Test Report + uses: mikepenz/action-junit-report@v3 + # always run even if the previous steps fails + if: always() && inputs.skip-junit-reports == false && steps.download-junit-artifacts.outcome == 'success' + with: + check_name: Test Results(${{ inputs.distro-slug }}) + report_paths: 'artifacts/xml-unittests-output/*.xml' + annotate_only: true diff --git a/.github/workflows/test-package-downloads-action-linux.yml b/.github/workflows/test-package-downloads-action-linux.yml new file mode 100644 index 00000000000..ee67c4d4020 --- /dev/null +++ b/.github/workflows/test-package-downloads-action-linux.yml @@ -0,0 +1,319 @@ +name: Test Download Packages + +on: + workflow_call: + inputs: + distro-slug: + required: true + type: string + description: The OS slug to run tests against + platform: + required: true + type: string + description: The platform being tested + arch: + required: true + type: string + description: The platform arch being tested + salt-version: + type: string + required: true + description: The Salt version of the packages to install and test + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + environment: + required: true + type: string + description: The environment to run tests against + latest-release: + required: true + type: string + description: The latest salt release + package-name: + required: false + type: string + description: The onedir package name to use + default: salt + skip-code-coverage: + required: false + type: boolean + description: Skip code coverage + default: false + nox-session: + required: false + type: string + description: The nox session to run + default: test-pkgs-onedir + + +env: + NOX_VERSION: "2022.8.7" + COLUMNS: 160 + AWS_MAX_ATTEMPTS: "10" + AWS_RETRY_MODE: "adaptive" + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + +jobs: + + dependencies: + name: Setup Test Dependencies + runs-on: + - self-hosted + - linux + - bastion + timeout-minutes: 90 + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + id: nox-dependencies-cache + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|test-pkg-download-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Setup Python Tools Scripts + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + id: spin-up-vm + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Install Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} + + - name: Cleanup .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm pre-archive-cleanup ${{ inputs.distro-slug }} + + - name: Compress .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm compress-dependencies ${{ inputs.distro-slug }} + + - name: Download Compressed .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm download-dependencies ${{ inputs.distro-slug }} + + - name: Destroy VM + if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} + + - name: Upload Nox Requirements Tarball + uses: actions/upload-artifact@v3 + with: + name: nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-download-${{ inputs.arch }} + path: nox.${{ inputs.distro-slug }}.tar.* + + test: + name: Test + runs-on: + - self-hosted + - linux + - bastion + environment: ${{ inputs.environment }} + timeout-minutes: 120 # 2 Hours - More than this and something is wrong + needs: + - dependencies + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|test-pkg-download-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + # If we get a cache miss here it means the dependencies step failed to save the cache + fail-on-cache-miss: true + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + id: spin-up-vm + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Decompress .nox Directory + run: | + tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }} + + - name: Show System Info & Test Plan + env: + SALT_RELEASE: "${{ inputs.salt-version }}" + SALT_REPO_ARCH: ${{ inputs.arch }} + SALT_REPO_TYPE: ${{ inputs.environment }} + SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} + SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + LATEST_SALT_RELEASE: "${{ inputs.latest-release }}" + run: | + tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \ + -E INSTALL_TYPE -E SALT_RELEASE -E SALT_REPO_ARCH -E SALT_REPO_TYPE -E SALT_REPO_USER -E SALT_REPO_PASS \ + -E SALT_REPO_DOMAIN_RELEASE -E SALT_REPO_DOMAIN_STAGING \ + --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} -- download-pkgs + + - name: Run Package Download Tests + env: + SALT_RELEASE: "${{ inputs.salt-version }}" + SALT_REPO_ARCH: ${{ inputs.arch }} + SALT_REPO_TYPE: ${{ inputs.environment }} + SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} + SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + LATEST_SALT_RELEASE: "${{ inputs.latest-release }}" + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + -E INSTALL_TYPE -E SALT_RELEASE -E SALT_REPO_ARCH -E SALT_REPO_TYPE -E SALT_REPO_USER -E SALT_REPO_PASS \ + -E SALT_REPO_DOMAIN_RELEASE -E SALT_REPO_DOMAIN_STAGING \ + --nox-session=${{ inputs.nox-session }} --rerun-failures ${{ inputs.distro-slug }} -- download-pkgs + + - name: Combine Coverage Reports + if: always() && inputs.skip-code-coverage == false && steps.spin-up-vm.outcome == 'success' && job.status != 'cancelled' + run: | + tools --timestamps vm combine-coverage ${{ inputs.distro-slug }} + + - name: Download Test Run Artifacts + id: download-artifacts-from-vm + if: always() && steps.spin-up-vm.outcome == 'success' + run: | + tools --timestamps vm download-artifacts ${{ inputs.distro-slug }} + # Delete the salt onedir, we won't need it anymore and it will prevent + # from it showing in the tree command below + rm -rf artifacts/salt* + tree -a artifacts + + - name: Destroy VM + if: always() + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true + + - name: Fix file ownership + run: | + sudo chown -R "$(id -un)" . + + - name: Upload Test Run Artifacts + if: always() && steps.download-artifacts-from-vm.outcome == 'success' + uses: actions/upload-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.arch }} + path: | + artifacts + !artifacts/salt/* + !artifacts/salt-*.tar.* + + report: + name: Reports for ${{ inputs.distro-slug }}(${{ inputs.arch }}) + runs-on: + - self-hosted + - linux + - x86_64 + environment: ${{ inputs.environment }} + if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped' + needs: + - test + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Test Run Artifacts + id: download-test-run-artifacts + uses: actions/download-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.arch }} + path: artifacts + + - name: Show Test Run Artifacts + if: always() && steps.download-test-run-artifacts.outcome == 'success' + run: | + tree -a artifacts + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Publish Test Report + uses: mikepenz/action-junit-report@v3 + # always run even if the previous steps fails + if: always() && github.event_name == 'push' && steps.download-test-run-artifacts.outcome == 'success' + with: + check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ inputs.arch }}) + report_paths: 'artifacts/xml-unittests-output/*.xml' + annotate_only: true diff --git a/.github/workflows/test-package-downloads-action-macos.yml b/.github/workflows/test-package-downloads-action-macos.yml new file mode 100644 index 00000000000..ec985efbcee --- /dev/null +++ b/.github/workflows/test-package-downloads-action-macos.yml @@ -0,0 +1,294 @@ +name: Test Download Packages + +on: + workflow_call: + inputs: + distro-slug: + required: true + type: string + description: The OS slug to run tests against + platform: + required: true + type: string + description: The platform being tested + arch: + required: true + type: string + description: The platform arch being tested + salt-version: + type: string + required: true + description: The Salt version of the packages to install and test + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + environment: + required: true + type: string + description: The environment to run tests against + latest-release: + required: true + type: string + description: The latest salt release + python-version: + required: false + type: string + description: The python version to run tests with + default: "3.10" + package-name: + required: false + type: string + description: The onedir package name to use + default: salt + skip-code-coverage: + required: false + type: boolean + description: Skip code coverage + default: false + nox-session: + required: false + type: string + description: The nox session to run + default: test-pkgs-onedir + + +env: + NOX_VERSION: "2022.8.7" + COLUMNS: 160 + AWS_MAX_ATTEMPTS: "10" + AWS_RETRY_MODE: "adaptive" + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + +jobs: + + dependencies: + name: Setup Test Dependencies + runs-on: ${{ inputs.distro-slug }} + timeout-minutes: 90 + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + id: nox-dependencies-cache + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|test-pkg-download-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Set up Python ${{ inputs.python-version }} + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + update-environment: true + + - name: Install System Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + brew install openssl@3 + + - name: Install Nox + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Install Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + env: + PRINT_TEST_SELECTION: "0" + PRINT_SYSTEM_INFO: "0" + run: | + export PYCURL_SSL_LIBRARY=openssl + export LDFLAGS="-L/usr/local/opt/openssl@3/lib" + export CPPFLAGS="-I/usr/local/opt/openssl@3/include" + export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig" + nox --force-color --install-only -e ${{ inputs.nox-session }} + + - name: Cleanup .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + nox --force-color -e "pre-archive-cleanup(pkg=False)" + + - name: Compress .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + nox --force-color -e compress-dependencies -- ${{ inputs.distro-slug }} + + - name: Upload Nox Requirements Tarball + uses: actions/upload-artifact@v3 + with: + name: nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-download-${{ inputs.arch }} + path: nox.${{ inputs.distro-slug }}.tar.* + + test: + name: Test + runs-on: ${{ inputs.distro-slug }} + environment: ${{ inputs.environment }} + timeout-minutes: 120 # 2 Hours - More than this and something is wrong + needs: + - dependencies + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Install System Dependencies + run: | + brew install tree + + - name: Decompress Onedir Tarball + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Set up Python ${{ inputs.python-version }} + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + update-environment: true + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|test-pkg-download-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + # If we get a cache miss here it means the dependencies step failed to save the cache + fail-on-cache-miss: true + + - name: Decompress .nox Directory + run: | + nox --force-color -e decompress-dependencies -- ${{ inputs.distro-slug }} + + - name: Show System Info & Test Plan + env: + SALT_RELEASE: "${{ inputs.salt-version }}" + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "1" + PRINT_TEST_PLAN_ONLY: "1" + PRINT_SYSTEM_INFO: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + LATEST_SALT_RELEASE: "${{ inputs.latest-release }}" + run: | + sudo -E nox --force-color -e ${{ inputs.nox-session }} -- download-pkgs + + - name: Run Package Download Tests + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + SALT_RELEASE: "${{ inputs.salt-version }}" + SALT_REPO_ARCH: ${{ inputs.arch }} + LATEST_SALT_RELEASE: "${{ inputs.latest-release }}" + SALT_REPO_TYPE: ${{ inputs.environment }} + SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} + SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + run: | + sudo -E nox --force-color -e ${{ inputs.nox-session }} -- download-pkgs + + - name: Fix file ownership + run: | + sudo chown -R "$(id -un)" . + + - name: Combine Coverage Reports + if: always() && inputs.skip-code-coverage == false && job.status != 'cancelled' + run: | + nox --force-color -e combine-coverage + + - name: Prepare Test Run Artifacts + id: download-artifacts-from-vm + if: always() && job.status != 'cancelled' + run: | + # Delete the salt onedir, we won't need it anymore and it will prevent + # from it showing in the tree command below + rm -rf artifacts/salt* + tree -a artifacts + + - name: Upload Test Run Artifacts + if: always() && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.arch }} + path: | + artifacts + !artifacts/salt/* + !artifacts/salt-*.tar.* + + report: + name: Reports for ${{ inputs.distro-slug }}(${{ inputs.arch }}) + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped' + needs: + - test + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Test Run Artifacts + id: download-test-run-artifacts + uses: actions/download-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.arch }} + path: artifacts + + - name: Show Test Run Artifacts + if: always() && steps.download-test-run-artifacts.outcome == 'success' + run: | + tree -a artifacts + + - name: Set up Python ${{ inputs.python-version }} + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Publish Test Report + uses: mikepenz/action-junit-report@v3 + # always run even if the previous steps fails + if: always() && github.event_name == 'push' && steps.download-test-run-artifacts.outcome == 'success' + with: + check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ inputs.arch }}) + report_paths: 'artifacts/xml-unittests-output/*.xml' + annotate_only: true diff --git a/.github/workflows/test-package-downloads-action-windows.yml b/.github/workflows/test-package-downloads-action-windows.yml new file mode 100644 index 00000000000..10d4462e451 --- /dev/null +++ b/.github/workflows/test-package-downloads-action-windows.yml @@ -0,0 +1,330 @@ +name: Test Download Packages + +on: + workflow_call: + inputs: + distro-slug: + required: true + type: string + description: The OS slug to run tests against + platform: + required: true + type: string + description: The platform being tested + arch: + required: true + type: string + description: The platform arch being tested + pkg-type: + required: true + type: string + description: The platform arch being tested + salt-version: + type: string + required: true + description: The Salt version of the packages to install and test + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + environment: + required: true + type: string + description: The environment to run tests against + latest-release: + required: true + type: string + description: The latest salt release + package-name: + required: false + type: string + description: The onedir package name to use + default: salt + nox-session: + required: false + type: string + description: The nox session to run + default: test-pkgs-onedir + skip-code-coverage: + required: false + type: boolean + description: Skip code coverage + default: false + skip-junit-reports: + required: false + type: boolean + description: Skip Publishing JUnit Reports + default: false + + +env: + NOX_VERSION: "2022.8.7" + COLUMNS: 160 + AWS_MAX_ATTEMPTS: "10" + AWS_RETRY_MODE: "adaptive" + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + +jobs: + + dependencies: + name: Setup Test Dependencies + runs-on: + - self-hosted + - linux + - bastion + timeout-minutes: 90 + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + id: nox-dependencies-cache + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|test-pkg-download-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Setup Python Tools Scripts + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + id: spin-up-vm + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Install Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} + + - name: Cleanup .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm pre-archive-cleanup ${{ inputs.distro-slug }} + + - name: Compress .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm compress-dependencies ${{ inputs.distro-slug }} + + - name: Download Compressed .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm download-dependencies ${{ inputs.distro-slug }} + + - name: Destroy VM + if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} + + - name: Upload Nox Requirements Tarball + uses: actions/upload-artifact@v3 + with: + name: nox-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}-${{ inputs.nox-session }}-download-${{ inputs.arch }} + path: nox.${{ inputs.distro-slug }}.tar.* + + test: + name: Test + runs-on: + - self-hosted + - linux + - bastion + environment: ${{ inputs.environment }} + timeout-minutes: 120 # 2 Hours - More than this and something is wrong + needs: + - dependencies + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|test-pkg-download-deps|${{ inputs.arch }}|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + # If we get a cache miss here it means the dependencies step failed to save the cache + fail-on-cache-miss: true + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + id: spin-up-vm + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Decompress .nox Directory + run: | + tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }} + + - name: Show System Info & Test Plan + env: + INSTALL_TYPE: ${{ inputs.pkg-type }} + SALT_RELEASE: "${{ inputs.salt-version }}" + SALT_REPO_ARCH: ${{ inputs.arch }} + LATEST_SALT_RELEASE: "${{ inputs.latest-release }}" + SALT_REPO_TYPE: ${{ inputs.environment }} + SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} + SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \ + -E INSTALL_TYPE -E SALT_RELEASE -E SALT_REPO_ARCH -E SALT_REPO_TYPE -E SALT_REPO_USER -E SALT_REPO_PASS \ + -E SALT_REPO_DOMAIN_RELEASE -E SALT_REPO_DOMAIN_STAGING \ + --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} -- download-pkgs + + - name: Run Package Download Tests + env: + INSTALL_TYPE: ${{ inputs.pkg-type }} + SALT_RELEASE: "${{ inputs.salt-version }}" + SALT_REPO_ARCH: ${{ inputs.arch }} + LATEST_SALT_RELEASE: "${{ inputs.latest-release }}" + SALT_REPO_TYPE: ${{ inputs.environment }} + SALT_REPO_USER: ${{ secrets.SALT_REPO_USER }} + SALT_REPO_PASS: ${{ secrets.SALT_REPO_PASS }} + SALT_REPO_DOMAIN_RELEASE: ${{ vars.SALT_REPO_DOMAIN_RELEASE || 'repo.saltproject.io' }} + SALT_REPO_DOMAIN_STAGING: ${{ vars.SALT_REPO_DOMAIN_STAGING || 'staging.repo.saltproject.io' }} + SKIP_CODE_COVERAGE: "${{ inputs.skip-code-coverage && '1' || '0' }}" + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install \ + -E INSTALL_TYPE -E SALT_RELEASE -E SALT_REPO_ARCH -E SALT_REPO_TYPE -E SALT_REPO_USER -E SALT_REPO_PASS \ + -E SALT_REPO_DOMAIN_RELEASE -E SALT_REPO_DOMAIN_STAGING \ + --nox-session=${{ inputs.nox-session }} --rerun-failures ${{ inputs.distro-slug }} -- download-pkgs + + - name: Combine Coverage Reports + if: always() && inputs.skip-code-coverage == false && steps.spin-up-vm.outcome == 'success' && job.status != 'cancelled' + run: | + tools --timestamps vm combine-coverage ${{ inputs.distro-slug }} + + - name: Download Test Run Artifacts + id: download-artifacts-from-vm + if: always() && steps.spin-up-vm.outcome == 'success' + run: | + tools --timestamps vm download-artifacts ${{ inputs.distro-slug }} + # Delete the salt onedir, we won't need it anymore and it will prevent + # from it showing in the tree command below + rm -rf artifacts/salt* + tree -a artifacts + + - name: Destroy VM + if: always() + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true + + - name: Fix file ownership + run: | + sudo chown -R "$(id -un)" . + + - name: Upload Test Run Artifacts + if: always() && steps.download-artifacts-from-vm.outcome == 'success' + uses: actions/upload-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.arch }} + path: | + artifacts + !artifacts/salt/* + !artifacts/salt-*.tar.* + + report: + name: Reports for ${{ inputs.distro-slug }}(${{ inputs.arch }}) + runs-on: + - self-hosted + - linux + - x86_64 + environment: ${{ inputs.environment }} + if: always() && needs.test.result != 'cancelled' && needs.test.result != 'skipped' + needs: + - test + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Test Run Artifacts + id: download-test-run-artifacts + uses: actions/download-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ inputs.arch }} + path: artifacts + + - name: Show Test Run Artifacts + if: always() && steps.download-test-run-artifacts.outcome == 'success' + run: | + tree -a artifacts + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Publish Test Report + uses: mikepenz/action-junit-report@v3 + # always run even if the previous steps fails + if: always() && github.event_name == 'push' && steps.download-test-run-artifacts.outcome == 'success' + with: + check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ inputs.arch }} ${{ inputs.pkg-type }} ) + report_paths: 'artifacts/xml-unittests-output/*.xml' + annotate_only: true diff --git a/.github/workflows/test-packages-action-macos.yml b/.github/workflows/test-packages-action-macos.yml new file mode 100644 index 00000000000..b7de16fb5ac --- /dev/null +++ b/.github/workflows/test-packages-action-macos.yml @@ -0,0 +1,314 @@ +name: Test Artifact + +on: + workflow_call: + inputs: + distro-slug: + required: true + type: string + description: The OS slug to run tests against + platform: + required: true + type: string + description: The platform being tested + arch: + required: true + type: string + description: The platform arch being tested + pkg-type: + required: true + type: string + description: The platform arch being tested + salt-version: + type: string + required: true + description: The Salt version of the packages to install and test + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + python-version: + required: false + type: string + description: The python version to run tests with + default: "3.10" + package-name: + required: false + type: string + description: The onedir package name to use + default: salt + nox-session: + required: false + type: string + description: The nox session to run + default: test-pkgs-onedir + skip-code-coverage: + required: false + type: boolean + description: Skip code coverage + default: false + skip-junit-reports: + required: false + type: boolean + description: Skip Publishing JUnit Reports + default: false + + +env: + NOX_VERSION: "2022.8.7" + COLUMNS: 160 + AWS_MAX_ATTEMPTS: "10" + AWS_RETRY_MODE: "adaptive" + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + +jobs: + + generate-matrix: + name: Generate Package Test Matrix + runs-on: ubuntu-latest + outputs: + pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }} + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Generate Package Test Matrix + id: generate-pkg-matrix + run: | + tools ci pkg-matrix ${{ inputs.distro-slug }} ${{ inputs.pkg-type }} + + dependencies: + name: Setup Test Dependencies + needs: + - generate-matrix + runs-on: ${{ inputs.distro-slug }} + timeout-minutes: 90 + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + id: nox-dependencies-cache + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + + - name: Download Onedir Tarball as an Artifact + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Set up Python ${{ inputs.python-version }} + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + + - name: Install System Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + brew install openssl@3 + + - name: Install Nox + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Install Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + env: + PRINT_TEST_SELECTION: "0" + PRINT_SYSTEM_INFO: "0" + run: | + export PYCURL_SSL_LIBRARY=openssl + export LDFLAGS="-L/usr/local/opt/openssl@3/lib" + export CPPFLAGS="-I/usr/local/opt/openssl@3/include" + export PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig" + nox --force-color --install-only -e ${{ inputs.nox-session }} + + - name: Cleanup .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + nox --force-color -e "pre-archive-cleanup(pkg=False)" + + - name: Compress .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + nox --force-color -e compress-dependencies -- ${{ inputs.distro-slug }} + + - name: Upload Nox Requirements Tarball + uses: actions/upload-artifact@v3 + with: + name: nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ inputs.arch }} + path: nox.${{ inputs.distro-slug }}.tar.* + + test: + name: Test + runs-on: ${{ inputs.distro-slug }} + timeout-minutes: 120 # 2 Hours - More than this and something is wrong + needs: + - dependencies + - generate-matrix + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Packages + uses: actions/download-artifact@v3 + with: + name: salt-${{ inputs.salt-version }}-${{ inputs.arch }}-${{ inputs.pkg-type }} + path: pkg/artifacts/ + + - name: Install System Dependencies + run: | + brew install tree + + - name: List Packages + run: | + tree pkg/artifacts + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Set up Python ${{ inputs.python-version }} + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + # If we get a cache miss here it means the dependencies step failed to save the cache + fail-on-cache-miss: true + + - name: Decompress .nox Directory + run: | + nox --force-color -e decompress-dependencies -- ${{ inputs.distro-slug }} + + - name: Show System Info & Test Plan + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "1" + PRINT_TEST_PLAN_ONLY: "1" + PRINT_SYSTEM_INFO: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + run: | + sudo -E nox --force-color -e ${{ inputs.nox-session }} -- ${{ matrix.test-chunk }} + + - name: Run Package Tests + env: + SKIP_REQUIREMENTS_INSTALL: "1" + PRINT_TEST_SELECTION: "0" + PRINT_TEST_PLAN_ONLY: "0" + PRINT_SYSTEM_INFO: "0" + RERUN_FAILURES: "1" + GITHUB_ACTIONS_PIPELINE: "1" + SKIP_INITIAL_GH_ACTIONS_FAILURES: "1" + run: | + sudo -E nox --force-color -e ${{ inputs.nox-session }} -- ${{ matrix.test-chunk }} + + - name: Fix file ownership + run: | + sudo chown -R "$(id -un)" . + + - name: Prepare Test Run Artifacts + id: download-artifacts-from-vm + if: always() && job.status != 'cancelled' + run: | + # Delete the salt onedir, we won't need it anymore and it will prevent + # from it showing in the tree command below + rm -rf artifacts/salt* + tree -a artifacts + + - name: Upload Test Run Artifacts + if: always() && job.status != 'cancelled' + uses: actions/upload-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }} + path: | + artifacts + !artifacts/salt/* + !artifacts/salt-*.tar.* + + report: + name: Reports for ${{ inputs.distro-slug }}(${{ matrix.test-chunk }}) + runs-on: ubuntu-latest + if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped' + needs: + - test + - generate-matrix + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Test Run Artifacts + id: download-test-run-artifacts + uses: actions/download-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }} + path: artifacts + + - name: Show Test Run Artifacts + if: always() && steps.download-test-run-artifacts.outcome == 'success' + run: | + tree -a artifacts + + - name: Set up Python ${{ inputs.python-version }} + uses: actions/setup-python@v4 + with: + python-version: "${{ inputs.python-version }}" + + - name: Install Nox + run: | + python3 -m pip install 'nox==${{ env.NOX_VERSION }}' + + - name: Publish Test Report + uses: mikepenz/action-junit-report@v3 + # always run even if the previous steps fails + if: always() && inputs.skip-junit-reports == false && steps.download-test-run-artifacts.outcome == 'success' + with: + check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.test-chunk }}) + report_paths: 'artifacts/xml-unittests-output/*.xml' + annotate_only: true diff --git a/.github/workflows/test-packages-action.yml b/.github/workflows/test-packages-action.yml new file mode 100644 index 00000000000..71affc00877 --- /dev/null +++ b/.github/workflows/test-packages-action.yml @@ -0,0 +1,333 @@ +name: Test Artifact + +on: + workflow_call: + inputs: + distro-slug: + required: true + type: string + description: The OS slug to run tests against + platform: + required: true + type: string + description: The platform being tested + arch: + required: true + type: string + description: The platform arch being tested + pkg-type: + required: true + type: string + description: The platform arch being tested + salt-version: + type: string + required: true + description: The Salt version of the packages to install and test + cache-prefix: + required: true + type: string + description: Seed used to invalidate caches + package-name: + required: false + type: string + description: The onedir package name to use + default: salt + nox-session: + required: false + type: string + description: The nox session to run + default: test-pkgs-onedir + skip-code-coverage: + required: false + type: boolean + description: Skip code coverage + default: false + skip-junit-reports: + required: false + type: boolean + description: Skip Publishing JUnit Reports + default: false + + +env: + NOX_VERSION: "2022.8.7" + COLUMNS: 160 + AWS_MAX_ATTEMPTS: "10" + AWS_RETRY_MODE: "adaptive" + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + +jobs: + + generate-matrix: + name: Generate Package Test Matrix + runs-on: + - self-hosted + - linux + - x86_64 + outputs: + pkg-matrix-include: ${{ steps.generate-pkg-matrix.outputs.matrix }} + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Generate Package Test Matrix + id: generate-pkg-matrix + run: | + tools ci pkg-matrix ${{ inputs.distro-slug }} ${{ inputs.pkg-type }} + + dependencies: + name: Setup Test Dependencies + needs: + - generate-matrix + runs-on: + - self-hosted + - linux + - bastion + timeout-minutes: 90 + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Cache nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + id: nox-dependencies-cache + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + + - name: Download Onedir Tarball as an Artifact + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: Setup Python Tools Scripts + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + id: spin-up-vm + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Install Dependencies + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm install-dependencies --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} + + - name: Cleanup .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm pre-archive-cleanup ${{ inputs.distro-slug }} + + - name: Compress .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm compress-dependencies ${{ inputs.distro-slug }} + + - name: Download Compressed .nox Directory + if: steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm download-dependencies ${{ inputs.distro-slug }} + + - name: Destroy VM + if: always() && steps.nox-dependencies-cache.outputs.cache-hit != 'true' + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} + + - name: Define Nox Upload Artifact Name + id: nox-artifact-name + run: | + if [ "${{ contains(inputs.distro-slug, 'windows') }}" != "true" ]; then + echo "name=nox-${{ inputs.distro-slug }}-${{ inputs.nox-session }}-${{ inputs.arch }}" >> "${GITHUB_OUTPUT}" + else + echo "name=nox-${{ inputs.distro-slug }}-${{ inputs.pkg-type }}-${{ inputs.nox-session }}-${{ inputs.arch }}" >> "${GITHUB_OUTPUT}" + fi + + - name: Upload Nox Requirements Tarball + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.nox-artifact-name.outputs.name }} + path: nox.${{ inputs.distro-slug }}.tar.* + + test: + name: Test + runs-on: + - self-hosted + - linux + - bastion + timeout-minutes: 120 # 2 Hours - More than this and something is wrong + needs: + - generate-matrix + - dependencies + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Packages + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-${{ inputs.arch }}-${{ inputs.pkg-type }} + path: pkg/artifacts/ + + - name: Download Onedir Tarball as an Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + path: artifacts/ + + - name: Decompress Onedir Tarball + shell: bash + run: | + python3 -c "import os; os.makedirs('artifacts', exist_ok=True)" + cd artifacts + tar xvf ${{ inputs.package-name }}-${{ inputs.salt-version }}-onedir-${{ inputs.platform }}-${{ inputs.arch }}.tar.xz + + - name: List Packages + run: | + tree pkg/artifacts + + - name: Download cached nox.${{ inputs.distro-slug }}.tar.* for session ${{ inputs.nox-session }} + uses: actions/cache@v3 + with: + path: nox.${{ inputs.distro-slug }}.tar.* + key: ${{ inputs.cache-prefix }}|testrun-deps|${{ inputs.distro-slug }}|${{ inputs.nox-session }}|${{ hashFiles('requirements/**/*.txt', 'cicd/golden-images.json') }} + # If we get a cache miss here it means the dependencies step failed to save the cache + fail-on-cache-miss: true + + - name: Setup Python Tools Scripts + uses: ./.github/actions/setup-python-tools-scripts + + - name: Get Salt Project GitHub Actions Bot Environment + run: | + TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30") + SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) + echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV" + + - name: Start VM + id: spin-up-vm + run: | + tools --timestamps vm create --environment "${SPB_ENVIRONMENT}" --retries=2 ${{ inputs.distro-slug }} + + - name: List Free Space + run: | + tools --timestamps vm ssh ${{ inputs.distro-slug }} -- df -h || true + + - name: Upload Checkout To VM + run: | + tools --timestamps vm rsync ${{ inputs.distro-slug }} + + - name: Decompress .nox Directory + run: | + tools --timestamps vm decompress-dependencies ${{ inputs.distro-slug }} + + - name: Show System Info & Test Plan + run: | + tools --timestamps --timeout-secs=1800 vm testplan --skip-requirements-install \ + --nox-session=${{ inputs.nox-session }} ${{ inputs.distro-slug }} -- ${{ matrix.test-chunk }} + + - name: Run Package Tests + run: | + tools --timestamps --no-output-timeout-secs=1800 --timeout-secs=14400 vm test --skip-requirements-install\ + --nox-session=${{ inputs.nox-session }} --rerun-failures ${{ inputs.distro-slug }} -- ${{ matrix.test-chunk }} + + - name: Download Test Run Artifacts + id: download-artifacts-from-vm + if: always() && steps.spin-up-vm.outcome == 'success' + run: | + tools --timestamps vm download-artifacts ${{ inputs.distro-slug }} + # Delete the salt onedir, we won't need it anymore and it will prevent + # from it showing in the tree command below + rm -rf artifacts/salt* + tree -a artifacts + + - name: Destroy VM + if: always() + run: | + tools --timestamps vm destroy --no-wait ${{ inputs.distro-slug }} || true + + - name: Upload Test Run Artifacts + if: always() && steps.download-artifacts-from-vm.outcome == 'success' + uses: actions/upload-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }} + path: | + artifacts + !artifacts/salt/* + !artifacts/salt-*.tar.* + + report: + name: Reports for ${{ inputs.distro-slug }}(${{ matrix.test-chunk }}) + runs-on: + - self-hosted + - linux + - x86_64 + if: always() && (inputs.skip-code-coverage == false || inputs.skip-junit-reports == false) && needs.test.result != 'cancelled' && needs.test.result != 'skipped' + needs: + - test + - generate-matrix + strategy: + fail-fast: false + matrix: + include: ${{ fromJSON(needs.generate-matrix.outputs.pkg-matrix-include) }} + + steps: + - name: Checkout Source Code + uses: actions/checkout@v3 + + - name: Download Test Run Artifacts + id: download-test-run-artifacts + uses: actions/download-artifact@v3 + with: + name: pkg-testrun-artifacts-${{ inputs.distro-slug }}-${{ matrix.test-chunk }} + path: artifacts + + - name: Show Test Run Artifacts + if: always() && steps.download-test-run-artifacts.outcome == 'success' + run: | + tree -a artifacts + + - name: Publish Test Report + uses: mikepenz/action-junit-report@v3 + # always run even if the previous steps fails + if: always() && inputs.skip-junit-reports == false && steps.download-test-run-artifacts.outcome == 'success' + with: + check_name: Overall Test Results(${{ inputs.distro-slug }} ${{ matrix.test-chunk }}) + report_paths: 'artifacts/xml-unittests-output/*.xml' + annotate_only: true diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 9fa6cb297fe..92468bbc75f 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -1,19 +1,34 @@ +--- name: New Issues Triage Assignment concurrency: 1 on: issues: types: [opened] + +env: + PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ + PIP_EXTRA_INDEX_URL: https://pypi.org/simple + + +permissions: + contents: read + jobs: label-and-assign: + permissions: + actions: read # for dawidd6/action-download-artifact to query and download artifacts + contents: read # for actions/checkout to fetch code + issues: write + pull-requests: read # for dawidd6/action-download-artifact to query commit hash name: Triage New Issue runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Set up Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.8 @@ -42,7 +57,7 @@ jobs: --issue ${{ github.event.issue.number }} - name: Upload last assignment cache - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: last-assignment path: .cache diff --git a/.github/workflows/twine-check.yml b/.github/workflows/twine-check.yml deleted file mode 100644 index f571a12a579..00000000000 --- a/.github/workflows/twine-check.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Twine Check - -on: [push, pull_request] - -jobs: - Twine-Check: - name: Run 'twine check' Against Salt - - runs-on: ubuntu-20.04 - - steps: - - uses: actions/checkout@v2 - - name: Setup Python - uses: actions/setup-python@v2 - with: - python-version: '3.8' - - - name: Install dependencies - env: - PIP_EXTRA_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ - run: | - pip install --upgrade pip setuptools wheel - pip install twine>=3.4.1 - - - name: Create Source Tarball - run: | - python3 setup.py sdist - - - name: Twine check - run: | - python3 -m twine check dist/* diff --git a/.gitignore b/.gitignore index e9ad3cb0059..f4076ae84be 100644 --- a/.gitignore +++ b/.gitignore @@ -70,8 +70,8 @@ tags *.mo .doctrees -# Allow a user to set their own _version.py for testing -_version.py +# Allow a user to set their own _version.txt for testing +_version.txt # Ignore auto generated _syspaths.py file _syspaths.py @@ -117,7 +117,29 @@ kitchen.local.yml .bundle/ Gemfile.lock /artifacts/ +/pkg/artifacts/ requirements/static/*/py*/*.log # Vim's default session file Session.vim + +# VM task state directory +.vms-state/ + +# Nox requirements archives +nox.*.tar.bzip2 + +# Debian packages +/debian +/pkg/debian/.debhelper +/pkg/debian/*substvars +/pkg/debian/*.debhelper* +/pkg/debian/files +/pkg/debian/salt-api +/pkg/debian/salt-common +/pkg/debian/salt-cloud +/pkg/debian/salt-master +/pkg/debian/salt-minion +/pkg/debian/salt-ssh +/pkg/debian/salt-syndic +/pkg/debian/debhelper-build-stamp diff --git a/.mention-bot b/.mention-bot index c07f85b9fc8..3e132f3f113 100644 --- a/.mention-bot +++ b/.mention-bot @@ -14,4 +14,3 @@ "skipTitle": "Merge forward", "userBlacklist": ["cvrebert", "markusgattol", "olliewalsh", "basepi"] } - diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 14650c79a32..23240c88e00 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,40 +1,99 @@ +--- default_language_version: - python: python3 + python: python3 exclude: ^(doc/_static/.*|doc/_themes/.*)$ repos: - - repo: https://github.com/saltstack/pip-tools-compile-impersonate - rev: "4.4" + + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 hooks: + - id: check-merge-conflict # Check for files that contain merge conflict strings. + - id: trailing-whitespace # Trims trailing whitespace. + args: + - --markdown-linebreak-ext=md + exclude: > + (?x)^( + pkg/macos/pkg-resources/.*\.rtf + )$ - # ----- Packaging Requirements ------------------------------------------------------------------------------------> - - id: pip-tools-compile - alias: compile-pkg-linux-3.5-zmq-requirements - name: Linux Packaging Py3.5 ZeroMQ Requirements - files: ^requirements/((base|zeromq|crypto)\.txt|static/pkg/(linux\.in|py3\.5/linux\.txt))$ - pass_filenames: false + - id: mixed-line-ending # Replaces or checks mixed line ending. args: - - -v - - --py-version=3.5 - - --platform=linux - - --include=requirements/base.txt - - --include=requirements/zeromq.txt - - --include=requirements/zeromq.txt - - requirements/static/pkg/linux.in + - --fix=lf + - id: end-of-file-fixer # Makes sure files end in a newline and only a newline. + - id: check-ast # Simply check whether files parse as valid python. + exclude: > + (?x)^( + templates/.* + )$ + - id: check-case-conflict # Check for files with names that would conflict on a + # case-insensitive filesystem like MacOS HFS+ or Windows FAT. + - id: check-json # Attempts to load all json files to verify syntax. + - id: check-symlinks # Checks for symlinks which do not point to anything. + - id: debug-statements # Check for debugger imports and py37+ breakpoint() calls in python source. + exclude: > + (?x)^( + templates/.* + )$ + - id: fix-byte-order-marker # removes UTF-8 byte order marker + - id: forbid-submodules # forbids any submodules in the repository. + - id: fix-encoding-pragma # Remove `# -*- coding: utf-8 -*-` from the top of python files. + args: + - --remove + exclude: > + (?x)^( + salt/ext/.* + )$ - - id: pip-tools-compile - alias: compile-pkg-linux-3.6-zmq-requirements - name: Linux Packaging Py3.6 ZeroMQ Requirements - files: ^requirements/((base|zeromq|crypto)\.txt|static/pkg/(linux\.in|py3\.6/linux\.txt))$ + - repo: https://github.com/s0undt3ch/python-tools-scripts + rev: "0.12.0" + hooks: + - id: tools + alias: check-changelog-entries + name: Check Changelog Entries + args: + - changelog + - pre-commit-checks + additional_dependencies: + - boto3==1.21.46 + - pyyaml==6.0 + - jinja2==3.1.2 + - packaging==23.0 + - virustotal3==1.0.8 + - id: tools + alias: generate-workflows + name: Generate GitHub Workflow Templates + files: ^(cicd/shared-gh-workflows-context\.yml|tools/pre_commit\.py|.github/workflows/templates/.*)$ pass_filenames: false args: - - -v - - --py-version=3.6 - - --platform=linux - - --include=requirements/base.txt - - --include=requirements/zeromq.txt - - requirements/static/pkg/linux.in + - pre-commit + - generate-workflows + additional_dependencies: + - boto3==1.21.46 + - pyyaml==6.0 + - jinja2==3.1.2 + - packaging==23.0 + - virustotal3==1.0.8 + - id: tools + alias: actionlint + name: Lint GitHub Actions Workflows + files: "^.github/workflows/" + types: + - yaml + args: + - pre-commit + - actionlint + additional_dependencies: + - boto3==1.21.46 + - pyyaml==6.0 + - jinja2==3.1.2 + - packaging==23.0 + + - repo: https://github.com/saltstack/pip-tools-compile-impersonate + rev: "4.8" + hooks: + # ----- Packaging Requirements ------------------------------------------------------------------------------------> - id: pip-tools-compile alias: compile-pkg-linux-3.7-zmq-requirements name: Linux Packaging Py3.7 ZeroMQ Requirements @@ -139,60 +198,28 @@ repos: - --include=requirements/zeromq.txt - requirements/static/pkg/freebsd.in - - id: pip-tools-compile - alias: compile-pkg-darwin-3.7-zmq-requirements - name: Darwin Packaging Py3.7 ZeroMQ Requirements - files: ^(requirements/((base|zeromq|crypto|darwin|pyobjc)\.txt|static/pkg/(darwin\.in|py3\.7/darwin\.txt)))$ - pass_filenames: false - args: - - -v - - --py-version=3.7 - - --platform=darwin - - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - - --passthrough-line-from-input=^pyobjc(.*)$ - - requirements/static/pkg/darwin.in - - - id: pip-tools-compile - alias: compile-pkg-darwin-3.8-zmq-requirements - name: Darwin Packaging Py3.8 ZeroMQ Requirements - files: ^(requirements/((base|zeromq|crypto|darwin|pyobjc)\.txt|static/pkg/(darwin\.in|py3\.8/darwin\.txt)))$ - pass_filenames: false - args: - - -v - - --py-version=3.8 - - --platform=darwin - - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - - --passthrough-line-from-input=^pyobjc(.*)$ - - requirements/static/pkg/darwin.in - - id: pip-tools-compile alias: compile-pkg-darwin-3.9-zmq-requirements name: Darwin Packaging Py3.9 ZeroMQ Requirements - files: ^(requirements/((base|zeromq|crypto|darwin|pyobjc)\.txt|static/pkg/(darwin\.in|py3\.9/darwin\.txt)))$ + files: ^(requirements/((base|zeromq|crypto|darwin)\.txt|static/pkg/(darwin\.in|py3\.9/darwin\.txt)))$ pass_filenames: false args: - -v - --py-version=3.9 - --platform=darwin - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - - --passthrough-line-from-input=^pyobjc(.*)$ - requirements/static/pkg/darwin.in - id: pip-tools-compile alias: compile-pkg-darwin-3.10-zmq-requirements name: Darwin Packaging Py3.10 ZeroMQ Requirements - files: ^(requirements/((base|zeromq|crypto|darwin|pyobjc)\.txt|static/pkg/(darwin\.in|py3\.10/darwin\.txt)))$ + files: ^(requirements/((base|zeromq|crypto|darwin)\.txt|static/pkg/(darwin\.in|py3\.10/darwin\.txt)))$ pass_filenames: false args: - -v - --py-version=3.10 - --platform=darwin - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - - --passthrough-line-from-input=^pyobjc(.*)$ - requirements/static/pkg/darwin.in - id: pip-tools-compile @@ -231,58 +258,23 @@ repos: - --include=requirements/windows.txt - requirements/static/pkg/windows.in - # There's no pywin32 package for Py3.10 yet -# - id: pip-tools-compile -# alias: compile-pkg-windows-3.10-zmq-requirements -# name: Windows Packaging Py3.10 ZeroMQ Requirements -# files: ^requirements/((base|zeromq|crypto|windows)\.txt|static/pkg/(windows\.in|py3\.10/windows\.txt))$ -# pass_filenames: false -# args: -# - -v -# - --py-version=3.10 -# - --platform=windows -# - --include=requirements/windows.txt -# - requirements/static/pkg/windows.in - - # <---- Packaging Requirements ------------------------------------------------------------------------------------- - - # ----- CI Requirements -------------------------------------------------------------------------------------------> - id: pip-tools-compile - alias: compile-ci-linux-py3.5-zmq-requirements - name: Linux CI Py3.5 ZeroMQ Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|common\.in)|pkg/py3\.5/linux\.txt))$ + alias: compile-pkg-windows-3.10-zmq-requirements + name: Windows Packaging Py3.10 ZeroMQ Requirements + files: ^requirements/((base|zeromq|crypto|windows)\.txt|static/pkg/(windows\.in|py3\.10/windows\.txt))$ pass_filenames: false args: - -v - - --py-version=3.5 - - --platform=linux - - --include=requirements/base.txt - - --include=requirements/zeromq.txt - - --include=requirements/pytest.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/pkg/py{py_version}/linux.txt - - requirements/static/ci/linux.in + - --py-version=3.10 + - --platform=windows + - --include=requirements/windows.txt + - requirements/static/pkg/windows.in - - id: pip-tools-compile - alias: compile-ci-linux-py3.6-zmq-requirements - name: Linux CI Py3.6 ZeroMQ Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|common\.in)|pkg/py3\.6/linux\.txt))$ - pass_filenames: false - args: - - -v - - --py-version=3.6 - - --platform=linux - - --include=requirements/base.txt - - --include=requirements/zeromq.txt - - --include=requirements/pytest.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/pkg/py{py_version}/linux.txt - - requirements/static/ci/linux.in + # <---- Packaging Requirements ------------------------------------------------------------------------------------- + # ----- CI Requirements -------------------------------------------------------------------------------------------> - id: pip-tools-compile - alias: compile-ci-linux-py3.7-zmq-requirements + alias: compile-ci-linux-3.7-zmq-requirements name: Linux CI Py3.7 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|common\.in)|pkg/py3\.7/linux\.txt))$ pass_filenames: false @@ -299,7 +291,7 @@ repos: - requirements/static/ci/linux.in - id: pip-tools-compile - alias: compile-ci-linux-py3.8-zmq-requirements + alias: compile-ci-linux-3.8-zmq-requirements name: Linux CI Py3.8 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|common\.in)|pkg/py3\.8/linux\.txt))$ pass_filenames: false @@ -316,7 +308,7 @@ repos: - requirements/static/ci/linux.in - id: pip-tools-compile - alias: compile-ci-linux-py3.9-zmq-requirements + alias: compile-ci-linux-3.9-zmq-requirements name: Linux CI Py3.9 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|common\.in)|pkg/py3\.9/linux\.txt))$ pass_filenames: false @@ -333,7 +325,7 @@ repos: - requirements/static/ci/linux.in - id: pip-tools-compile - alias: compile-ci-linux-py3.10-zmq-requirements + alias: compile-ci-linux-3.10-zmq-requirements name: Linux CI Py3.10 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|common\.in)|pkg/py3\.10/linux\.txt))$ pass_filenames: false @@ -350,33 +342,7 @@ repos: - requirements/static/ci/linux.in - id: pip-tools-compile - alias: compile-ci-linux-crypto-py3.5-requirements - name: Linux CI Py3.5 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.5/linux-crypto\.txt))$ - pass_filenames: false - args: - - -v - - --py-version=3.5 - - --platform=linux - - --out-prefix=linux - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - - requirements/static/ci/crypto.in - - - id: pip-tools-compile - alias: compile-ci-linux-crypto-py3.6-requirements - name: Linux CI Py3.6 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.6/linux-crypto\.txt))$ - pass_filenames: false - args: - - -v - - --py-version=3.6 - - --platform=linux - - --out-prefix=linux - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - - requirements/static/ci/crypto.in - - - id: pip-tools-compile - alias: compile-ci-linux-crypto-py3.7-requirements + alias: compile-ci-linux-crypto-3.7-requirements name: Linux CI Py3.7 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.7/linux-crypto\.txt))$ pass_filenames: false @@ -389,7 +355,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-linux-crypto-py3.8-requirements + alias: compile-ci-linux-crypto-3.8-requirements name: Linux CI Py3.8 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.8/linux-crypto\.txt))$ pass_filenames: false @@ -402,7 +368,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-linux-crypto-py3.9-requirements + alias: compile-ci-linux-crypto-3.9-requirements name: Linux CI Py3.9 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.9/linux-crypto\.txt))$ pass_filenames: false @@ -415,7 +381,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-linux-crypto-py3.10-requirements + alias: compile-ci-linux-crypto-3.10-requirements name: Linux CI Py3.10 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$ files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.10/linux-crypto\.txt))$ @@ -430,7 +396,7 @@ repos: - id: pip-tools-compile - alias: compile-ci-freebsd-py3.7-zmq-requirements + alias: compile-ci-freebsd-3.7-zmq-requirements name: FreeBSD CI Py3.7 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(freebsd|common)\.in|pkg/py3\.7/freebsd\.txt))$ pass_filenames: false @@ -447,7 +413,7 @@ repos: - requirements/static/ci/freebsd.in - id: pip-tools-compile - alias: compile-ci-freebsd-py3.8-zmq-requirements + alias: compile-ci-freebsd-3.8-zmq-requirements name: FreeBSD CI Py3.8 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(freebsd|common)\.in|pkg/py3\.8/freebsd\.txt))$ pass_filenames: false @@ -464,7 +430,7 @@ repos: - requirements/static/ci/freebsd.in - id: pip-tools-compile - alias: compile-ci-freebsd-py3.9-zmq-requirements + alias: compile-ci-freebsd-3.9-zmq-requirements name: FreeBSD CI Py3.9 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(freebsd|common)\.in|pkg/py3\.9/freebsd\.txt))$ pass_filenames: false @@ -481,7 +447,7 @@ repos: - requirements/static/ci/freebsd.in - id: pip-tools-compile - alias: compile-ci-freebsd-py3.10-zmq-requirements + alias: compile-ci-freebsd-3.10-zmq-requirements name: FreeBSD CI Py3.10 ZeroMQ Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(freebsd|common)\.in|pkg/py3\.10/freebsd\.txt))$ pass_filenames: false @@ -498,7 +464,7 @@ repos: - requirements/static/ci/freebsd.in - id: pip-tools-compile - alias: compile-ci-freebsd-crypto-py3.7-requirements + alias: compile-ci-freebsd-crypto-3.7-requirements name: FreeBSD CI Py3.7 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.7/freebsd-crypto\.txt))$ pass_filenames: false @@ -511,7 +477,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-freebsd-crypto-py3.8-requirements + alias: compile-ci-freebsd-crypto-3.8-requirements name: FreeBSD CI Py3.8 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.8/freebsd-crypto\.txt))$ pass_filenames: false @@ -524,7 +490,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-freebsd-crypto-py3.9-requirements + alias: compile-ci-freebsd-crypto-3.9-requirements name: FreeBSD CI Py3.9 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.9/freebsd-crypto\.txt))$ pass_filenames: false @@ -537,7 +503,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-freebsd-crypto-py3.10-requirements + alias: compile-ci-freebsd-crypto-3.10-requirements name: FreeBSD CI Py3.10 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/crypto\.in)$ files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.10/freebsd-crypto\.txt))$ @@ -550,107 +516,40 @@ repos: - --pip-args=--constraint=requirements/static/ci/py{py_version}/freebsd.txt - requirements/static/ci/crypto.in - - id: pip-tools-compile - alias: compile-ci-darwin-py3.7-zmq-requirements - name: Darwin CI Py3.7 ZeroMQ Requirements - files: ^(pkg/osx/(req|req_pyobjc)\.txt|requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(darwin|common)\.in|pkg/py3\.7/darwin\.txt)))$ - pass_filenames: false - args: - - -v - - --py-version=3.7 - - --platform=darwin - - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - - --include=requirements/pytest.txt - - --include=requirements/static/pkg/darwin.in - - --include=requirements/static/ci/common.in - - --passthrough-line-from-input=^pyobjc(.*)$ - - --pip-args=--constraint=requirements/static/pkg/py{py_version}/darwin.txt - - requirements/static/ci/darwin.in - - - id: pip-tools-compile - alias: compile-ci-darwin-py3.8-zmq-requirements - name: Darwin CI Py3.8 ZeroMQ Requirements - files: ^(pkg/osx/(req|req_pyobjc)\.txt|requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(darwin|common)\.in|pkg/py3\.8/darwin\.txt)))$ - pass_filenames: false - args: - - -v - - --py-version=3.8 - - --platform=darwin - - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - - --include=requirements/pytest.txt - - --include=requirements/static/pkg/darwin.in - - --include=requirements/static/ci/common.in - - --passthrough-line-from-input=^pyobjc(.*)$ - - --pip-args=--constraint=requirements/static/pkg/py{py_version}/darwin.txt - - requirements/static/ci/darwin.in - - - id: pip-tools-compile - alias: compile-ci-darwin-py3.9-zmq-requirements + alias: compile-ci-darwin-3.9-zmq-requirements name: Darwin CI Py3.9 ZeroMQ Requirements - files: ^(pkg/osx/(req|req_pyobjc)\.txt|requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(darwin|common)\.in|pkg/py3\.9/darwin\.txt)))$ + files: ^(requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(darwin|common)\.in|pkg/py3\.9/darwin\.txt)))$ pass_filenames: false args: - -v - --py-version=3.9 - --platform=darwin - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - --include=requirements/pytest.txt - --include=requirements/static/pkg/darwin.in - --include=requirements/static/ci/common.in - - --passthrough-line-from-input=^pyobjc(.*)$ - --pip-args=--constraint=requirements/static/pkg/py{py_version}/darwin.txt - requirements/static/ci/darwin.in - id: pip-tools-compile - alias: compile-ci-darwin-py3.10-zmq-requirements + alias: compile-ci-darwin-3.10-zmq-requirements name: Darwin CI Py3.10 ZeroMQ Requirements - files: ^(pkg/osx/(req|req_pyobjc)\.txt|requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(darwin|common)\.in|pkg/py3\.10/darwin\.txt)))$ + files: ^(requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(darwin|common)\.in|pkg/py3\.10/darwin\.txt)))$ pass_filenames: false args: - -v - --py-version=3.10 - --platform=darwin - --include=requirements/darwin.txt - - --include=requirements/pyobjc.txt - --include=requirements/pytest.txt - --include=requirements/static/pkg/darwin.in - --include=requirements/static/ci/common.in - - --passthrough-line-from-input=^pyobjc(.*)$ - --pip-args=--constraint=requirements/static/pkg/py{py_version}/darwin.txt - requirements/static/ci/darwin.in - id: pip-tools-compile - alias: compile-ci-darwin-crypto-py3.7-requirements - name: Darwin CI Py3.7 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.7/darwin-crypto\.txt))$ - pass_filenames: false - args: - - -v - - --py-version=3.7 - - --platform=darwin - - --out-prefix=darwin - - --pip-args=--constraint=requirements/static/ci/py{py_version}/darwin.txt - - requirements/static/ci/crypto.in - - - id: pip-tools-compile - alias: compile-ci-darwin-crypto-py3.8-requirements - name: Darwin CI Py3.8 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.8/darwin-crypto\.txt))$ - pass_filenames: false - args: - - -v - - --py-version=3.8 - - --platform=darwin - - --out-prefix=darwin - - --pip-args=--constraint=requirements/static/ci/py{py_version}/darwin.txt - - requirements/static/ci/crypto.in - - - id: pip-tools-compile - alias: compile-ci-darwin-crypto-py3.9-requirements + alias: compile-ci-darwin-crypto-3.9-requirements name: Darwin CI Py3.9 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.9/darwin-crypto\.txt))$ pass_filenames: false @@ -663,7 +562,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-darwin-crypto-py3.10-requirements + alias: compile-ci-darwin-crypto-3.10-requirements name: Darwin CI Py3.10 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.10/darwin-crypto\.txt))$ pass_filenames: false @@ -676,7 +575,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-windows-py3.7-zmq-requirements + alias: compile-ci-windows-3.7-zmq-requirements name: Windows CI Py3.7 ZeroMQ Requirements files: requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(windows|common)\.in|pkg/py3\.7/windows\.txt))$ pass_filenames: false @@ -692,7 +591,7 @@ repos: - requirements/static/ci/windows.in - id: pip-tools-compile - alias: compile-ci-windows-py3.8-zmq-requirements + alias: compile-ci-windows-3.8-zmq-requirements name: Windows CI Py3.8 ZeroMQ Requirements files: requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(windows|common)\.in|pkg/py3\.8/windows\.txt))$ pass_filenames: false @@ -708,7 +607,7 @@ repos: - requirements/static/ci/windows.in - id: pip-tools-compile - alias: compile-ci-windows-py3.9-zmq-requirements + alias: compile-ci-windows-3.9-zmq-requirements name: Windows CI Py3.9 ZeroMQ Requirements files: requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(windows|common)\.in|pkg/py3\.9/windows\.txt))$ pass_filenames: false @@ -723,38 +622,24 @@ repos: - --pip-args=--constraint=requirements/static/pkg/py{py_version}/windows.txt - requirements/static/ci/windows.in - # There's no pywin32 package for Py3.10 yet -# - id: pip-tools-compile -# alias: compile-ci-windows-py3.10-zmq-requirements -# name: Windows CI Py3.10 ZeroMQ Requirements -# files: requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(windows|common)\.in|pkg/py3\.10/windows\.txt))$ -# pass_filenames: false -# args: -# - -v -# - --py-version=3.10 -# - --platform=windows -# - --include=requirements/windows.txt -# - --include=requirements/pytest.txt -# - --include=requirements/static/pkg/windows.in -# - --include=requirements/static/ci/common.in -# - --pip-args=--constraint=requirements/static/pkg/py{py_version}/windows.txt -# - requirements/static/ci/windows.in - - id: pip-tools-compile - alias: compile-ci-windows-crypto-py3.6-requirements - name: Windows CI Py3.6 Crypto Requirements - files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.6/windows-crypto\.txt))$ + alias: compile-ci-windows-3.10-zmq-requirements + name: Windows CI Py3.10 ZeroMQ Requirements + files: requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(windows|common)\.in|pkg/py3\.10/windows\.txt))$ pass_filenames: false args: - -v - - --py-version=3.6 + - --py-version=3.10 - --platform=windows - - --out-prefix=windows - - --pip-args=--constraint=requirements/static/ci/py{py_version}/windows.txt - - requirements/static/ci/crypto.in + - --include=requirements/windows.txt + - --include=requirements/pytest.txt + - --include=requirements/static/pkg/windows.in + - --include=requirements/static/ci/common.in + - --pip-args=--constraint=requirements/static/pkg/py{py_version}/windows.txt + - requirements/static/ci/windows.in - id: pip-tools-compile - alias: compile-ci-windows-crypto-py3.7-requirements + alias: compile-ci-windows-crypto-3.7-requirements name: Windows CI Py3.7 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.7/windows-crypto\.txt))$ pass_filenames: false @@ -767,7 +652,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-windows-crypto-py3.8-requirements + alias: compile-ci-windows-crypto-3.8-requirements name: Windows CI Py3.8 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.8/windows-crypto\.txt))$ pass_filenames: false @@ -780,7 +665,7 @@ repos: - requirements/static/ci/crypto.in - id: pip-tools-compile - alias: compile-ci-windows-crypto-py3.9-requirements + alias: compile-ci-windows-crypto-3.9-requirements name: Windows CI Py3.9 Crypto Requirements files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.9/windows-crypto\.txt))$ pass_filenames: false @@ -792,42 +677,25 @@ repos: - --pip-args=--constraint=requirements/static/ci/py{py_version}/windows.txt - requirements/static/ci/crypto.in - # There's no pywin32 package for Py3.10 yet -# - id: pip-tools-compile -# alias: compile-ci-windows-crypto-py3.10-requirements -# name: Windows CI Py3.10 Crypto Requirements -# files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.10/windows-crypto\.txt))$ -# pass_filenames: false -# args: -# - -v -# - --py-version=3.10 -# - --platform=windows -# - --out-prefix=windows -# - --pip-args=--constraint=requirements/static/ci/py{py_version}/windows.txt -# - requirements/static/ci/crypto.in -# - # <---- CI Requirements -------------------------------------------------------------------------------------------- - - - # ----- Cloud CI Requirements -------------------------------------------------------------------------------------> - id: pip-tools-compile - alias: compile-ci-cloud-py3.6-requirements - name: Cloud CI Py3.6 Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((cloud|common)\.in|py3\.6/cloud\.txt)))$ + alias: compile-ci-windows-crypto-3.10-requirements + name: Windows CI Py3.10 Crypto Requirements + files: ^requirements/(crypto\.txt|static/ci/(crypto\.in|py3\.10/windows-crypto\.txt))$ pass_filenames: false args: - -v - - --py-version=3.6 - - --include=requirements/base.txt - - --include=requirements/zeromq.txt - - --include=requirements/pytest.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/pkg/py{py_version}/linux.txt - - requirements/static/ci/cloud.in + - --py-version=3.10 + - --platform=windows + - --out-prefix=windows + - --pip-args=--constraint=requirements/static/ci/py{py_version}/windows.txt + - requirements/static/ci/crypto.in + + # <---- CI Requirements -------------------------------------------------------------------------------------------- + + # ----- Cloud CI Requirements -------------------------------------------------------------------------------------> - id: pip-tools-compile - alias: compile-ci-cloud-py3.7-requirements + alias: compile-ci-cloud-3.7-requirements name: Cloud CI Py3.7 Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((cloud|common)\.in|py3\.7/cloud\.txt)))$ pass_filenames: false @@ -843,7 +711,7 @@ repos: - requirements/static/ci/cloud.in - id: pip-tools-compile - alias: compile-ci-cloud-py3.8-requirements + alias: compile-ci-cloud-3.8-requirements name: Cloud CI Py3.8 Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((cloud|common)\.in|py3\.8/cloud\.txt)))$ pass_filenames: false @@ -859,7 +727,7 @@ repos: - requirements/static/ci/cloud.in - id: pip-tools-compile - alias: compile-ci-cloud-py3.9-requirements + alias: compile-ci-cloud-3.9-requirements name: Cloud CI Py3.9 Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((cloud|common)\.in|py3\.9/cloud\.txt)))$ pass_filenames: false @@ -875,7 +743,7 @@ repos: - requirements/static/ci/cloud.in - id: pip-tools-compile - alias: compile-ci-cloud-py3.10-requirements + alias: compile-ci-cloud-3.10-requirements name: Cloud CI Py3.10 Requirements files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((cloud|common)\.in|py3\.10/cloud\.txt)))$ pass_filenames: false @@ -892,23 +760,6 @@ repos: # <---- Cloud CI Requirements -------------------------------------------------------------------------------------- # ----- Doc CI Requirements ---------------------------------------------------------------------------------------> - - id: pip-tools-compile - alias: compile-doc-requirements - name: Docs CI Py3.6 Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/ci/(docs|common|linux)\.in|static/pkg/linux\.in|static/pkg/.*/linux\.txt)$ - pass_filenames: false - args: - - -v - - --py-version=3.6 - - --platform=linux - - --include=requirements/base.txt - - --include=requirements/zeromq.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - - requirements/static/ci/docs.in - - id: pip-tools-compile alias: compile-doc-requirements name: Docs CI Py3.7 Requirements @@ -920,10 +771,6 @@ repos: - --platform=linux - --include=requirements/base.txt - --include=requirements/zeromq.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - requirements/static/ci/docs.in - id: pip-tools-compile @@ -937,10 +784,6 @@ repos: - --platform=linux - --include=requirements/base.txt - --include=requirements/zeromq.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - requirements/static/ci/docs.in - id: pip-tools-compile @@ -954,10 +797,6 @@ repos: - --platform=linux - --include=requirements/base.txt - --include=requirements/zeromq.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - requirements/static/ci/docs.in - id: pip-tools-compile @@ -971,34 +810,13 @@ repos: - --platform=linux - --include=requirements/base.txt - --include=requirements/zeromq.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - requirements/static/ci/docs.in # <---- Doc CI Requirements ---------------------------------------------------------------------------------------- # ----- Lint CI Requirements --------------------------------------------------------------------------------------> - id: pip-tools-compile - alias: compile-ci-lint-py3.6-requirements - name: Lint CI Py3.6 Requirements - files: ^requirements/((base|zeromq)\.txt|static/(pkg/linux\.in|ci/(linux\.in|common\.in|lint\.in|py3\.6/linux\.txt)))$ - pass_filenames: false - args: - - -v - - --py-version=3.6 - - --platform=linux - - --include=requirements/base.txt - - --include=requirements/zeromq.txt - - --include=requirements/static/pkg/linux.in - - --include=requirements/static/ci/linux.in - - --include=requirements/static/ci/common.in - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - - requirements/static/ci/lint.in - - - id: pip-tools-compile - alias: compile-ci-lint-py3.7-requirements + alias: compile-ci-lint-3.7-requirements name: Lint CI Py3.7 Requirements files: ^requirements/((base|zeromq)\.txt|static/(pkg/linux\.in|ci/(linux\.in|common\.in|lint\.in|py3\.7/linux\.txt)))$ pass_filenames: false @@ -1015,7 +833,7 @@ repos: - requirements/static/ci/lint.in - id: pip-tools-compile - alias: compile-ci-lint-py3.8-requirements + alias: compile-ci-lint-3.8-requirements name: Lint CI Py3.8 Requirements files: ^requirements/((base|zeromq)\.txt|static/(pkg/linux\.in|ci/(linux\.in|common\.in|lint\.in|py3\.8/linux\.txt)))$ pass_filenames: false @@ -1032,7 +850,7 @@ repos: - requirements/static/ci/lint.in - id: pip-tools-compile - alias: compile-ci-lint-py3.9-requirements + alias: compile-ci-lint-3.9-requirements name: Lint CI Py3.9 Requirements files: ^requirements/((base|zeromq)\.txt|static/(pkg/linux\.in|ci/(linux\.in|common\.in|lint\.in|py3\.9/linux\.txt)))$ pass_filenames: false @@ -1049,7 +867,7 @@ repos: - requirements/static/ci/lint.in - id: pip-tools-compile - alias: compile-ci-lint-py3.10-requirements + alias: compile-ci-lint-3.10-requirements name: Lint CI Py3.10 Requirements files: ^requirements/((base|zeromq)\.txt|static/(pkg/linux\.in|ci/(linux\.in|common\.in|lint\.in|py3\.10/linux\.txt)))$ pass_filenames: false @@ -1069,31 +887,7 @@ repos: # ----- Changelog -------------------------------------------------------------------------------------------------> - id: pip-tools-compile - alias: compile-ci-changelog-py3.6-requirements - name: Changelog CI Py3.6 Requirements - files: ^requirements/static/ci/(changelog\.in|py3\.6/(changelog|linux)\.txt)$ - pass_filenames: false - args: - - -v - - --py-version=3.6 - - --platform=linux - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - - requirements/static/ci/changelog.in - - - id: pip-tools-compile - alias: compile-ci-changelog-py3.7-requirements - name: Changelog CI Py3.7 Requirements - files: ^requirements/static/ci/(changelog\.in|py3\.7/(changelog|linux)\.txt)$ - pass_filenames: false - args: - - -v - - --py-version=3.7 - - --platform=linux - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - - requirements/static/ci/changelog.in - - - id: pip-tools-compile - alias: compile-ci-changelog-py3.8-requirements + alias: compile-ci-changelog-3.8-requirements name: Changelog CI Py3.8 Requirements files: ^requirements/static/ci/(changelog\.in|py3\.8/(changelog|linux)\.txt)$ pass_filenames: false @@ -1105,7 +899,7 @@ repos: - requirements/static/ci/changelog.in - id: pip-tools-compile - alias: compile-ci-changelog-py3.9-requirements + alias: compile-ci-changelog-3.9-requirements name: Changelog CI Py3.9 Requirements files: ^requirements/static/ci/(changelog\.in|py3\.9/(changelog|linux)\.txt)$ pass_filenames: false @@ -1117,7 +911,7 @@ repos: - requirements/static/ci/changelog.in - id: pip-tools-compile - alias: compile-ci-changelog-py3.10-requirements + alias: compile-ci-changelog-3.10-requirements name: Changelog CI Py3.10 Requirements files: ^requirements/static/ci/(changelog\.in|py3\.10/(changelog|linux)\.txt)$ pass_filenames: false @@ -1131,18 +925,7 @@ repos: # ----- Invoke ----------------------------------------------------------------------------------------------------> - id: pip-tools-compile - alias: compile-ci-invoke-py3.6-requirements - name: Linux CI Py3.6 Invoke Requirements - files: ^requirements/static/ci/(invoke\.in|py3.6/(invoke|linux)\.txt)$ - pass_filenames: false - args: - - -v - - --py-version=3.6 - - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt - - requirements/static/ci/invoke.in - - - id: pip-tools-compile - alias: compile-ci-invoke-py3.7-requirements + alias: compile-ci-invoke-3.7-requirements name: Linux CI Py3.7 Invoke Requirements files: ^requirements/static/ci/(invoke\.in|py3.7/(invoke|linux)\.txt)$ pass_filenames: false @@ -1153,7 +936,7 @@ repos: - requirements/static/ci/invoke.in - id: pip-tools-compile - alias: compile-ci-invoke-py3.8-requirements + alias: compile-ci-invoke-3.8-requirements name: Linux CI Py3.8 Invoke Requirements files: ^requirements/static/ci/(invoke\.in|py3.8/(invoke|linux)\.txt)$ pass_filenames: false @@ -1164,7 +947,7 @@ repos: - requirements/static/ci/invoke.in - id: pip-tools-compile - alias: compile-ci-invoke-py3.9-requirements + alias: compile-ci-invoke-3.9-requirements name: Linux CI Py3.9 Invoke Requirements files: ^requirements/static/ci/(invoke\.in|py3.9/(invoke|linux)\.txt)$ pass_filenames: false @@ -1175,7 +958,7 @@ repos: - requirements/static/ci/invoke.in - id: pip-tools-compile - alias: compile-ci-invoke-py3.10-requirements + alias: compile-ci-invoke-3.10-requirements name: Linux CI Py3.10 Invoke Requirements files: ^requirements/static/ci/(invoke\.in|py3.10/(invoke|linux)\.txt)$ pass_filenames: false @@ -1186,25 +969,73 @@ repos: - requirements/static/ci/invoke.in # <---- Invoke ----------------------------------------------------------------------------------------------------- - # ----- Local Hooks -----------------------------------------------------------------------------------------------> - - repo: local - hooks: - - id: check-changelog-entries - name: Check Changelog Entries - entry: .pre-commit-hooks/check-changelog-entries.py - language: script - # <---- Local Hooks ------------------------------------------------------------------------------------------------ + # <---- PKG ci requirements----------------------------------------------------------------------------------------- + - id: pip-tools-compile + alias: compile-ci-pkg-3.10-requirements + name: PKG tests CI Py3.10 Requirements + files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((pkgtests|common)\.in|py3\.10/pkgtests\.in)))$ + pass_filenames: false + args: + - -v + - --py-version=3.10 + - --platform=linux + - --include=requirements/base.txt + - --include=requirements/zeromq.txt + - requirements/static/ci/pkgtests.in + + - id: pip-tools-compile + alias: compile-ci-windows-pkg-3.10-requirements + name: PKG tests Windows CI Py3.10 Requirements + files: ^requirements/((base|zeromq|pytest)\.txt|static/(pkg/linux\.in|ci/((pkgtests-windows|common)\.in|py3\.10/pkgtests-windows\.in)))$ + pass_filenames: false + args: + - -v + - --py-version=3.10 + - --platform=windows + - --include=requirements/base.txt + - --include=requirements/zeromq.txt + - requirements/static/ci/pkgtests-windows.in + + # <---- PKG ci requirements----------------------------------------------------------------------------------------- + + + # ----- Tools ----------------------------------------------------------------------------------------------------> + - id: pip-tools-compile + alias: compile-ci-tools-3.9-requirements + name: Linux CI Py3.9 Tools Requirements + files: ^requirements/static/ci/(tools\.in|py3.9/(tools|linux)\.txt)$ + pass_filenames: false + args: + - -v + - --py-version=3.9 + - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt + - requirements/static/ci/tools.in + + - id: pip-tools-compile + alias: compile-ci-tools-3.10-requirements + name: Linux CI Py3.10 Tools Requirements + files: ^requirements/static/ci/(tools\.in|py3.10/(tools|linux)\.txt)$ + pass_filenames: false + args: + - -v + - --py-version=3.10 + - --pip-args=--constraint=requirements/static/ci/py{py_version}/linux.txt + - requirements/static/ci/tools.in + # <---- Tools ----------------------------------------------------------------------------------------------------- # ----- Code Formatting -------------------------------------------------------------------------------------------> - repo: https://github.com/asottile/pyupgrade - rev: v2.31.0 + rev: v2.37.2 hooks: - id: pyupgrade name: Drop six usage and Py2 support args: [--py3-plus, --keep-mock] exclude: > (?x)^( - salt/client/ssh/ssh_py_shim.py| + salt/client/ssh/ssh_py_shim.py + | + salt/client/ssh/wrapper/pillar.py + | salt/ext/.*\.py )$ @@ -1215,7 +1046,7 @@ repos: - repo: https://github.com/s0undt3ch/salt-rewrite # Automatically rewrite code with known rules - rev: 1.3.2 + rev: 2.0.0 hooks: - id: salt-rewrite alias: rewrite-docstrings @@ -1229,7 +1060,7 @@ repos: - repo: https://github.com/s0undt3ch/salt-rewrite # Automatically rewrite code with known rules - rev: 1.3.2 + rev: 2.0.0 hooks: - id: salt-rewrite alias: rewrite-tests @@ -1238,7 +1069,7 @@ repos: args: [--silent, -E, fix_asserts, -E, fix_docstrings] - repo: https://github.com/timothycrosley/isort - rev: "1e78a9acf3110e1f9721feb591f89a451fc9876a" + rev: 5.12.0 hooks: - id: isort additional_dependencies: ['toml'] @@ -1252,7 +1083,7 @@ repos: )$ - repo: https://github.com/psf/black - rev: 21.7b0 + rev: 22.6.0 hooks: - id: black # This tells pre-commit not to pass files to black. @@ -1263,44 +1094,43 @@ repos: salt/ext/.*| tests/kitchen/.* )$ - additional_dependencies: - - click<8.1.0 - repo: https://github.com/asottile/blacken-docs - rev: v1.10.0 + rev: v1.12.1 hooks: - id: blacken-docs args: [--skip-errors] files: ^doc/.*\.rst additional_dependencies: - - click<8.1.0 - - black==21.7b0 + - black==22.6.0 # <---- Code Formatting -------------------------------------------------------------------------------------------- # ----- Security --------------------------------------------------------------------------------------------------> - repo: https://github.com/PyCQA/bandit - rev: "1.7.0" + rev: "1.7.4" hooks: - id: bandit alias: bandit-salt name: Run bandit against Salt - args: [--silent, -lll, --skip, B701] + args: [--silent, -lll, --skip, "B701,B324"] exclude: > (?x)^( templates/.*| salt/ext/.*| tests/.* )$ + additional_dependencies: ['importlib_metadata<5'] - repo: https://github.com/PyCQA/bandit - rev: "1.7.0" + rev: "1.7.4" hooks: - id: bandit alias: bandit-tests name: Run bandit against the test suite - args: [--silent, -lll, --skip, B701] + args: [--silent, -lll, --skip, "B701,B324"] files: ^tests/.* exclude: ^tests/minionswarm\.py + additional_dependencies: ['importlib_metadata<5'] # <---- Security --------------------------------------------------------------------------------------------------- # ----- Pre-Commit ------------------------------------------------------------------------------------------------> @@ -1319,6 +1149,8 @@ repos: - distro==1.7.0 - jinja2==3.0.3 - msgpack==1.0.3 + - packaging + - looseversion - repo: https://github.com/saltstack/invoke-pre-commit rev: v1.9.0 @@ -1336,6 +1168,8 @@ repos: - distro==1.7.0 - jinja2==3.0.3 - msgpack==1.0.3 + - packaging + - looseversion - repo: https://github.com/saltstack/invoke-pre-commit rev: v1.9.0 @@ -1357,6 +1191,8 @@ repos: - distro==1.7.0 - jinja2==3.0.3 - msgpack==1.0.3 + - packaging + - looseversion - repo: https://github.com/saltstack/invoke-pre-commit rev: v1.9.0 @@ -1378,6 +1214,8 @@ repos: - distro==1.7.0 - jinja2==3.0.3 - msgpack==1.0.3 + - packaging + - looseversion - repo: https://github.com/saltstack/invoke-pre-commit rev: v1.9.0 @@ -1401,14 +1239,31 @@ repos: - distro==1.7.0 - jinja2==3.0.3 - msgpack==1.0.3 + - packaging + - looseversion + + - repo: https://github.com/pre-commit/mirrors-mypy + rev: v1.0.0 + hooks: + - id: mypy + alias: mypy-tools + name: Run mypy against tools + files: ^tools/.*\.py$ + #args: [--strict] + additional_dependencies: + - attrs + - rich + - types-attrs + - types-pyyaml + - types-requests - repo: https://github.com/saltstack/mirrors-nox - rev: v2020.8.22 + rev: v2021.6.12 hooks: - id: nox alias: lint-salt name: Lint Salt - files: ^((setup|noxfile)|(salt|tasks)/.*)\.py$ + files: ^((setup|noxfile)|(salt|tasks|tools)/.*)\.py$ exclude: > (?x)^( templates/.*| @@ -1423,7 +1278,7 @@ repos: - pip>=20.2.4,<21.2 - repo: https://github.com/saltstack/mirrors-nox - rev: v2020.8.22 + rev: v2021.6.12 hooks: - id: nox alias: lint-tests diff --git a/.pre-commit-hooks/check-changelog-entries.py b/.pre-commit-hooks/check-changelog-entries.py deleted file mode 100755 index a5ae631962c..00000000000 --- a/.pre-commit-hooks/check-changelog-entries.py +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/env python3 -# pylint: skip-file - -import pathlib -import re -import sys - -CODE_ROOT = pathlib.Path(__file__).resolve().parent.parent -DOCS_PATH = CODE_ROOT / "doc" -TESTS_INTEGRATION_FILES_PATH = CODE_ROOT / "tests" / "integration" / "files" -CHANGELOG_ENTRIES_PATH = CODE_ROOT / "changelog" -CHANGELOG_LIKE_RE = re.compile(r"([\d]+)\.([a-z]+)$") -CHANGELOG_EXTENSIONS = ( - "removed", - "deprecated", - "changed", - "fixed", - "added", - "security", -) -CHANGELOG_ENTRY_RE = re.compile( - r"([\d]+|(CVE|cve)-[\d]{{4}}-[\d]+)\.({})$".format("|".join(CHANGELOG_EXTENSIONS)) -) - - -def check_changelog_entries(files): - - exitcode = 0 - for entry in files: - path = pathlib.Path(entry).resolve() - # Is it under changelog/ - try: - path.relative_to(CHANGELOG_ENTRIES_PATH) - if path.name == ".keep": - # This is the file we use so git doesn't delete the changelog/ directory - continue - # Is it named properly - if not CHANGELOG_ENTRY_RE.match(path.name): - print( - "The changelog entry '{}' should have one of the following extensions: {}.".format( - path.relative_to(CODE_ROOT), - ", ".join(repr(ext) for ext in CHANGELOG_EXTENSIONS), - ), - file=sys.stderr, - flush=True, - ) - exitcode = 1 - continue - except ValueError: - # No, carry on - pass - # Does it look like a changelog entry - if CHANGELOG_LIKE_RE.match(path.name) and not CHANGELOG_ENTRY_RE.match( - path.name - ): - try: - # Is this under doc/ - path.relative_to(DOCS_PATH) - # Yes, carry on - continue - except ValueError: - # No, resume the check - pass - try: - # Is this under tests/integration/files - path.relative_to(TESTS_INTEGRATION_FILES_PATH) - # Yes, carry on - continue - except ValueError: - # No, resume the check - pass - print( - "The changelog entry '{}' should have one of the following extensions: {}.".format( - path.relative_to(CODE_ROOT), - ", ".join(repr(ext) for ext in CHANGELOG_EXTENSIONS), - ), - file=sys.stderr, - flush=True, - ) - exitcode = 1 - continue - # Is it a changelog entry - if not CHANGELOG_ENTRY_RE.match(path.name): - # No? Carry on - continue - # Is the changelog entry in the right path? - try: - path.relative_to(CHANGELOG_ENTRIES_PATH) - except ValueError: - exitcode = 1 - print( - "The changelog entry '{}' should be placed under '{}/', not '{}'".format( - path.name, - CHANGELOG_ENTRIES_PATH.relative_to(CODE_ROOT), - path.relative_to(CODE_ROOT).parent, - ), - file=sys.stderr, - flush=True, - ) - sys.exit(exitcode) - - -if __name__ == "__main__": - check_changelog_entries(sys.argv[1:]) diff --git a/.pylintrc b/.pylintrc index 6a2d28103f9..6e57ff6a4f7 100644 --- a/.pylintrc +++ b/.pylintrc @@ -680,11 +680,13 @@ allowed-3rd-party-modules=msgpack, libcloud, zmq, pytest, + _pytest, attr, setuptools, pytestsalt, saltfactories, psutil, + pytestshellutils, distro, os, re, @@ -692,7 +694,10 @@ allowed-3rd-party-modules=msgpack, copy, base64, tempfile, - fnmatch + fnmatch, + ptscripts, + packaging, + looseversion [EXCEPTIONS] diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f5faf9ffc8..1132b94882b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,11 +7,1787 @@ Versions are `MAJOR.PATCH`. # Changelog -Salt 3004 (2021-10-11) -====================== +## 3006.1 (2023-05-05) -Removed -------- + +### Fixed + +- Check that the return data from the cloud create function is a dictionary before attempting to pull values out. [#61236](https://github.com/saltstack/salt/issues/61236) +- Ensure NamedLoaderContext's have their value() used if passing to other modules [#62477](https://github.com/saltstack/salt/issues/62477) +- add documentation note about reactor state ids. [#63589](https://github.com/saltstack/salt/issues/63589) +- Added support for ``test=True`` to the ``file.cached`` state module [#63785](https://github.com/saltstack/salt/issues/63785) +- Updated `source_hash` documentation and added a log warning when `source_hash` is used with a source other than `http`, `https` and `ftp`. [#63810](https://github.com/saltstack/salt/issues/63810) +- Fixed clear pillar cache on every highstate and added clean_pillar_cache=False to saltutil functions. [#64081](https://github.com/saltstack/salt/issues/64081) +- Fix dmsetup device names with hyphen being picked up. [#64082](https://github.com/saltstack/salt/issues/64082) +- Update all the scheduler functions to include a fire_event argument which will determine whether to fire the completion event onto the event bus. + This event is only used when these functions are called via the schedule execution modules. + Update all the calls to the schedule related functions in the deltaproxy proxy minion to include fire_event=False, as the event bus is not available when these functions are called. [#64102](https://github.com/saltstack/salt/issues/64102), [#64103](https://github.com/saltstack/salt/issues/64103) +- Default to a 0 timeout if none is given for the terraform roster to avoid `-o ConnectTimeout=None` when using `salt-ssh` [#64109](https://github.com/saltstack/salt/issues/64109) +- Disable class level caching of the file client on `SaltCacheLoader` and properly use context managers to take care of initialization and termination of the file client. [#64111](https://github.com/saltstack/salt/issues/64111) +- Fixed several file client uses which were not properly terminating it by switching to using it as a context manager + whenever possible or making sure `.destroy()` was called when using a context manager was not possible. [#64113](https://github.com/saltstack/salt/issues/64113) +- Fix running setup.py when passing in --salt-config-dir and --salt-cache-dir arguments. [#64114](https://github.com/saltstack/salt/issues/64114) +- Moved /etc/salt/proxy and /lib/systemd/system/salt-proxy@.service to the salt-minion DEB package [#64117](https://github.com/saltstack/salt/issues/64117) +- Stop passing `**kwargs` and be explicit about the keyword arguments to pass, namely, to `cp.cache_file` call in `salt.states.pkg` [#64118](https://github.com/saltstack/salt/issues/64118) +- lgpo_reg.set_value now returns ``True`` on success instead of ``None`` [#64126](https://github.com/saltstack/salt/issues/64126) +- Make salt user's home /opt/saltstack/salt [#64141](https://github.com/saltstack/salt/issues/64141) +- Fix cmd.run doesn't output changes in test mode [#64150](https://github.com/saltstack/salt/issues/64150) +- Move salt user and group creation to common package [#64158](https://github.com/saltstack/salt/issues/64158) +- Fixed issue in salt-cloud so that multiple masters specified in the cloud + are written to the minion config properly [#64170](https://github.com/saltstack/salt/issues/64170) +- Make sure the `salt-ssh` CLI calls it's `fsclient.destroy()` method when done. [#64184](https://github.com/saltstack/salt/issues/64184) +- Stop using the deprecated `salt.transport.client` imports. [#64186](https://github.com/saltstack/salt/issues/64186) +- Add a `.pth` to the Salt onedir env to ensure packages in extras are importable. Bump relenv to 0.12.3. [#64192](https://github.com/saltstack/salt/issues/64192) +- Fix ``lgpo_reg`` state to work with User policy [#64200](https://github.com/saltstack/salt/issues/64200) +- Cloud deployment directories are owned by salt user and group [#64204](https://github.com/saltstack/salt/issues/64204) +- ``lgpo_reg`` state now enforces and reports changes to the registry [#64222](https://github.com/saltstack/salt/issues/64222) + + +## 3006.0 (2023-04-18) + + +### Removed + +- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) +- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) +- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) +- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874) + + +### Deprecated + +- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) +- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) +- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) +- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) +- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) +- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) +- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) +- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) +- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) +- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) +- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + + +### Changed + +- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) +- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) +- ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) +- Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) +- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) +- Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) +- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) +- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) +- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) +- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) +- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) +- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) +- netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt-api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050) +- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) +- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) +- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) +- Upgraded to `relenv==0.9.0` [#63883](https://github.com/saltstack/salt/issues/63883) + + +### Fixed + +- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) +- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) +- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) +- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) +- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) +- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) +- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) +- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) +- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) +- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) +- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) +- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) +- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) +- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) +- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) +- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) +- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) +- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) +- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) +- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) +- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) +- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) +- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) +- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) +- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) +- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) +- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) +- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) +- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) +- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) +- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) +- linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) +- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) +- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) +- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) +- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) +- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) +- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) +- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) +- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) +- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) +- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) +- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) +- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) +- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) +- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) +- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) +- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) +- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) +- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) +- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) +- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) +- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) +- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) +- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) +- state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) +- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) +- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) +- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb-release is installed or not. They have been changed to + only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618) +- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) +- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) +- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) +- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) +- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) +- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) +- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) +- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) +- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) +- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) +- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) +- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) +- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) +- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) +- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) +- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) +- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) +- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) +- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) +- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) +- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) +- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) +- Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) +- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) +- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) +- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) +- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) +- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) +- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) +- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) +- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) +- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) +- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) +- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) +- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) +- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) +- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) +- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) +- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) +- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) +- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) +- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) +- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) +- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) +- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) +- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) +- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) +- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) +- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) +- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) +- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) +- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) +- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) +- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) +- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) +- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) +- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) +- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) +- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) +- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) +- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) +- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) +- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) +- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) +- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) +- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) +- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) +- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) +- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) +- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) +- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) +- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) +- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) +- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) +- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) +- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) +- Remove mako as a dependency in Windows and macOS. [#62785](https://github.com/saltstack/salt/issues/62785) +- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) +- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) +- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) +- Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) +- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) +- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) +- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) +- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) +- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) +- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) +- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) +- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) +- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) +- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) +- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) +- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) +- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) +- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) +- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) +- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) +- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) +- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) +- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) +- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) +- The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) +- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) +- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) +- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) +- Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) +- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) +- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) +- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) +- User responsible for the runner is now correctly reported in the events on the event bus for the runner. [#63148](https://github.com/saltstack/salt/issues/63148) +- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) +- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) +- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317) +- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) +- ``service.status`` on Windows does no longer throws a CommandExecutionError if + the service is not found on the system. It now returns "Not Found" instead. [#63577](https://github.com/saltstack/salt/issues/63577) +- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) +- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) +- Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (``delete_after``) [#63650](https://github.com/saltstack/salt/issues/63650) +- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699) +- have salt.template.compile_template_str cleanup its temp files. [#63724](https://github.com/saltstack/salt/issues/63724) +- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) +- Fixed an issue with generating fingerprints for public keys with different line endings [#63742](https://github.com/saltstack/salt/issues/63742) +- Add `fileserver_interval` and `maintenance_interval` master configuration options. These options control how often to restart the FileServerUpdate and Maintenance processes. Some file server and pillar configurations are known to cause memory leaks over time. A notable example of this are configurations that use pygit2. Salt can not guarantee dependency libraries like pygit2 won't leak memory. Restarting any long running processes that use pygit2 guarantees we can keep the master's memory usage in check. [#63747](https://github.com/saltstack/salt/issues/63747) +- mac_xattr.list and mac_xattr.read will replace undecode-able bytes to avoid raising CommandExecutionError. [#63779](https://github.com/saltstack/salt/issues/63779) [#63779](https://github.com/saltstack/salt/issues/63779) +- Change default GPG keyserver from pgp.mit.edu to keys.openpgp.org. [#63806](https://github.com/saltstack/salt/issues/63806) +- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835) +- Ensure kwargs is passed along to _call_apt when passed into install function. [#63847](https://github.com/saltstack/salt/issues/63847) +- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879) +- add linux_distribution to util to stop dep warning [#63904](https://github.com/saltstack/salt/issues/63904) +- Fix valuerror when trying to close fileclient. Remove usage of __del__ and close the filclient properly. [#63920](https://github.com/saltstack/salt/issues/63920) +- Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. [#63923](https://github.com/saltstack/salt/issues/63923) +- Clarifying documentation for extension_modules configuration option. [#63929](https://github.com/saltstack/salt/issues/63929) +- Windows pkg module now properly handles versions containing strings [#63935](https://github.com/saltstack/salt/issues/63935) +- Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn't used by that function. [#63948](https://github.com/saltstack/salt/issues/63948) +- Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows [#63981](https://github.com/saltstack/salt/issues/63981) +- Hardened permissions on workers.ipc and master_event_pub.ipc. [#64063](https://github.com/saltstack/salt/issues/64063) + + +### Added + +- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `--salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) +- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) +- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) +- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) +- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) +- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) +- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) +- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) +- Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) +- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) +- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) +- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) +- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) +- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) +- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) +- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) +- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) +- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) +- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) +- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) +- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) +- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) +- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) +- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) +- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) +- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) +- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) +- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) +- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) +- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) +- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) +- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) +- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) +- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) +- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) +- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) +- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) +- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) +- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) +- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) +- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) +- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) +- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) +- Fix running fast tests twice and add git labels to suite. [#63081](https://github.com/saltstack/salt/issues/63081) +- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) +- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) +- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) +- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) +- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) +- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) +- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) +- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) +- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) +- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) +- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) +- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827) +- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866) +- Adding the ability to exclude arguments from a state that end up passed to cmd.retcode when requisites such as onlyif or unless are used. [#63956](https://github.com/saltstack/salt/issues/63956) +- Add --next-release argument to salt/version.py, which prints the next upcoming release. [#64023](https://github.com/saltstack/salt/issues/64023) + + +### Security + +- Upgrade Requirements Due to Security Issues. + + * Upgrade to `cryptography>=39.0.1` due to: + * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5 + * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r + * Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade. + * Update to `markdown-it-py==2.2.0` due to: + * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3 + * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 [#63882](https://github.com/saltstack/salt/issues/63882) + + +## 3006.0rc3 (2023-03-29) + + +### Removed + +- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) +- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) +- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) +- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874) + + +### Deprecated + +- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) +- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) +- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) +- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) +- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) +- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) +- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) +- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) +- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) +- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) +- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + + +### Changed + +- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) +- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) +- ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) +- Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) +- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) +- Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) +- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) +- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) +- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) +- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) +- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) +- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) +- netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt-api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050) +- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) +- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) +- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) +- Upgraded to `relenv==0.9.0` [#63883](https://github.com/saltstack/salt/issues/63883) + + +### Fixed + +- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) +- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) +- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) +- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) +- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) +- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) +- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) +- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) +- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) +- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) +- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) +- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) +- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) +- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) +- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) +- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) +- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) +- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) +- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) +- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) +- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) +- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) +- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) +- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) +- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) +- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) +- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) +- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) +- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) +- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) +- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) +- linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) +- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) +- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) +- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) +- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) +- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) +- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) +- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) +- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) +- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) +- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) +- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) +- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) +- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) +- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) +- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) +- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) +- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) +- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) +- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) +- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) +- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) +- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) +- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) +- state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) +- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) +- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) +- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb-release is installed or not. They have been changed to + only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618) +- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) +- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) +- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) +- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) +- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) +- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) +- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) +- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) +- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) +- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) +- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) +- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) +- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) +- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) +- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) +- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) +- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) +- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) +- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) +- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) +- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) +- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) +- Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) +- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) +- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) +- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) +- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) +- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) +- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) +- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) +- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) +- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) +- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) +- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) +- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) +- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) +- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) +- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) +- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) +- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) +- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) +- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) +- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) +- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) +- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) +- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) +- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) +- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) +- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) +- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) +- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) +- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) +- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) +- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) +- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) +- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) +- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) +- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) +- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) +- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) +- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) +- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) +- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) +- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) +- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) +- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) +- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) +- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) +- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) +- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) +- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) +- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) +- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) +- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) +- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) +- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) +- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) +- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) +- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) +- Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) +- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) +- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) +- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) +- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) +- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) +- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) +- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) +- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) +- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) +- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) +- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) +- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) +- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) +- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) +- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) +- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) +- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) +- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) +- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) +- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) +- The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) +- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) +- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) +- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) +- Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) +- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) +- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) +- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) +- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) +- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) +- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317) +- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) +- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) +- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) +- Fixed the ability to set a scheduled task to auto delete if not scheduled to run again (``delete_after``) [#63650](https://github.com/saltstack/salt/issues/63650) +- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699) +- have salt.template.compile_template_str cleanup its temp files. [#63724](https://github.com/saltstack/salt/issues/63724) +- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) +- Fixed an issue with generating fingerprints for public keys with different line endings [#63742](https://github.com/saltstack/salt/issues/63742) +- Change default GPG keyserver from pgp.mit.edu to keys.openpgp.org. [#63806](https://github.com/saltstack/salt/issues/63806) +- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835) +- Ensure kwargs is passed along to _call_apt when passed into install function. [#63847](https://github.com/saltstack/salt/issues/63847) +- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879) +- add linux_distribution to util to stop dep warning [#63904](https://github.com/saltstack/salt/issues/63904) +- Handle the situation when a sub proxy minion does not init properly, eg. an exception happens, and the sub proxy object is not available. [#63923](https://github.com/saltstack/salt/issues/63923) +- Clarifying documentation for extension_modules configuration option. [#63929](https://github.com/saltstack/salt/issues/63929) +- Windows pkg module now properly handles versions containing strings [#63935](https://github.com/saltstack/salt/issues/63935) +- Handle the scenario when the check_cmd requisite is used with a state function when the state has a local check_cmd function but that function isn't used by that function. [#63948](https://github.com/saltstack/salt/issues/63948) +- Issue #63981: Allow users to pass verify_ssl to pkg.install/pkg.installed on Windows [#63981](https://github.com/saltstack/salt/issues/63981) + + +### Added + +- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `--salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) +- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) +- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) +- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) +- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) +- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) +- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) +- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) +- Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) +- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) +- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) +- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) +- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) +- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) +- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) +- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) +- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) +- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) +- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) +- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) +- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) +- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) +- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) +- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) +- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) +- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) +- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) +- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) +- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) +- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) +- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) +- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) +- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) +- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) +- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) +- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) +- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) +- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) +- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) +- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) +- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) +- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) +- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) +- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) +- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) +- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) +- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) +- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) +- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) +- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) +- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) +- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) +- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) +- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) +- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827) +- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866) + + +### Security + +- Upgrade Requirements Due to Security Issues. + + * Upgrade to `cryptography>=39.0.1` due to: + * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5 + * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r + * Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade. + * Update to `markdown-it-py==2.2.0` due to: + * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3 + * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 [#63882](https://github.com/saltstack/salt/issues/63882) + + +## 3006.0rc2 (2023-03-19) + + +### Removed + +- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) +- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) +- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) +- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874) + + +### Deprecated + +- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) +- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) +- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) +- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) +- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) +- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) +- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) +- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) +- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) +- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) +- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + + +### Changed + +- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) +- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) +- ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) +- Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) +- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) +- Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) +- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) +- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) +- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) +- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) +- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) +- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) +- netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt-api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050) +- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) +- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) +- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) + + +### Fixed + +- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) +- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) +- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) +- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) +- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) +- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) +- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) +- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) +- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) +- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) +- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) +- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) +- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) +- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) +- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) +- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) +- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) +- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) +- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) +- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) +- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) +- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) +- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) +- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) +- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) +- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) +- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) +- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) +- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) +- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) +- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) +- linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) +- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) +- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) +- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) +- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) +- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) +- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) +- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) +- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) +- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) +- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) +- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) +- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) +- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) +- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) +- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) +- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) +- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) +- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) +- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) +- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) +- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) +- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) +- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) +- state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) +- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) +- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) +- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb-release is installed or not. They have been changed to + only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618) +- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) +- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) +- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) +- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) +- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) +- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) +- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) +- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) +- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) +- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) +- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) +- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) +- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) +- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) +- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) +- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) +- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) +- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) +- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) +- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) +- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) +- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) +- Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) +- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) +- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) +- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) +- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) +- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) +- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) +- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) +- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) +- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) +- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) +- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) +- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) +- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) +- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) +- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) +- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) +- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) +- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) +- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) +- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) +- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) +- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) +- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) +- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) +- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) +- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) +- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) +- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) +- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) +- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) +- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) +- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) +- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) +- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) +- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) +- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) +- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) +- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) +- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) +- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) +- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) +- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) +- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) +- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) +- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) +- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) +- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) +- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) +- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) +- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) +- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) +- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) +- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) +- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) +- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) +- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) +- Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) +- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) +- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) +- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) +- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) +- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) +- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) +- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) +- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) +- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) +- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) +- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) +- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) +- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) +- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) +- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) +- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) +- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) +- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) +- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) +- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) +- The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) +- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) +- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) +- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) +- Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) +- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) +- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) +- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) +- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) +- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) +- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317) +- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) +- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) +- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) +- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699) +- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) +- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835) +- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879) + + +### Added + +- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `--salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) +- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) +- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) +- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) +- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) +- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) +- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) +- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) +- Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) +- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) +- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) +- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) +- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) +- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) +- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) +- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) +- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) +- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) +- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) +- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) +- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) +- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) +- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) +- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) +- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) +- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) +- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) +- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) +- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) +- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) +- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) +- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) +- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) +- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) +- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) +- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) +- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) +- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) +- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) +- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) +- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) +- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) +- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) +- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) +- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) +- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) +- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) +- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) +- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) +- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) +- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) +- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) +- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) +- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) +- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827) +- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866) + + +## 3006.0rc1 (2023-03-01) + + +### Removed + +- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917) +- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476) +- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432) + + +### Deprecated + +- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds. + `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295) +- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542) +- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009) +- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485) +- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644) +- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754) +- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914) +- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915) +- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917) +- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095) +- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383) + + +### Changed + +- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609) +- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430) +- ``umask`` is now a global state argument, instead of only applying to ``cmd`` + states. [#57803](https://github.com/saltstack/salt/issues/57803) +- Update pillar.obfuscate to accept kwargs in addition to args. This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971) +- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439) +- Add missing MariaDB Grants to mysql module. + MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. + Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409) +- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089) +- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168) +- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218) +- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346) +- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895) +- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012) +- netapi_enable_clients option to allow enabling/disabling of clients in salt-api. + By default all clients will now be disabled. Users of salt-api will need + to update their master config to enable the clients that they use. Not adding + the netapi_enable_clients option with required clients to the master config will + disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050) +- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383) +- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595) +- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710) + + +### Fixed + +- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138) +- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292) +- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054) +- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306) +- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823) +- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201) +- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310) +- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620) +- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739) +- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167) +- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339) +- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400) +- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353) +- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377) +- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914) +- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988) +- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347) +- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508) +- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682) +- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907) +- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226) +- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269) +- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016) +- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093) +- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139) +- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463) +- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535) +- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842) +- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165) +- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202) +- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297) +- linux_shadow: Fix cases where malformed shadow entries cause `user.present` + states to fail. [#58423](https://github.com/saltstack/salt/issues/58423) +- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729) +- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953) +- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017) +- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169) +- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183) +- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315) +- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585) +- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766) +- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786) +- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909) +- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003) +- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170) +- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227) +- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249) +- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365) +- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467) +- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557) +- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853) +- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915) +- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994) +- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995) +- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997) +- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083) +- state.orchestrate_single only passes a pillar if it is set to the state + function. This allows it to be used with state functions that don't accept a + pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092) +- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122) +- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422) +- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux + Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`, + `osfinger` grains if lsb-release is installed or not. They have been changed to + only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618) +- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619) +- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650) +- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727) +- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789) +- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805) +- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814) +- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816) +- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821) +- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827) +- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859) +- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860) +- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966) +- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019) +- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022) +- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029) +- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030) +- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032) +- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053) +- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058) +- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074) +- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082) +- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101) +- Pass executable path from _get_path_exec() is used when calling the program. + The $HOME env is no longer modified globally. + Only trailing newlines are stripped from the fetched secret. + Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120) +- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131) +- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139) +- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152) +- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185) +- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197) +- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198) +- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204) +- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211) +- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220) +- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235) +- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248) +- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273) +- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281) +- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283) +- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323) +- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334) +- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336) +- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372) +- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377) +- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390) +- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405) +- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes. When there are changes, the state with the prereq option will be run prior to the prereq state. If this state fails then the prereq state will not run and the state output uses the test=True run. However, the proposed changes are included for the prereq state are included from the test=True run. We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408) +- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426) +- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435) +- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated. Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439) +- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451) +- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461) +- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474) +- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483) +- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499) +- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502) +- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519) +- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521) +- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523) +- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547) +- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556) +- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558) +- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565) +- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576) +- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580) +- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587) +- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595) +- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618) +- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624) +- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633) +- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651) +- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654) +- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657) +- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670) +- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672) +- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676) +- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728) +- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772) +- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793) +- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795) +- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817) +- Include UID and GID checks in modules.file.check_perms as well as comparing + ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818) +- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826) +- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845) +- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854) +- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858) +- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873) +- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878) +- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882) +- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886) +- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900) +- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933) +- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934) +- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937) +- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940) +- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942) +- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953) +- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968) +- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977) +- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986) +- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988) +- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993) +- The `__opts__` dunder dictionary is now added to the loader's `pack` if not + already present, which makes it accessible via the + `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013) +- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024) +- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025) +- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033) +- Fix mongo authentication for mongo ext_pillar and mongo returner + + This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058) +- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103) +- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120) +- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145) +- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208) +- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231) +- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350) +- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows. When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590) +- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596) +- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729) + + +### Added + +- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`, + but can be individually customized during installation by specifying + `--salt-lib-state-dir` during installation. Change the default `pki_dir` to + `/pki/master` (for the master) and `/pki/minion` + (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396) +- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468) +- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287) +- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088) +- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679) +- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713) +- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013) +- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500) +- Added `openvswitch_db` state module and functions `bridge_to_parent`, + `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module. + Also added optional `parent` and `vlan` parameters to the + `openvswitch_bridge.present` state module function and the + `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986) +- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154) +- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430) +- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518) +- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700) +- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722) +- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153) +- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245) +- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319) +- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335) +- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420) +- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433) +- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857) +- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931) +- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009) +- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031) +- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets. + Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass. + Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass. + Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120) +- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178) +- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275) +- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381) +- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446) +- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480) +- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496) +- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508) +- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539) +- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578) +- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678) +- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761) +- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768) +- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856) +- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867) +- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978) +- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983) +- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042) +- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067) +- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093) +- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095) +- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098) +- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128) +- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131) +- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248) +- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249) +- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315) +- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id. + This allows users to enable state_events on a per use basis rather than having to + enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316) +- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356) +- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606) + + +## Salt 3005.1 (2022-09-26) + +### Fixed + +- Fix arch parsing issue in apt source files (#62247) +- Fixed parsing CDROM apt sources (#62474) +- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. (#62546) +- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. (#62547) +- fixes #62553 by checking for disabled master_type before starting master connection and skipping it if set. (#62553) +- Fix runas with cmd module when using the onedir bundled packages (#62565) +- Fix the Pyinstaller hooks to preserve the environment if None is passed. (#62567, #62628) +- pkgrepo.managed sets wrong permissions on keys installed to /etc/apt/keyring (#62569) +- pkgrepo.managed creates zero byte gpg files when dearmoring contents to the same filename (#62570) +- Ensure default values for IPC Buffers are correct type (#62591) +- Fix a hang on salt-ssh when using sudo. (#62603) +- Renderers now have access to the correct set of salt functions. (#62610, #62620) +- Fix including Jinja template from absolute path (#62611) +- include jmespath in package requirements (#62613) +- Fix pkgrepo.managed signed-by in test=true mode (#62662) +- Ensure the status of the service is captured when the beacon function is called, even when the event is not being emitted. (#62675) +- The sub proxies controlled by Deltaproxy need to have their own req_channel otherwise there are timeout exceptions when the __master_req_channel_payload is fired and reacted on. (#62708) + + +## Salt 3005 (2022-08-22) + +### Removed + +- Deprecating and removing salt-unity. (#56055) +- Removed support for macos mojave (#61130) +- Removed `salt.utils.MultiprocessingProcess` and `salt.utils.SignalHandlingMultiprocessingProcess`. Please use `salt.utils.Process` and `salt.utils.SignalHandlingProcess` instead. (#61573) +- Remove the grains.get_or_set_hash function. Please reference pillar and SDB documentation for secure ways to manage sensitive information. Grains are an insecure way to store secrets. (#61691) +- Removed the `telnet_port`, `serial_type` and `console` parameters in salt/modules/virt.py. Use the `serials` and `consoles` parameters instead. Use the `serials` parameter with a value like ``{{{{'type': 'tcp', 'protocol': 'telnet', 'port': {}}}}}`` instead and a similar `consoles` parameter. (#61693) +- Remove remove_lock in zypperpkg.py in favor of unhold. + Remove add_lock in zypperpkg.py in favor of hold. (#61694) +- Removed support for old-style Windows Group Policy names + Recommended policy names will be displayed in comments (#61696) +- Remove the feature flag feature.enable_slsvars_fixes and enable the fixes for `sls_path`, `tpl_file`, and `tpldir` by default. + Enabling this behavior by default will fix the following: + - tpldir: If your directory name and your SLS file name are the same tpldir used to return a ., now it returns the correct directory name. + - slspath,slsdotpath,slscolonpath,sls_path: If an init.sls file is accessed by its explicit name path.to.init instead of path.to, init shows up as a directory for in various sls context parameters, now it will only show as a file. + - tplfile: When using tplfile in a SLS file in the root directory of file roots it returns empty. Now it returns the filename. (#61697) +- Remove SaltMessageServer.shutdown in favor of close. + Remove LoadBalancerWorker.stop in favor of close. (#61698) +- Removed the PyObjC dependency. + + This addresses problems with building a one dir build for macOS. + It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built). + Since it's currently not being used, it's removed. (#62432) + + +### Deprecated + +- In etcd_util, the recursive kwarg in the read and delete methods has been deprecated in favor of recurse for both client versions. + In etcd_util, the index kwarg in the watch method has been deprecated in favor of start_revision for both client versions. + In etcd_util, the waitIndex kwarg in the read method has been deprecated in favor of start_revision for both client versions. + The etcd API v2 implementation has been deprecated in favor of etcd API v3. (#60325) +- Deprecated transport kwarg inside salt.utils.event.get_event (#61275) +- Deprecated netmiko_conn and pyeapi_conn in napalm_mod.py as these function should not be called from the CLI (#61566) +- Deprecate all Azure cloud modules (#62183) +- Deprecated ``defaults`` and ``preserve_context`` for ``salt.utils.functools.namespaced_function``. + Additionally, the behavior when ``preserve_namespace=True`` was passed is now the default in order not to require duplicating imports on the modules that are namespacing functions. (#62272) +- Deprecated the cassandra module in favor of the cassandra_cql module/returner. (#62327) + + +### Changed + +- alternatives: Do not access /var/lib/dpkg/alternatives directly (#58745) +- Enhance logging when there are errors at loading beacons (#60402) +- Updated mysql cache module to also store updated timestamp, making it consistent with default cache module. Users of mysql cache should ensure database size before updating, as ALTER TABLE will add the timestamp column. (#61081) +- Changed linux_shadow to test success of commands using cmd.retcode instead of cmd.run (#61932) +- `zabbix.user_get` returns full user info with groups and medias + `zabbix.user_addmedia` returns error for Zabbix 4.0+ due to `user.addmedia` method removal + `zabbix.user_deletemedia` returns error for Zabbix 4.0+ due to `user.deletemedia` method removal (#62012) +- "Sign before ending the testrun in x509.create_certificate" (#62100) + + +### Fixed + +- Fix salt-ssh using sudo with a password (#8882) +- Fix SSH password regex to not search for content after password:. (#25721) +- Addressing a few issues when having keep_symlinks set to True with file.recurse. Also allow symlinks that are outside the salt fileserver root to be discoverable as symlinks when fileserver_followsymlinks is set to False. (#29562) +- serialize to JSON only non string objects. (#35215) +- Fix archive.extracted doesn't set user/group ownership correctly (#38605) +- Make sys.argspec work on functions with annotations (#48735) +- Fixed pdbedit.list_users with Samba 4.8 (#49648) +- Fixes a scenario where ipv6 is enabled but the master is configured as an ipv4 IP address. (#49835) +- Ensure that NOTIFY_SOCKET is not passed to child processes created with cmdmod unless it's set explicitly for such call. (#50851) +- remove escaping of dbname in mysql.alter_db function. (#51559) +- Fix runit module failing to find service if it is not symlinked. (#52759) +- Changed manage.versions to report minions offline if minion call fails. (#53513) +- Fixed events stream from /events endpoint not halting when auth token has expired. (#53742) +- Fixed user.present which was breaking when updating workphone,homephone, fullname and "other" fields in case int was passed instead of string (#53961) +- Fix error in webutil state module when attempting to grep a file that does not exist. (#53977) +- Fixed ability to modify the "Audit: Force audit policy subcategory settings..." policy (#54301) +- Fix timeout handling in netapi/saltnado. (#55394) +- Fixing REST auth so that we actually support using ACLs from the REST server like we said in the documentation. (#55654) +- Salt now correctly handles macOS after Py3.8 where python defaults to spawn instead of fork. (#55847) +- Factor out sum and sorting of permissions into separate functions. + Additionally, the same logic was applied to the rest_cherrypy netapi (#56495) +- Display packages that are marked NoRemove in pkg.list_pkgs for Windows platforms (#56864) +- Attempt to fix 56957 by detecting the broken recusion and stopping it. (#56957) +- Fixed bytes vs. text issue when using sqlite for sdb backend. (#57133) +- Ensure test is added to opts when using the state module with salt-ssh. (#57144) +- Fixed RuntimeError OrderedDict mutated in network.managed for Debian systems. (#57721) +- Improved the multiprocessing classes to better handle spawning platforms (#57742) +- Config options are enforced according to config type (#57873) +- fixed 57992 fix multi item kv v2 items read. (#57992) +- Fixed thread leak during FQDN lookup when DNS entries had malformed PTR records, or other similar issues. (#58141) +- Remove unnecessary dot in template that cause the bridge interface to fail on debian. Fixes #58195 (#58195) +- update salt.module.schedule to check the job_args and job_kwargs for valid formatting. (#58329) +- Allowe use of `roster` in salt.function state when using the SSH client. (#58662) +- Detect new and legacy styles of calling module.run and support them both. (#58763) +- Clean repo uri before checking if it's present, avoiding ghost change. (#58807) +- Fix error "'__opts__' is not defined" when using the boto v2 modules (#58934) +- hgfs: fix bytes vs str issues within hgfs. (#58963) +- Fixes salt-ssh error when targetting IPs or hostnames directly. (#59033) +- Allow for multiple configuration entries with keyword strict_config=False on yum-based systems (#59090) +- Fixed error when running legacy code in winrepo.update_git_repos (#59101) +- Clarify the persist argument in the scheduler module. Adding code in the list function to indicate if the schedule job is saved or not. (#59102) +- Swap ret["retcode"] for ret.get("retcode") in the event that there is no retcode, eg. when a function is not passed with a module. (#59331) +- Fix race condition when caching vault tokens (#59361) +- The ssh module now accepts all ssh public key types as of openssh server version 8.7. (#59429) +- Set default transport and port settings for Napalm NXOS, if not set. (#59448) +- Use __salt_system_encoding__ when retrieving keystore certificate SHA1 str (#59503) +- Fix error being thrown on empty flags list given to file.replace (#59554) +- Update url for ez_setup.py script in virtualenv_mod.py (#59604) +- Changed yumpkg module to normalize versions to strings when they were ambiguously floats (example version=3005.0). (#59705) +- Fix pillar_roots.write on subdirectories broken after CVE-2021-25282 patch. (#59935) +- Improved performance of zfs.filesystem_present and zfs.volume_present. When + applying these states, only query specified ZFS properties rather than all + properties. (#59970) +- Fixed highstate outputter not displaying with salt.function in orchestration when module returns a dictionary. (#60029) +- Update docs where python-dateutil is required for schedule. (#60070) +- Send un-parsed username to LookupAccountName function (#60076) +- Fix ability to set propagation on a folder to "this_folder_only" (#60103) +- Fix name attribute access error in spm. (#60106) +- Fix zeromq stream.send exception message (#60228) +- Exit gracefully on ctrl+c. (#60242) +- Corrected import statement for redis_cache in cluster mode. (#60272) +- loader: Fix loading grains with annotations (#60285) +- fix docker_network.present when com.docker.network.bridge.name is being used as the unixes can not have a bridge of the same name (#60316) +- Fix exception in yumpkg.remove for not installed package on calling pkg.remove or pkg.removed (#60356) +- Batch runs now return proper retcodes in a tuple of the form (result, retcode) (#60361) +- Fixed issue with ansible roster __virtual__ when ansible is not installed. (#60370) +- Fixed error being thrown when None was passed as src/defaults or dest to defaults.update and defaults.merge (#60431) +- Allow for additional options for xmit hash policy in mode 4 NIC bonding on Redhat (#60583) +- Properly detect VMware grains on Windows Server 2019+ (#60593) +- Allow for minion failure to respond to job sent in batch mode (#60724) +- The mac assistive execution module no longer shells out to change the database. (#60819) +- Fix regression in win_timezone.get_zone which failed to resolve specific timezones that begin or end with d/s/t/o/f/_ characters (#60829) +- The TCP transport resets it's unpacker on stream disconnects (#60831) +- Moving the call to the validate function earlier to ensure that beacons are in the right format before we attempt to do anything to the configuration. Adding a generic validation to ensure the beacon configuration is in the wrong format when a validation function does not exist. (#60838) +- Update the mac installer welcome and conclusion page, add docs for the salt-config tool (#60858) +- Fixed external node classifier not callable due to wrong parameter (#60872) +- Adjust Debian/Ubuntu package use of name 'ifenslave-2.6' to 'ifenslave' (#60876) +- Clear and update the Pillar Cache when running saltutil.refresh_pillar. This only affects users + that have `pillar_cache` set to True. If you do not want to clear the cache you can pass the kwarg + `clean_cache=False` to `saltutil.refresh_pillar`. (#60897) +- Handle the situation when apt repo lines have or do not have trailing slashes properly. (#60907) +- Fixed Python 2 syntax for Python 3, allow for view objects returned by dictionary keys() function (#60909) +- Fix REST CherryPY append the default permissions every request (#60955) +- Do not consider "skipped" targets as failed for "ansible.playbooks" states (#60983) +- Fix behavior for internal "_netlink_tool_remote_on" to filter results based on requested end (#61017) +- schedule.job_status module: Convert datetime objects into formatted strings (#61043) +- virt: don't crash if console doesn't have service or type attribute (#61054) +- Fixed conflict between importlib_metada from Salt and importlib.metadata from Python 3.10 (#61062) +- sys.argspec now works with pillar.get, vault.read_secret, and vault.list_secrets (#61084) +- Set virtual grain on FreeBSD EC2 instances (#61094) +- Fixed v3004 windows minion failing to open log file at C:\ProgramData\Salt Project\Salt\var\log\salt\minion (#61113) +- Correct returned result to False when an error exception occurs for pip.installed (#61117) +- fixed extend being too strict and wanting the system_type to exist when it is only needed for requisites. (#61121) +- Fixed bug where deserialization in script engine would throw an error after all output was read. (#61124) +- Adding missing import for salt.utils.beacons into beacons that were updated to use it. (#61135) +- added exception catch to salt.utils.vt.terminal.isalive(). (#61160) +- Re-factor transport to make them more plug-able (#61161) +- Remove max zeromq pinned version due to issues on FreeBSD (#61163) +- Fixing deltaproxy code to handle the situation where the control proxy is configured to control a proxy minion whose pillar data could not be loaded. (#61172) +- Prevent get_tops from performing a Set operation on a List (#61176) +- Make "state.highstate" to acts on concurrent flag. + Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution (#61188) +- Fix a failure with salt.utils.vault.make_request when namespace is not defined in the connection. (#61191) +- Fix race condition in `salt.utils.verify.verify_env` and ignore directories starting with dot (#61192) +- LGPO: Search for policies in a case-sensitive manner first, then fall back to non case-sensitive names (#61198) +- Fixed state includes in dynamic environments (#61200) +- Minimize the number of network connections minions to the master (#61247) +- Fix salt-call event.event with pillar or grains (#61252) +- Fixed failing dcs.compile_config where a successful compile errored with `AttributeError: 'list' object has no attribute 'get'`. (#61261) +- Make the salt.utils.win_dacl.get_name() function include the "NT Security" prefix for Virtual Accounts. Virtual Accounts can only be added with the fully qualified name. (#61271) +- Fixed tracebacks and print helpful error message when proxy_return = True but no platform or primary_ip set in NetBox pillar. (#61277) +- Ensure opts is included in pack for minion_mods and config loads opts from the named_context. (#61297) +- Added prefix length info for IPv6 addresses in Windows (#61316) +- Handle MariaDB 10.5+ SLAVE MONITOR grant (#61331) +- Fix secondary ip addresses being added to ip4_interfaces and ip6_interfaces at the same time (#61370) +- Do not block the deltaproxy startup. Wrap the call to the individual proxy initialization functions in a try...except, catching the exception, logging an error and moving onto the next proxy minion. (#61377) +- show_instance of hetzner cloud provider should enforce an action like the other ones (#61392) +- Fix Hetzner Cloud config loading mechanism (#61399) +- Sets correctly the lvm grain even when lvm's command execution outputs a WARNING (#61412) +- Use net instead of sc in salt cloud when restarting the salt service (#61413) +- Fix use_etag support in fileclient by removing case sensitivity of expected header (#61440) +- Expand environment variables in the root_dir registry key (#61445) +- Use salt.utils.path.readlink everywhere instead of os.readlink (#61458) +- Fix state_aggregate minion option not respected (#61478) +- Fixed wua.installed and wua.uptodate to return all changes, failures, and supersedences (#61479) +- When running with test=True and there are no changes, don't show that there are changes. (#61483) +- Fix issue with certutil when there's a space in the path to the certificate (#61494) +- Fix cmdmod not respecting config for saltenv (#61507) +- Convert Py 2'isms to Python 3, and add tests for set_filesystems on AIX (#61509) +- Fix tracebacks caused by missing block device type and wrong mode used for gzip.open while calling inspector.export (#61530) +- win_wua: Titles no longer limited to 40 characters (#61533) +- Fixed error when using network module on RHEL 8 due to the name of the service changing from "network" to "NetworkManager". (#61538) +- Allow symlink to be created even if source is missing on Windows (#61544) +- Print jinja error context on `UndefinedError`. Previously `jinja2.exceptions.UndefinedError` resulted in a `SaltRenderError` without source file context, unlike all of the other Jinja exceptions handled in `salt/utils/templates.py`. (#61553) +- Fix uptime on AIX systems when less than 24 hours (#61557) +- Fix issue with state.show_state_usage when a saltenv is not referenced in any topfile (#61614) +- Making the retry state system feature available when parallel is set to True. (#61630) +- modules/aptpkg.SourceEntry: fix parsing lines with arbitrary comments in case HAS_APT=False (#61632) +- Fix file.comment incorrectly reports changes in test mode (#61662) +- Fix improper master caching of file listing in multiple dynamic environments (#61738) +- When configured beacons are empty write an empty beacon configuration file. (#61741) +- Fix file.replace updating mtime with no changes (#61743) +- Fixed etcd_return being out of sync with the underlying etcd_util. (#61756) +- Fixing items, values, and keys functions in the data module. (#61812) +- Ensure that `salt://` URIs never contain backslashes, converting them to forward slashes instead. A specific situation to handle is caching files on Windows minions, where Jinja relative imports introduce a backslash into the path. (#61829) +- Do not raise a UnicodeDecodeError when pillar cache cannot decode binary data. (#61836) +- Don't rely on ``importlib.metadata``, even on Py3.10, use ``importlib_metadata`` instead. (#61839) +- Fix the reporting of errors for file.directory in test mode (#61846) +- Update Markup and contextfunction imports for jinja versions >=3.1. (#61848) +- Update states.chef for version 16.x and 17.x Chef Infra Client output. (#61891) +- Fixed some whitespace and ``pathlib.Path`` issues when not using the sytem ``aptsources`` package. (#61936) +- fixed error when using backslash literal in file.replace (#61944) +- Fix an issue where under spawning platforms, one could exhaust the available multiprocessing semaphores. (#61945) +- Fix salt-cloud sync_after_install functionality (#61946) +- Ensure that `common_prefix` matching only occurs if a directory name is identified (in the `archive.list` execution module function, which affects the `archive.extracted` state). (#61968) +- When states are running in parallel, ensure that the total run time produced by the highstate outputter takes that into account. (#61999) +- Temporary logging is now shutdown when logging has been configured. (#62005) +- modules/lxd.FilesManager: fix memory leak through pylxd.modules.container.Container.FilesManager (#62006) +- utils/jinja.SaltCacheLoader: fix leaking SaltCacheLoader through atexit.register (#62007) +- Fixed errors on calling `zabbix_user.admin_password_present` state, due to changed error message in Zabbix 6.0 + Fixed `zabbix.host_update` not mapping group ids list to list of dicts in format `[{"groupid": groupid}, ...]` + Fixed `zabbix.user_update` not mapping usergroup id list to list of dicts in format `[{"usrgrpid": usrgrpid}, ...]` (#62012) +- utils/yamlloader and yamlloader_old: fix leaking DuplicateKeyWarning through a warnings module (#62021) +- Fix cache checking for Jinja templates (#62042) +- Fixed salt.states.file.managed() for follow_symlinks=True and test=True (#62066) +- Stop trigering the `GLIBC race condition `_ when parallelizing the resolution of the fqnds. (#62071) +- Fix useradd functions hard-coded relative command name (#62087) +- Fix #62092: Catch zmq.error.ZMQError to set HWM for zmq >= 3. + + Run ``git show 0be0941`` for more info. (#62092) +- Allow emitatstartup to work when delay option is setup. (#62095) +- Fix broken relative jinja includes in local mode bug introduced in #62043 (#62117) +- Fix broken file.comment functionality introduced in #62045 (#62121) +- Fixed an incompatibility preventing salt-cloud from deploying VMs on Proxmox VE 7 (#62154) +- Fix sysctl functions hard-coded relative command name (#62164) +- All of Salt's loaders now accept ``loaded_base_name`` as a keyword argument, allowing different namespacing the loaded modules. (#62186) +- Only functions defined on the modules being loaded will be added to the lazy loader, functions imported from other modules, unless they are properly namespaced, are not included. (#62190) +- Fixes issue in postgresql privileges detection: privileges on views were never retrieved and always recreated. (#57690) +- Fix service.enabled error for unavailable service in test mode (#62258) +- Fix variable reuse causing requisite_in problems (#62264) +- Adding -G option to pkgdd cmd_prefix list when current_zone_only is True. (#62206) +- Don't expect ``lsof`` to be installed when trying check which minions are connected. (#62303) +- Added a pyinstaller hook that traverses the python used on the tiamat package to add all possible modules as hidden imports. (#62362) +- Fix use of random shuffle and sample functions as Jinja filters (#62372) +- All of the requirements provided in the requirements files are now included. The job of evaluating platform markers is not Salt's it's pip's. (#62392) +- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x (#62400) +- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. (#62405) +- Fixed urlparse typo in rpmbuild_pkgbuild.py (#62442) +- Fixing changes dict in pkg state to be consistent when installing and test=True. (#60995) +- Use fire_event_async when expecting a coroutine (#62453) +- Fixes import error under windows. (#62459) +- account for revision number in formulas to account for difference between bottle and formula (#62466) +- Fixed stacktrace on Windows when running pkg.list_pkgs (#62479) +- Update sanitizing masking for Salt SSH to include additional password like strings. (#62483) +- Fixes an issue where the minion could not connect to a master after 2 failed attempts (#62489) + + +Added +----- + +- Added ability to request VPC peering connections in different AWS regions (boto_vpc). (#50394) +- Added event return capability to Splunk returner (#50815) +- Added allow downgrades support to apt upgrade (#52977) +- added new grain for metadata to handle googles metadata differences (#53223) +- Added win_shortcut execution and state module that does not prepend the current working directory to paths. Use shortcut.create and shortcut.present instead of file.shortcut. (#53706) +- Add __env__ substitution inside file and pillar root paths (#55747) +- Added support cpu hot add/remove, memory hot add, and nested virtualization to VMware salt-cloud driver. (#56144) +- Add a consul state module with acl_present and acl_absent functions. (#58101) +- Added restconf module/states/proxy code for network device automation (#59006) +- Adds the ability to get version information from a file on Windows systems (#59702) +- Add aptkey=False kwarg option to the aptpkg.py module and pkgrepo state. Apt-key is on the path to be deprecated. This will allow users to not use apt-key to manage the repo keys. It will set aptkey=False automatically if it does not detect apt-key exists on the machine. (#59785) +- Added "Instant Clone" feature in the existing VMware Cloud module (#60004) +- Added support for etcd API v3 (#60325) +- Added `pkg.held` and `pkg.unheld` state functions for Zypper, YUM/DNF and APT. Improved `zypperpkg.hold` and `zypperpkg.unhold` functions. (#60432) +- Added suse_ip module allowing to manage network interfaces on SUSE based Linux systems (#60702) +- Support querying for JSON data in SQL external pillar (#60905) +- Added support for yum and dnf on AIX (#60912) +- Added percent success/failure of state runs in highstate summary output via new state_output_pct option (#60990) +- Add support for retrieve IP-address from qemu agent by Salt-cloud on Proxmox (#61146) +- Added new shortcut execution and state module to better handle UNC shortcuts and to test more thoroughly (#61170) +- added yamllint utils module and yaml execution modules (#61182) +- Add "--no-return-event" option to salt-call to prevent sending return event back to master. (#61188) +- Add Etag support for file.managed web sources (#61270) +- Adding the ability to add, delete, purge, and modify Salt scheduler jobs when the Salt minion is not running. (#61324) +- Added a force option to file.symlink to overwrite an existing symlink with the same name (#61326) +- `gpg_decrypt_must_succeed` config to prevent gpg renderer from failing silently (#61418) +- Do not load a private copy of `__grains__` and `__salt__` for the sentry log handler if it is disabled. (#61484) +- Add Jinja filters for itertools functions, flatten, and a state template workflow (#61502) +- Add feature to allow roll-up of duplicate IDs with different names in highstate output (#61549) +- Allow cp functions to derive saltenv from config if not explicitly set (#61562) +- Multiprocessing logging no longer uses multiprocessing queues which penalized performance. + + Instead, each new process configures the terminal and file logging, and also any external logging handlers configured. (#61629) +- Add a function to the freezer module for comparison of packages and repos in two frozen states (#61682) +- Add grains_refresh_pre_exec option to allow grains to be refreshed before any operation (#61708) +- Add possibility to pass extra parameters to salt-ssh pre flight script with `ssh_pre_flight_args` (#61715) +- Add Etag support for archive.extracted web sources (#61763) +- Add regex exclusions, full path matching, symlink following, and mtime/ctime comparison to file.tidied (#61823) +- Add better handling for unit abbreviations and large values to salt.utils.stringutils.human_to_bytes (#61831) +- Provide PyInstaller hooks that provide some runtime adjustments when Salt is running from a Tiamat(PyInstaller) bundled package. (#61864) +- Add configurable tiamat pip pypath location (#61937) +- Add CNAME record support to the dig exec module (#61991) +- Added support for changed user object in Zabbix 5.4+ + Added compatibility with Zabbix 4.0+ for `zabbix.user_getmedia` method + Added support for setting medias in `zabbix.user_update` for Zabbix 3.4+ (#62012) +- Add ignore_missing parameter to file.comment state (#62044) +- General improvements on the "ansiblegate" module: + * Add "ansible.targets" method to gather Ansible inventory + * Add "ansible.discover_playbooks" method to help collecting playbooks + * Fix crash when running Ansible playbooks if ansible-playbook CLI output is not the expected JSON. + * Fix issues when processing inventory and there are groups with no members. + * Allow new types of targets for Ansible roster (#60056) +- Add sample and shuffle functions from random (#62225) +- Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime (#62381) + + +## Salt 3004.2 (2022-05-12) + +### Fixed + +- Expand environment variables in the root_dir registry key (#61445) +- Update Markup and contextfunction imports for jinja versions >=3.1. (#61848) +- Fix bug in tcp transport (#61865) +- Make sure the correct key is being used when verifying or validating communication, eg. when a Salt syndic is involved use syndic_master.pub and when a Salt minion is involved use minion_master.pub. (#61868) + + +### Security + +- Fixed PAM auth to reject auth attempt if user account is locked. (cve-2022-22967) + + +## Salt 3004.1 (2022-02-16) + +### Security + +- Sign authentication replies to prevent MiTM (cve-2022-22935) +- Prevent job and fileserver replays (cve-2022-22936) +- Sign pillar data to prevent MiTM attacks. (cve-2202-22934) +- Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) (#60413) +- Fix denial of service in junos ifconfig output parsing. + + +## Salt 3004 (2021-10-11) + +### Removed - Removed the deprecated glance state and execution module in favor of the glance_image state module and the glanceng execution module. (#59079) @@ -20,8 +1796,7 @@ Removed - Removed deprecated virt.migrate_non_shared, virt.migrate_non_shared_inc, ssh from virt.migrate, and python2/python3 args from salt.utils.thin.gen_min and .gen_thin (#60893) -Deprecated ----------- +### Deprecated - The _ext_nodes alias to the master_tops function was added back in 3004 to maintain backwards compatibility with older supported versions. This alias will now be removed in 3006. This change will break Master and Minion communication compatibility with Salt minions running versions 3003 and lower. (#60980) - utils/boto3_elasticsearch is no longer needed (#59882) @@ -29,8 +1804,7 @@ Deprecated - Deprecate `salt.payload.Serial` (#60953) -Changed -------- +### Changed - Changed nginx.version to return version without `nginx/` prefix. (#57111) - Updated Slack webhook returner to support event returns on salt-master (#57182) @@ -39,8 +1813,7 @@ Changed - Changed the default character set used by `utils.pycrypto.secure_password()` to include symbols and implemented arguments to control the used character set. (#59486) -Fixed ------ +### Fixed - Set default 'bootstrap_delay' to 0 (#61005) - Fixed issue where multiple args to netapi were not preserved (#59182) @@ -194,27 +1967,47 @@ Added - Allow a user to use the aptpkg.py module without installing python-apt. (#60818) -Salt 3003.3 (2021-08-20) -======================== +## Salt 3003.5 (2022-07-05) -Fixed ------ +### Fixed + +- Update Markup and contextfunction imports for jinja versions >=3.1. (#61848) +- Fix bug in tcp transport (#61865) +- Make sure the correct key is being used when verifying or validating communication, eg. when a Salt syndic is involved use syndic_master.pub and when a Salt minion is involved use minion_master.pub. (#61868) + + +### Security + +- Fixed PAM auth to reject auth attempt if user account is locked. (cve-2022-22967) + + +## Salt 3003.4 (2022-02-25) + +### Security + +- Sign authentication replies to prevent MiTM (cve-2022-22935) +- Prevent job and fileserver replays (cve-2022-22936) +- Sign pillar data to prevent MiTM attacks. (cve-2202-22934) +- Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) (#60413) +- Fix denial of service in junos ifconfig output parsing. + + +## Salt 3003.3 (2021-08-20) + +### Fixed - Fix issue introduced in https://github.com/saltstack/salt/pull/59648 (#60046) -Security --------- +### Security - Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) - Ensure that sourced file is cached using its hash name (cve-2021-21996) -Salt 3003.2 (2021-07-29) -======================== +## Salt 3003.2 (2021-07-29) -Fixed ------ +### Fixed - Periodically restart the fileserver update process to avoid leaks (#50313) - Add ssh_timeout to kwargs in deploy_script (#59901) @@ -225,17 +2018,14 @@ Fixed - Ignore configuration for 'enable_fqdns_grains' for AIX, Solaris and Juniper, assume False (#60529) -Salt 3003.1 (2021-06-08) -======================== +## Salt 3003.1 (2021-06-08) -Fixed ------ +### Fixed - Import salt.utils.azurearm instead of using __utils__ from loader in azure cloud. This fixes an issue where __utils__ would become unavailable when we are using the ThreadPool in azurearm. (#59744) - Use contextvars library from site-packages if it is intalled. Fixes salt ssh for targets with python <=3.6 (#59942) -Fixed ------ +### Fixed - Fixed race condition in batch logic. Added `listen` option to `LocalClient` to prevent event subscriber from purging cached events during batch iteration. (#56273) - Fixed dependencies for Amazon Linux 2 on https://repo.saltproject.io since Amazon Linux 2 now provides some of the python libraries in their repos. (#59982) @@ -246,11 +2036,9 @@ Fixed - Pass the value of the `__grains__` NamedContext to salt.pillar.get_pillar, instead of the NamedContext object itself. (#59975) - Fix pillar serialization in jinja templates (#60083) -Salt 3003 (2021-03-05) -====================== +## Salt 3003 (2021-03-05) -Removed -------- +### Removed - Removed the deprecated glance state and execution module in favor of the glance_image state module and the glanceng execution module. (#59079) @@ -260,13 +2048,11 @@ Removed - Removed support for Ubuntu 16.04 (#59913) -Deprecated ----------- +### Deprecated - Added deprecation warning for grains.get_or_set_hash (#59425) -Changed -------- +### Changed - Change `brew cask --list` to `brew list --cask` (#58381) - Store git sha in salt/_version.py when installing from a tag so it can be found if needed later. (#59137) @@ -274,8 +2060,7 @@ Changed - Updating the pkg beacon to fire the events when there are upgrades to packages, but also when watched packages are installed or removed. Breaking out the logic for listing pkgs from context into a separate function to aid in testing. Updating tests to ensure context is not used when use_context option to list_pkgs is False. (#59463) -Fixed ------ +### Fixed - When instantiating the loader grab values of grains and pillars if they are NamedLoaderContext instances. (#59773) @@ -414,32 +2199,54 @@ Added metadata for a package by extracting library requirement information from the binary ELF files in the package. (#59569) -Salt 3002.7 (2021-08-20) -======================== -Fixed ------ +## Salt 3002.9 (2022-05-25) + +### Fixed + +- Fixed an error when running on CentOS Stream 8. (#59161) +- Fix bug in tcp transport (#61865) +- Make sure the correct key is being used when verifying or validating communication, eg. when a Salt syndic is involved use syndic_master.pub and when a Salt minion is involved use minion_master.pub. (#61868) + + +### Security + +- Fixed PAM auth to reject auth attempt if user account is locked. (cve-2022-22967) + + +## Salt 3002.8 (2022-02-25) + +### Security + +- Sign authentication replies to prevent MiTM (cve-2020-22935) +- Sign pillar data to prevent MiTM attacks. (cve-2022-22934) +- Prevent job and fileserver replays (cve-2022-22936) +- Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) (#60413) + + + +## Salt 3002.7 (2021-08-20) + +### Fixed - Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) -Security --------- +### Security - Fix the CVE-2021-31607 vulnerability Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) - Ensure that sourced file is cached using its hash name (cve-2021-21996) -Salt 3002.6 (2021-03-10) -======================== -Changed -------- +## Salt 3002.6 (2021-03-10) + +### Changed - Store git sha in salt/_version.py when installing from a tag so it can be found if needed later. (#59137) -Fixed ------ + +### Fixed - Fix argument injection bug in restartcheck.restartcheck. This change hardens the fix for CVE-2020-28243. (#200) @@ -448,29 +2255,23 @@ Fixed - Allow all ssh kwargs as sanitized kwargs for SSH client. (#59748) -Salt 3002.5 (2021-02-25) -======================== +## Salt 3002.5 (2021-02-25) -Fixed ------ +### Fixed - Tests and fix for CVE-2021-25283 -Salt 3002.4 (2021-02-05) -======================== +## Salt 3002.4 (2021-02-05) -Fixed ------ +### Fixed - Fix runners that broke when patching for CVE-2021-25281 - Fix issue with runners in SSE -Salt 3002.3 (2021-01-25) -======================== +## Salt 3002.3 (2021-01-25) -Fixed ------ +### Fixed - CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243) - CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server @@ -493,12 +2294,10 @@ Fixed - CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided by cli and netapi. (CVE-2021-3197) -Salt 3002.2 (2020-11-16) -======================== - -Fixed ------ +## Salt 3002.2 (2020-11-16) +### Fixed +- Fix server core grains issue when running inside a windows container (#59611) - Change dict check to isinstance instead of type() for key_values in file.keyvalue. (#57758) - Fail when func_ret is False when using the new module.run syntax. (#57768) - Fix comparison of certificate values (#58296) @@ -518,11 +2317,9 @@ Fixed - Revert LazyLoader finalizer. Removed the weakref.finalizer code. On some occasions, the finalized would run when trying to load a new module, firing a race condition. (#58947) -Salt 3002.1 (2020-10-26) -======================== +## Salt 3002.1 (2020-10-26) -Fixed ------ +### Fixed - Prevent shell injections in netapi ssh client (cve-2020-16846) - Prevent creating world readable private keys with the tls execution module. (cve-2020-17490) @@ -531,11 +2328,9 @@ Fixed Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592) -Salt 3002 (2020-10-19) -====================== +## Salt 3002 (2020-10-19) -Removed -------- +### Removed - removed boto_vpc.describe_route_table please use boto_vpc.describe_route_tables (#58636) - removed show_ipv4 arg from all functions in from salt.runners.manage (#58638) @@ -546,14 +2341,12 @@ Removed - deprecated opts default argument of none and removed deprecation warnings (#58635) -Deprecated ----------- +### Deprecated - The `ssh` parameter of `virt.migrate` has been deprecated. Use a libvirt URI `target` value instead. Both `virt.migrate_non_shared` and `virt.migrate_non_shared_inc` have been deprecated. Use the `copy_storage` parameter with `virt.migrate` instead. (#57947) -Changed -------- +### Changed - Allow specifying a custom port for Proxmox connection (#50620) - Changed the lvm.lv_present state to accept a resizefs switch. So, when @@ -569,8 +2362,7 @@ Changed arguments. ``formatter`` is still supported, but using both ``serializer`` and ``formatter`` will cause the state to fail. (#57858) -Fixed ------ +### Fixed - `file.read` exec module function no longer fails on binary data. (#58033) - Remove py2 support from winrepo execution module and runner (#58596) @@ -759,30 +2551,25 @@ Added This flag will be deprecated in the Phosphorus release when this functionality becomes the default. (#58652) -Salt 3001.8 (2021-08-20) -======================== +## Salt 3001.8 (2021-08-20) Version 3001.8 is a bug fix release for :ref:`3001 `. -Fixed ------ +### Fixed - Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) -Security --------- +### Security - Fix the CVE-2021-31607 vulnerability Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) - Ensure that sourced file is cached using its hash name (cve-2021-21996) -Salt 3001.7 (2021-03-10) -======================== +## Salt 3001.7 (2021-03-10) -Fixed ------ +### Fixed - Fix argument injection bug in restartcheck.restartcheck. This change hardens the fix for CVE-2020-28243. (#200) @@ -790,20 +2577,16 @@ Fixed Fix regression on "cmd.run" when passing tuples as cmd. (#59664) - Allow all ssh kwargs as sanitized kwargs for SSH client. (#59748) -Salt 3001.6 (2021-02-09) -======================== +## Salt 3001.6 (2021-02-09) -Fixed ------ +### Fixed - Fix runners that broke when patching for CVE-2021-25281 - Fix issue with runners in SSE -Salt 3001.5 -=========== +## Salt 3001.5 -Fixed ------ +### Fixed - CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243) - CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server @@ -827,39 +2610,31 @@ Fixed by cli and netapi. (CVE-2021-3197) -Salt 3001.4 -=========== +## Salt 3001.4 -Fixed ------ +### Fixed - Fixes salt-ssh authentication when using tty (#58922) -Salt 3001.3 -=========== +## Salt 3001.3 -Fixed ------ +### Fixed - Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592) -Salt 3001.2 -=========== +## Salt 3001.2 -Fixed ------ +### Fixed - Prevent shell injections in netapi ssh client (cve-2020-16846) - Prevent creating world readable private keys with the tls execution module. (cve-2020-17490) -Salt 3001.1 (2020-07-27) -======================== +## Salt 3001.1 (2020-07-27) -Changed -------- +### Changed - Change the ``enable_fqdns_grains`` setting to default to ``False`` on Windows to address some issues with slowness. (#56296, #57529) @@ -871,8 +2646,7 @@ Changed - Updated requirement to PyYAML 5.3.1 due to vulnerability in PyYAML 5.2.1. (#58019) -Fixed ------ +### Fixed - When running scheduled jobs from a proxy minion with multiprocessing turned off (default) a recursive error occurs as __pub_fun_args is repeated over and over again in the kwargs element in the data dictionary. Now we make a copy of data['kwargs'] instead of using a reference. (#57941) - The `x509.certificate_managed` state no longer triggers a change because of sorting issues if the certificate being evaluated was previously generated under Python 2. (#56556) @@ -920,11 +2694,9 @@ Added - Added docs demonstrating how to apply an MSI patch with winrepo (#32780) -Salt 3001 (2020-06-17) -====================== +## Salt 3001 (2020-06-17) -Removed -------- +### Removed - Removed long-deprecated `repo` option from pip state. (#51060) - Removed noisy debug logging from config.get. (#54205) @@ -943,8 +2715,7 @@ Removed - Remove salt/utils/vt.py duplication from filename map. (#57004) -Changed -------- +### Changed - `file.rename` no longer returns False when `force:False`. (#49843) - Brought localclient command line args functionality into line with regular `salt` calls. (#56853) @@ -971,8 +2742,7 @@ Changed - Update `formulas.rst` with new IRC channel and links to IRC logs (#51628) -Fixed ------ +### Fixed - `pkgrepo.managed` now checks for a changed `key_url`. (#4438) - Allow passing extra args to `file.rename`. (#29001) @@ -1281,11 +3051,9 @@ Added - [#56637](https://github.com/saltstack/salt/pull/56637) - Add ``win_wua.installed`` to the ``win_wua`` execution module - Clarify how to get the master fingerprint (#54699) -Salt 3000.9 (2021-03-10) -======================== +## Salt 3000.9 (2021-03-10) -Fixed ------ +### Fixed - Allow "extra_filerefs" as sanitized kwargs for SSH client. Fix regression on "cmd.run" when passing tuples as cmd. (#59664) @@ -1293,20 +3061,16 @@ Fixed - Fix argument injection bug in restartcheck.restartcheck. This change hardens the fix for CVE-2020-28243. -Salt 3000.8 (2021-02-09) -======================== +## Salt 3000.8 (2021-02-09) -Fixed ------ +### Fixed - Fix runners that broke when patching for CVE-2021-25281 - Fix issue with runners in SSE -Salt 3000.7 -=========== +## Salt 3000.7 -Fixed ------ +### Fixed - CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243) - CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server @@ -1329,35 +3093,29 @@ Fixed - CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided by cli and netapi. (CVE-2021-3197) -Salt 3000.6 -=========== +## Salt 3000.6 -Fixed ------ +### Fixed - Fixes salt-ssh authentication when using tty (#58922) -Salt 3000.5 -=========== +## Salt 3000.5 -Fixed ------ +### Fixed - Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592) -Salt 3000.4 -=========== +## Salt 3000.4 -Fixed ------ +### Fixed - Prevent shell injections in netapi ssh client (cve-2020-16846) - Prevent creating world readable private keys with the tls execution module. (cve-2020-17490) -### 3000.3 +## 3000.3 ### Fixed - [#57100](https://github.com/saltstack/salt/pull/57100) - Address Issues in CVE Release @@ -1385,13 +3143,13 @@ Fixed ### Changed - [#56730](https://github.com/saltstack/salt/pull/56730) - Backport #52992 -### 3000.2 +## 3000.2 ### Fixed - [#56987](https://github.com/saltstack/salt/pull/56987) - CVE fix -### 3000.1 +## 3000.1 ### Fixed @@ -1428,7 +3186,7 @@ Fixed ### Added -### 3000 - Neon [2020-02-10] +## 3000 - Neon [2020-02-10] ### Removed diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index bc9a6bf0d66..5903a856723 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -2,34 +2,33 @@ Contributing ============ - So you want to contribute to the Salt project? Excellent! You can help in a number of ways: -- Using Salt and opening well-written bug reports. -- Joining a `working group `__. -- Answering questions on `irc `__, +- Use Salt and open well-written bug reports. +- Join a `working group `__. +- Answer questions on `irc `__, the `community Slack `__, the `salt-users mailing list `__, `Server Fault `__, or `r/saltstack on Reddit `__. -- Fixing bugs. -- `Enhancing the documentation `__. -- Providing workarounds, patches, or other code without tests. -- Telling other people about problems you solved using Salt. +- Fix bugs. +- `Improve the documentation `__. +- Provide workarounds, patches, or other code without tests. +- Tell other people about problems you solved using Salt. -If you’d like to update docs or fix an issue, you’re going to need the +If you'd like to update docs or fix an issue, you're going to need the Salt repo. The best way to contribute is using `Git `__. -Environment Setup ------------------ -To hack on Salt or the docs you’re going to need to set up your -development environment. If you already have a workflow that you’re +Environment setup +================= +To hack on Salt or the docs you're going to need to set up your +development environment. If you already have a workflow that you're comfortable with, you can use that, but otherwise this is an opinionated -guide for setting up your dev environment. Follow these steps and you’ll +guide for setting up your dev environment. Follow these steps and you'll end out with a functioning dev environment and be able to submit your first PR. @@ -44,16 +43,15 @@ more about Git. One popular resource is the free online book `Learn Git in a Month of Lunches `__. -pyenv, Virtual Environments, and You ----------------------------------------- +pyenv, Virtual Environments, and you +------------------------------------ We recommend `pyenv `__, since it allows installing multiple different Python versions, which is important for testing Salt across all the versions of Python that we support. On Linux -~~~~~~~~ - +^^^^^^^^ Install pyenv: :: @@ -63,8 +61,7 @@ Install pyenv: git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv On Mac -~~~~~~ - +^^^^^^ Install pyenv using brew: :: @@ -93,11 +90,11 @@ version of Python: pyenv install 3.7.0 -If that fails, don’t panic! You’re probably just missing some build +If that fails, don't panic! You're probably just missing some build dependencies. Check out `pyenv common build problems `__. -Now that you’ve got your version of Python installed, you can create a +Now that you've got your version of Python installed, you can create a new virtual environment with this command: :: @@ -110,13 +107,13 @@ Then activate it: pyenv activate salt -Sweet! Now you’re ready to clone Salt so you can start hacking away! If +Sweet! Now you're ready to clone Salt so you can start hacking away! If you get stuck at any point, check out the resources at the beginning of this guide. IRC and Slack are particularly helpful places to go. -Get The Source! -~~~~~~~~~~~~~~~ +Get the source! +--------------- Salt uses the fork and clone workflow for Git contributions. See `Using the Fork-and-Branch Git Workflow `__ @@ -130,13 +127,13 @@ Clones are so shallow. Well, this one is anyway: git clone --depth=1 --origin salt https://github.com/saltstack/salt.git This creates a shallow clone of Salt, which should be fast. Most of the -time that’s all you’ll need, and you can start building out other +time that's all you'll need, and you can start building out other commits as you go. If you *really* want all 108,300+ commits you can -just run ``git fetch --unshallow``. Then go make a sandwich because it’s +just run ``git fetch --unshallow``. Then go make a sandwich because it's gonna be a while. -You’re also going to want to head over to GitHub and create your own -`fork of Salt `__. Once you’ve +You're also going to want to head over to GitHub and create your own +`fork of Salt `__. Once you've got that set up you can add it as a remote: :: @@ -144,16 +141,16 @@ got that set up you can add it as a remote: git remote add yourname If you use your name to refer to your fork, and ``salt`` to refer to the -official Salt repo you’ll never get ``upstream`` or ``origin`` confused. +official Salt repo you'll never get ``upstream`` or ``origin`` confused. .. note:: Each time you start work on a new issue you should fetch the most recent changes from ``salt/upstream``. -``pre-commit`` and ``nox`` Setup -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Set up ``pre-commit`` and ``nox`` +--------------------------------- Here at Salt we use `pre-commit `__ and `nox `__ to make it easier for contributors to get quick feedback, for quality control, and to increase @@ -177,14 +174,12 @@ others. You can easily install them in your virtualenv with: Please ensure you export ``SKIP=pip-tools-compile`` to skip pip-tools-compile. Now before each commit, it will ensure that your code at least *looks* -right before you open a pull request. And with that step, it’s time to +right before you open a pull request. And with that step, it's time to start hacking on Salt! -.. _imagemagick-setup: - -``imagemagick`` Setup -~~~~~~~~~~~~~~~~~~~~~ +Set up imagemagick +------------------ One last prerequisite is to have ``imagemagick`` installed, as it is required by Sphinx for generating the HTML documentation. @@ -199,17 +194,17 @@ by Sphinx for generating the HTML documentation. sudo apt install imagemagick -Salt Issues ------------ +Salt issues +=========== -Create Your Own -~~~~~~~~~~~~~~~ +Create your own +--------------- -Perhaps you’ve come to this guide because you found a problem in Salt, -and you’ve diagnosed the cause. Maybe you need some help figuring out +Perhaps you've come to this guide because you found a problem in Salt, +and you've diagnosed the cause. Maybe you need some help figuring out the problem. In any case, creating quality bug reports is a great way to contribute to Salt even if you lack the skills, time, or inclination to -fix it yourself. If that’s the case, head on over to `Salt’s issue +fix it yourself. If that's the case, head on over to `Salt's issue tracker on GitHub `__. @@ -228,20 +223,20 @@ In a nutshell: - **Minimum**: All of the **extra** information has been removed. Will 2 or 3 lines of master/minion config still exhibit the behavior? - **Complete**: Minimum also means complete. If your example is missing - information, then it’s not complete. Salt, Python, and OS versions + information, then it's not complete. Salt, Python, and OS versions are all bits of information that make your example complete. Have you provided the commands that you ran? - **Verifiable**: Can someone take your report and reproduce it? -Slow is smooth, and smooth is fast - it may feel like you’re taking a -long time to create your issue if you’re creating a proper MCVE, but a +Slow is smooth, and smooth is fast - it may feel like you're taking a +long time to create your issue if you're creating a proper MCVE, but a MCVE eliminates back and forth required to reproduce/verify the issue so someone can actually create a fix. -Pick An Issue -~~~~~~~~~~~~~ +Pick an issue +------------- -If you don’t already have an issue in mind, you can search for `help +If you don't already have an issue in mind, you can search for `help wanted `__ issues. If you also search for `good first issue `__ @@ -249,17 +244,17 @@ then you should be able to find some issues that are good for getting started contributing to Salt. `Documentation issues `__ are also good starter issues. When you find an issue that catches your -eye (or one of your own), it’s a good idea to comment on the issue and -mention that you’re working on it. Good communication is key to -collaboration - so if you don’t have time to complete work on the issue, +eye (or one of your own), it's a good idea to comment on the issue and +mention that you're working on it. Good communication is key to +collaboration - so if you don't have time to complete work on the issue, just leaving some information about when you expect to pick things up again is a great idea! -Hacking Away ------------- +Hacking away +============ -Salt, Tests, Documentation, and You -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Salt, tests, documentation, and you +----------------------------------- Before approving code contributions, Salt requires: @@ -269,31 +264,81 @@ Before approving code contributions, Salt requires: Documentation fixes just require correct documentation. -What If I Don’t Write Tests or Docs? -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +What if I don't write tests or docs? +------------------------------------ -If you aren’t into writing documentation or tests, we still welcome your +If you aren't into writing documentation or tests, we still welcome your contributions! But your PR will be labeled ``Needs Testcase`` and ``Help Wanted`` until someone can get to write the tests/documentation. Of course, if you have a desire but just lack the skill we are more than -happy to collaborate and help out! There’s the `documentation working -group `__ and the `testing -working -group `__. +happy to collaborate and help out! There's the `documentation working +group `__ +and the `testing working group `__. We also regularly stream our test clinic `live on Twitch `__ every Tuesday afternoon -and Thursday morning, Central Time. If you’d like specific help with +and Thursday morning, Central Time. If you'd like specific help with tests, bring them to the clinic. If no community members need help, you can also just watch tests written in real time. -.. _docs-building: Documentation -~~~~~~~~~~~~~ +------------- Salt uses both docstrings, as well as normal reStructuredText files in the ``salt/doc`` folder for documentation. Sphinx is used to generate the -documentation, and does require :ref:`setting up imagemagick on your OS.` +documentation, and does require ``imagemagick``. See `Set up imagemagick`_ for +more information. + +Before submitting a documentation PR, it helps to first build the Salt docs +locally on your machine and preview them. Local previews helps you: + +- Debug potential documentation output errors before submitting a PR. +- Saves you time by not needing to use the Salt CI/CD test suite to debug, which takes + more than 30 minutes to run on a PR. +- Ensures the final output looks the way you intended it to look. + +To set up your local environment to preview the core Salt and module +documentation: + +#. Install the documentation dependencies. For example, on Ubuntu: + + :: + + sudo apt-get update + + sudo apt-get install -y enchant-2 git gcc imagemagick make zlib1g-dev libc-dev libffi-dev g++ libxml2 libxml2-dev libxslt-dev libcurl4-openssl-dev libssl-dev libgnutls28-dev xz-utils inkscape + +#. Navigate to the folder where you store your Salt repository and remove any + `.nox` directories that might be in that folder: + + :: + + rm -rf .nox + +#. Install `pyenv` for the version of Python needed to run the docs. As of the + time of writing, the Salt docs theme is not compatible with Python 3.10, so + you'll need to run 3.9 or earlier. For example: + + :: + + pyenv install 3.7.15 + pyenv virtualenv 3.7.15 salt-docs + echo 'salt-docs' > .python-version + +#. Activate `pyenv` if it's not auto-activated: + + :: + + pyenv exec pip install -U pip setuptools wheel + +#. Install `nox` into your pyenv environment, which is the utility that will + build the Salt documentation: + + :: + + pyenv exec pip install nox + + Since we use ``nox``, you can build your docs and view them in your browser with this one-liner: @@ -301,9 +346,9 @@ with this one-liner: python -m nox -e 'docs-html(compress=False, clean=False)'; cd doc/_build/html; python -m webbrowser http://localhost:8000/contents.html; python -m http.server -The first time this will take a while because there are a *lot* of -modules. Maybe you should go grab some dessert if you already finished -that sandwich. But once Sphinx is done building the docs, python should +The first time you build the docs, it will take a while because there are a +*lot* of modules. Maybe you should go grab some dessert if you already finished +that sandwich. But once nox and Sphinx are done building the docs, python should launch your default browser with the URL http://localhost:8000/contents.html. Now you can navigate to your docs and ensure your changes exist. If you make changes, you can simply run @@ -314,20 +359,29 @@ this: cd -; python -m nox -e 'docs-html(compress=False, clean=False)'; cd doc/_build/html; python -m http.server And then refresh your browser to get your updated docs. This one should -be quite a bit faster since Sphinx won’t need to rebuild everything. +be quite a bit faster since Sphinx won't need to rebuild everything. + +Alternatively, you could build the docs on your local machine and then preview +the build output. To build the docs locally: + +:: + + pyenv exec nox -e 'docs-html(compress=False, clean=True)' + +The output from this command will put the preview files in: ``doc > _build > html``. If your change is a docs-only change, you can go ahead and commit/push -your code and open a PR. You can indicate that it’s a docs-only change by -adding ``[Documentation]`` to the title of your PR. Otherwise you’ll +your code and open a PR. You can indicate that it's a docs-only change by +adding ``[Documentation]`` to the title of your PR. Otherwise, you'll want to write some tests and code. -Running Development Salt -~~~~~~~~~~~~~~~~~~~~~~~~ +Running development Salt +------------------------ Note: If you run into any issues in this section, check the Troubleshooting section. -If you’re going to hack on the Salt codebase you’re going to want to be +If you're going to hack on the Salt codebase you're going to want to be able to run Salt locally. The first thing you need to do is install Salt as an editable pip install: @@ -337,7 +391,7 @@ as an editable pip install: This will let you make changes to Salt without having to re-install it. -After all of the dependencies and Salt are installed, it’s time to set +After all of the dependencies and Salt are installed, it's time to set up the config for development. Typically Salt runs as ``root``, but you can specify which user to run as. To configure that, just copy the master and minion configs. We have .gitignore setup to ignore the @@ -397,35 +451,35 @@ from the minion instead: salt-call -c local/etc/salt test.version -Note that you’re running ``salt-call`` instead of ``salt``, and you’re -not specifying the minion (``\*``), but if you’re running the dev +Note that you're running ``salt-call`` instead of ``salt``, and you're +not specifying the minion (``\*``), but if you're running the dev version then you still will need to pass in the config dir. Now that -you’ve got Salt running, you can hack away on the Salt codebase! +you've got Salt running, you can hack away on the Salt codebase! -If you need to restart Salt for some reason, if you’ve made changes and -they don’t appear to be reflected, this is one option: +If you need to restart Salt for some reason, if you've made changes and +they don't appear to be reflected, this is one option: :: kill -INT $(pgrep salt-master) kill -INT $(pgrep salt-minion) -If you’d rather not use ``kill``, you can have a couple of terminals +If you'd rather not use ``kill``, you can have a couple of terminals open with your salt virtualenv activated and omit the ``--daemon`` argument. Salt will run in the foreground, so you can just use ctrl+c to quit. -Test First? Test Last? Test Meaningfully! -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Test first? Test last? Test meaningfully! +----------------------------------------- You can write tests first or tests last, as long as your tests are meaningful and complete! *Typically* the best tests for Salt are going to be unit tests. Testing is `a whole topic on its own `__, -But you may also want to write functional or integration tests. You’ll +But you may also want to write functional or integration tests. You'll find those in the ``salt/tests`` directory. -When you’re thinking about tests to write, the most important thing to +When you're thinking about tests to write, the most important thing to keep in mind is, “What, exactly, am I testing?†When a test fails, you should know: @@ -433,21 +487,21 @@ should know: - Why did it fail? - As much as possible, what do I need to do to fix this failure? -If you can’t answer those questions then you might need to refactor your +If you can't answer those questions then you might need to refactor your tests. -When you’re running tests locally, you should make sure that if you -remove your code changes your tests are failing. If your tests *aren’t* -failing when you haven’t yet made changes, then it’s possible that -you’re testing the wrong thing. +When you're running tests locally, you should make sure that if you +remove your code changes your tests are failing. If your tests *aren't* +failing when you haven't yet made changes, then it's possible that +you're testing the wrong thing. But whether you adhere to TDD/BDD, or you write your code first and your tests last, ensure that your tests are meaningful. -Running Tests -^^^^^^^^^^^^^ -As previously mentioned, we use ``nox``, and that’s how we run our +Running tests +------------- +As previously mentioned, we use ``nox``, and that's how we run our tests. You should have it installed by this point but if not you can install it with this: @@ -459,28 +513,48 @@ Now you can run your tests: :: - python -m nox -e "pytest-3.7(coverage=False)" -- tests/unit/cli/test_batch.py + python -m nox -e "test-3(coverage=False)" -- tests/unit/cli/test_batch.py -It’s a good idea to install +It's a good idea to install `espeak `__ or use ``say`` on -Mac if you’re running some long-running tests. You can do something like +Mac if you're running some long-running tests. You can do something like this: :: - python -m nox -e "pytest-3.7(coverage=False)" -- tests/unit/cli/test_batch.py; espeak "Tests done, woohoo!" + python -m nox -e "test-3(coverage=False)" -- tests/unit/cli/test_batch.py; espeak "Tests done, woohoo!" + +That way you don't have to keep monitoring the actual test run. + + +:: + + python -m nox -e "test-3(coverage=False)" -- --core-tests -That way you don’t have to keep monitoring the actual test run. +You can enable or disable test groups locally by passing their respected flag: -Changelog and Commit! -~~~~~~~~~~~~~~~~~~~~~ +* --no-fast-tests - Tests that are ~10s or faster. Fast tests make up ~75% of tests and can run in 10 to 20 minutes. +* --slow-tests - Tests that are ~10s or slower. +* --core-tests - Tests of any speed that test the root parts of salt. +* --flaky-jail - Test that need to be temporarily skipped. +In your PR, you can enable or disable test groups by setting a label. +All fast, slow, and core tests specified in the change file will always run. + +* test:no-fast +* test:core +* test:slow +* test:flaky-jail + + +Changelog and commit! +--------------------- When you write your commit message you should use imperative style. Do this: Add frobnosticate capability -Don’t do this: +Don't do this: Added frobnosticate capability @@ -489,50 +563,50 @@ But that advice is backwards for the changelog. We follow the our changelog, and use towncrier to generate it for each release. As a contributor, all that means is that you need to add a file to the ``salt/changelog`` directory, using the ``.`` format. For -instanch, if you fixed issue 123, you would do: +instance, if you fixed issue 123, you would do: :: echo "Made sys.doc inform when no minions return" > changelog/123.fixed -And that’s all that would go into your file. When it comes to your -commit message, it’s usually a good idea to add other information, such as +And that's all that would go into your file. When it comes to your +commit message, it's usually a good idea to add other information, such as - What does a reviewer need to know about the change that you made? -- If someone isn’t an expert in this area, what will they need to know? +- If someone isn't an expert in this area, what will they need to know? This will also help you out, because when you go to create the PR it will automatically insert the body of your commit messages. -PR Time! --------- -Once you’ve done all your dev work and tested locally, you should check +Pull request time! +------------------ +Once you've done all your dev work and tested locally, you should check out our `PR guidelines `__. -After you read that page, it’s time to `open a new +After you read that page, it's time to `open a new PR `__. Fill out the PR template - you should have updated or created any necessary docs, and -written tests if you’re providing a code change. When you submit your +written tests if you're providing a code change. When you submit your PR, we have a suite of tests that will run across different platforms to help ensure that no known bugs were introduced. -Now What? -~~~~~~~~~ -You’ve made your changes, added documentation, opened your PR, and have +Now what? +--------- +You've made your changes, added documentation, opened your PR, and have passing tests… now what? When can you expect your code to be merged? When you open your PR, a reviewer will get automatically assigned. If your PR is submitted during the week you should be able to expect some kind of communication within that business day. If your tests are -passing and we’re not in a code freeze, ideally your code will be merged -that day. If you haven’t heard from your assigned reviewer, ping them on -GitHub, `irc `__, or Community Slack. +passing and we're not in a code freeze, ideally your code will be merged +that week or month. If you haven't heard from your assigned reviewer, ping them +on GitHub, `irc `__, or Community Slack. -It’s likely that your reviewer will leave some comments that need +It's likely that your reviewer will leave some comments that need addressing - it may be a style change, or you forgot a changelog entry, -or need to update the docs. Maybe it’s something more fundamental - +or need to update the docs. Maybe it's something more fundamental - perhaps you encountered the rare case where your PR has a much larger scope than initially assumed. @@ -542,22 +616,23 @@ open for a significant period of time it may be worth rebasing your changes on the most recent changes to Salt. If you need help, the previously linked Git resources will be valuable. -But if, for whatever reason, you’re not interested in driving your PR to -completion then just note that in your PR. Something like, “I’m not +But if, for whatever reason, you're not interested in driving your PR to +completion then just note that in your PR. Something like, “I'm not interested in writing docs/tests, I just wanted to provide this fix - -someone else will need to complete this PR.†If you do that then we’ll +someone else will need to complete this PR.†If you do that then we'll add a “Help Wanted†label and someone will be able to pick up the PR, make the required changes, and it can eventually get merged in. -In any case, now that you have a PR open, congrats! You’re a Salt +In any case, now that you have a PR open, congrats! You're a Salt developer! You rock! + Troubleshooting ---------------- +=============== -zmq.core.error.ZMQError -~~~~~~~~~~~~~~~~~~~~~~~ +zmq.core.error.ZMQError +----------------------- Once the minion starts, you may see an error like the following:: :: @@ -576,9 +651,9 @@ length of this path. This can be done in a couple different ways: NOTE: The socket path is limited to 107 characters on Solaris and Linux, and 103 characters on BSD-based systems. -No permissions to access … -~~~~~~~~~~~~~~~~~~~~~~~~~~ +No permissions to access ... +---------------------------- If you forget to pass your config path to any of the ``salt*`` commands, you might see @@ -589,9 +664,9 @@ you might see Just pass ``-c local/etc/salt`` (or whatever you named it) -File descriptor limit -~~~~~~~~~~~~~~~~~~~~~ +File descriptor limit +--------------------- You might need to raise your file descriptor limit. You can check it with: @@ -607,12 +682,12 @@ If the value is less than 3072, you should increase it with: # For c-shell: limit descriptors 3072 -Pygit2 or other dependency install fails -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Pygit2 or other dependency install fails +---------------------------------------- You may see some failure messages when installing requirements. You can directly access your nox environment and possibly install pygit (or -other dependency) that way. When you run nox, you’ll see a message like +other dependency) that way. When you run nox, you'll see a message like this: :: diff --git a/LICENSE b/LICENSE index c803cb278d5..4da91d70a97 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright {yyyy} {name of copyright owner} + Copyright (c) 2011-2022 VMware, Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/MANIFEST.in b/MANIFEST.in index 239c8c32ee8..fd5d36cc3d1 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -6,6 +6,7 @@ include NOTICE include README.rst include SUPPORT.rst include run.py +include pyproject.toml include tests/*.py recursive-include tests * recursive-include requirements *.txt @@ -18,5 +19,7 @@ recursive-include conf * recursive-include pkg * recursive-include salt *.jinja recursive-include templates * +include salt/_version.txt include salt/templates/git/* include salt/templates/lxc/* +include salt/utils/pyinstaller/rthooks.dat diff --git a/NOTICE b/NOTICE new file mode 100644 index 00000000000..b29f29850bf --- /dev/null +++ b/NOTICE @@ -0,0 +1,13 @@ +Copyright 2012-2022 VMware, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/README.rst b/README.rst index 4fbd92ba2df..f5121f1a74d 100644 --- a/README.rst +++ b/README.rst @@ -36,47 +36,87 @@ * `Latest Salt Documentation`_ * `Open an issue`_ (bug report, feature request, etc.) -*Salt is the world’s fastest, most intelligent and scalable automation* +*Salt is the world's fastest, most intelligent and scalable automation* *engine.* About Salt ========== +Built on Python, Salt is an event-driven automation tool and framework to +deploy, configure, and manage complex IT systems. Use Salt to automate common +infrastructure administration tasks and ensure that all the components of your +infrastructure are operating in a consistent desired state. + +Salt has many possible uses, including configuration management, which involves: + +* Managing operating system deployment and configuration. +* Installing and configuring software applications and services. +* Managing servers, virtual machines, containers, databases, web servers, + network devices, and more. +* Ensuring consistent configuration and preventing configuration drift. + +Salt is ideal for configuration management because it is pluggable, +customizable, and plays well with many existing technologies. Salt enables you +to deploy and manage applications that use any tech stack running on nearly any +`operating system `_, +including different types of network devices such as switches and routers from a +variety of vendors. + +In addition to configuration management Salt can also: + +* Automate and orchestrate routine IT processes, such as common required tasks + for scheduled server downtimes or upgrading operating systems or applications. +* Create self-aware, self-healing systems that can automatically respond to + outages, common administration problems, or other important events. + + +About our sponsors +================== +Salt powers VMware's `vRealize Automation SaltStack Config`_, and can be found +under the hood of products from Juniper, Cisco, Cloudflare, Nutanix, SUSE, and +Tieto, to name a few. + +The original sponsor of our community, SaltStack, was `acquired by VMware in 2020 `_. +The Salt Project remains an open source ecosystem that VMware supports and +contributes to. VMware ensures the code integrity and quality of the Salt +modules by acting as the official sponsor and manager of the Salt project. Many +of the core Salt Project contributors are also VMware employees. This team +carefully reviews and enhances the Salt modules to ensure speed, quality, and +security. + + +Download and install Salt +========================= +Salt is tested and packaged to run on CentOS, Debian, RHEL, Ubuntu, MacOS, +Windows, and more. Download Salt and get started now. See +`supported operating systems `_ +for more information. -Built on python, Salt uses simple and human-readable YAML combined with -event-driven automation to deploy and configure complex IT systems. In addition -to leveling-up `vRealize Automation SaltStack Config`_, Salt can be found under -the hood of products from Juniper, Cisco, Cloudflare, Nutanix, SUSE, and Tieto, -to name a few. - -About SaltStack -=============== +To download and install Salt, see: +* `The Salt install guide `_ +* `Salt Project repository `_ -`SaltStack was acquired by VMware in 2020 `_. -Salt Project remains an open source ecosystem that VMware supports and -contributes to. -Download Salt -============= +Technical support +================= +Report bugs or problems using Salt by opening an issue: ``_ -Salt is tested and packaged to run on CentOS, Debian, RHEL, Ubuntu, MacOS, -Windows, and more. Download Salt and get started now. +To join our community forum where you can exchange ideas, best practices, +discuss technical support questions, and talk to project maintainers, join our +Slack workspace: `Salt Project Community Slack`_ -* ``_ -* `Installation Instructions `_ -Salt Project Documentation +Salt Project documentation ========================== +Installation instructions, tutorials, in-depth API and module documentation: -Installation instructions, getting started guides, in-depth API -documentation, and contributing to Salt. +* `The Salt install guide `_ +* `The Salt user guide `_ +* `Latest Salt documentation`_ +* `Salt's contributing guide `_ -* `Getting Started with Salt `_ -* `Latest Salt Documentation`_ -* `Salt’s Contributor Guide `_ -Security Advisories +Security advisories =================== - Keep an eye on the Salt Project `Security Announcements `_ landing page. Salt Project recommends subscribing to the @@ -86,17 +126,26 @@ announcements. Other channels to receive security announcements include the `Salt Community mailing list `_ -and the -`Salt Project Community Slack`_. +and the `Salt Project Community Slack`_. -Responsibly Reporting Security Vulnerabilities -++++++++++++++++++++++++++++++++++++++++++++++ +Responsibly reporting security vulnerabilities +++++++++++++++++++++++++++++++++++++++++++++++ When reporting security vulnerabilities for Salt or other SaltStack projects, refer to the `SECURITY.md`_ file found in this repository. -Engage the Salt Project and The Community -========================================= + +Join our community +================== +Salt is built by the Salt Project community, which includes more than 3,000 +contributors working in roles just like yours. This well-known and trusted +community works together to improve the underlying technology and extend Salt by +creating a variety of execution and state modules to accomplish the most common +tasks or solve the most important problems that people in your role are likely +to face. + +If you want to help extend Salt or solve a problem with Salt, you can join our +community and contribute today. Please be sure to review our `Code of Conduct `_. @@ -115,12 +164,12 @@ to the **Salt Project Community Events Calendar** on the main ``_ website. If you have additional questions, email us at saltproject@vmware.com or reach out -directly to the Community Manager, Janae Andrus via Slack. We’d be glad to +directly to the Community Manager, Jimmy Chunga via Slack. We'd be glad to have you join our community! + License ======= - Salt is licensed under the Apache 2.0 license. Please see the `LICENSE file `_ for the diff --git a/SUPPORT.rst b/SUPPORT.rst index 85673191059..bfe9d1cbeae 100644 --- a/SUPPORT.rst +++ b/SUPPORT.rst @@ -30,4 +30,3 @@ guidelines for filing bug reports: **SaltStack Support** - If you need dedicated, prioritized support, please consider a SaltStack Support package that fits your needs: ``_ - diff --git a/changelog/.template.jinja b/changelog/.template.jinja new file mode 100644 index 00000000000..0cf429a3b18 --- /dev/null +++ b/changelog/.template.jinja @@ -0,0 +1,15 @@ +{% if sections[""] %} +{% for category, val in definitions.items() if category in sections[""] %} + +### {{ definitions[category]['name'] }} + +{% for text, values in sections[""][category].items() %} +- {{ text }} {{ values|join(', ') }} +{% endfor %} + +{% endfor %} +{% else %} +No significant changes. + + +{% endif %} diff --git a/changelog/25721.fixed b/changelog/25721.fixed deleted file mode 100644 index bc070c8ce3c..00000000000 --- a/changelog/25721.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix SSH password regex to not search for content after password:. diff --git a/changelog/29562.fixed b/changelog/29562.fixed deleted file mode 100644 index e918c872c08..00000000000 --- a/changelog/29562.fixed +++ /dev/null @@ -1 +0,0 @@ -Addressing a few issues when having keep_symlinks set to True with file.recurse. Also allow symlinks that are outside the salt fileserver root to be discoverable as symlinks when fileserver_followsymlinks is set to False. diff --git a/changelog/35215.fixed b/changelog/35215.fixed deleted file mode 100644 index 7c08b3d6354..00000000000 --- a/changelog/35215.fixed +++ /dev/null @@ -1 +0,0 @@ -serialize to JSON only non string objects. diff --git a/changelog/48735.fixed b/changelog/48735.fixed deleted file mode 100644 index 44b785eec9b..00000000000 --- a/changelog/48735.fixed +++ /dev/null @@ -1 +0,0 @@ -Make sys.argspec work on functions with annotations diff --git a/changelog/49648.fixed b/changelog/49648.fixed deleted file mode 100644 index d8a62176c67..00000000000 --- a/changelog/49648.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed pdbedit.list_users with Samba 4.8 diff --git a/changelog/49835.fixed b/changelog/49835.fixed deleted file mode 100644 index e69cae73c51..00000000000 --- a/changelog/49835.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixes a scenario where ipv6 is enabled but the master is configured as an ipv4 IP address. diff --git a/changelog/50394.added b/changelog/50394.added deleted file mode 100644 index 8b4a4eedae9..00000000000 --- a/changelog/50394.added +++ /dev/null @@ -1 +0,0 @@ -Added ability to request VPC peering connections in different AWS regions (boto_vpc). \ No newline at end of file diff --git a/changelog/50815.added b/changelog/50815.added deleted file mode 100644 index 15fc647b28e..00000000000 --- a/changelog/50815.added +++ /dev/null @@ -1 +0,0 @@ -Added event return capability to Splunk returner diff --git a/changelog/50851.fixed b/changelog/50851.fixed deleted file mode 100644 index 37163c2626e..00000000000 --- a/changelog/50851.fixed +++ /dev/null @@ -1 +0,0 @@ -Ensure that NOTIFY_SOCKET is not passed to child processes created with cmdmod unless it's set explicitly for such call. diff --git a/changelog/51559.fixed b/changelog/51559.fixed deleted file mode 100644 index 0df32ca2888..00000000000 --- a/changelog/51559.fixed +++ /dev/null @@ -1 +0,0 @@ -remove escaping of dbname in mysql.alter_db function. diff --git a/changelog/52759.fixed b/changelog/52759.fixed deleted file mode 100644 index 819094ef697..00000000000 --- a/changelog/52759.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix runit module failing to find service if it is not symlinked. \ No newline at end of file diff --git a/changelog/52977.added b/changelog/52977.added deleted file mode 100644 index 95fb475def3..00000000000 --- a/changelog/52977.added +++ /dev/null @@ -1 +0,0 @@ -Added allow downgrades support to apt upgrade diff --git a/changelog/53223.added b/changelog/53223.added deleted file mode 100644 index 878fb5039db..00000000000 --- a/changelog/53223.added +++ /dev/null @@ -1 +0,0 @@ -added new grain for metadata to handle googles metadata differences diff --git a/changelog/53742.fixed b/changelog/53742.fixed deleted file mode 100644 index b66c121a4c1..00000000000 --- a/changelog/53742.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed events stream from /events endpoint not halting when auth token has expired. \ No newline at end of file diff --git a/changelog/53961.fixed b/changelog/53961.fixed deleted file mode 100644 index a5235eada7f..00000000000 --- a/changelog/53961.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed user.present which was breaking when updating workphone,homephone, fullname and "other" fields in case int was passed instead of string \ No newline at end of file diff --git a/changelog/53977.fixed b/changelog/53977.fixed deleted file mode 100644 index c6123f2ebd9..00000000000 --- a/changelog/53977.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix error in webutil state module when attempting to grep a file that does not exist. diff --git a/changelog/54301.fixed b/changelog/54301.fixed deleted file mode 100644 index daeee6e1fcb..00000000000 --- a/changelog/54301.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed ability to modify the "Audit: Force audit policy subcategory settings..." policy diff --git a/changelog/55394.fixed b/changelog/55394.fixed deleted file mode 100644 index 745d9cd8589..00000000000 --- a/changelog/55394.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix timeout handling in netapi/saltnado. diff --git a/changelog/55654.fixed b/changelog/55654.fixed deleted file mode 100644 index 748ab1727cf..00000000000 --- a/changelog/55654.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixing REST auth so that we actually support using ACLs from the REST server like we said in the documentation. diff --git a/changelog/55747.added b/changelog/55747.added deleted file mode 100644 index 390455eb361..00000000000 --- a/changelog/55747.added +++ /dev/null @@ -1 +0,0 @@ -Add __env__ substitution inside file and pillar root paths diff --git a/changelog/56055.removed b/changelog/56055.removed deleted file mode 100644 index d9d88db4697..00000000000 --- a/changelog/56055.removed +++ /dev/null @@ -1 +0,0 @@ -Deprecating and removing salt-unity. diff --git a/changelog/56144.added b/changelog/56144.added deleted file mode 100644 index ee11caee581..00000000000 --- a/changelog/56144.added +++ /dev/null @@ -1 +0,0 @@ -Added support cpu hot add/remove, memory hot add, and nested virtualization to VMware salt-cloud driver. diff --git a/changelog/57721.fixed b/changelog/57721.fixed deleted file mode 100644 index 9542e48e904..00000000000 --- a/changelog/57721.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed RuntimeError OrderedDict mutated in network.managed for Debian systems. diff --git a/changelog/57992.fixed b/changelog/57992.fixed deleted file mode 100644 index 88c86b964e2..00000000000 --- a/changelog/57992.fixed +++ /dev/null @@ -1 +0,0 @@ -fixed 57992 fix multi item kv v2 items read. diff --git a/changelog/58101.added b/changelog/58101.added deleted file mode 100644 index 2cb120710b1..00000000000 --- a/changelog/58101.added +++ /dev/null @@ -1 +0,0 @@ -Add a consul state module with acl_present and acl_absent functions. diff --git a/changelog/58195.fixed b/changelog/58195.fixed deleted file mode 100644 index d41c9391eaf..00000000000 --- a/changelog/58195.fixed +++ /dev/null @@ -1 +0,0 @@ -Remove unnecessary dot in template that cause the bridge interface to fail on debian. Fixes #58195 diff --git a/changelog/58329.fixed b/changelog/58329.fixed deleted file mode 100644 index 7250c516245..00000000000 --- a/changelog/58329.fixed +++ /dev/null @@ -1 +0,0 @@ -update salt.module.schedule to check the job_args and job_kwargs for valid formatting. diff --git a/changelog/58662.fixed b/changelog/58662.fixed deleted file mode 100644 index 5d225f59c88..00000000000 --- a/changelog/58662.fixed +++ /dev/null @@ -1 +0,0 @@ -Allowe use of `roster` in salt.function state when using the SSH client. diff --git a/changelog/58745.changed b/changelog/58745.changed deleted file mode 100644 index 969628d09dd..00000000000 --- a/changelog/58745.changed +++ /dev/null @@ -1 +0,0 @@ -alternatives: Do not access /var/lib/dpkg/alternatives directly diff --git a/changelog/58763.fixed b/changelog/58763.fixed deleted file mode 100644 index 53ee8304c08..00000000000 --- a/changelog/58763.fixed +++ /dev/null @@ -1 +0,0 @@ -Detect new and legacy styles of calling module.run and support them both. diff --git a/changelog/58963.fixed b/changelog/58963.fixed deleted file mode 100644 index a6e134b845c..00000000000 --- a/changelog/58963.fixed +++ /dev/null @@ -1 +0,0 @@ -hgfs: fix bytes vs str issues within hgfs. diff --git a/changelog/59033.fixed b/changelog/59033.fixed deleted file mode 100644 index 5d8d649091e..00000000000 --- a/changelog/59033.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixes salt-ssh error when targetting IPs or hostnames directly. diff --git a/changelog/59101.fixed b/changelog/59101.fixed deleted file mode 100644 index 01959a59491..00000000000 --- a/changelog/59101.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed error when running legacy code in winrepo.update_git_repos \ No newline at end of file diff --git a/changelog/59102.fixed b/changelog/59102.fixed deleted file mode 100644 index d248d0f1db7..00000000000 --- a/changelog/59102.fixed +++ /dev/null @@ -1 +0,0 @@ -Clarify the persist argument in the scheduler module. Adding code in the list function to indicate if the schedule job is saved or not. diff --git a/changelog/59331.fixed b/changelog/59331.fixed deleted file mode 100644 index 88ed01ff6f0..00000000000 --- a/changelog/59331.fixed +++ /dev/null @@ -1 +0,0 @@ -Swap ret["retcode"] for ret.get("retcode") in the event that there is no retcode, eg. when a function is not passed with a module. diff --git a/changelog/59429.fixed b/changelog/59429.fixed deleted file mode 100644 index 979a3d47172..00000000000 --- a/changelog/59429.fixed +++ /dev/null @@ -1 +0,0 @@ -The ssh module now accepts all ssh public key types as of openssh server version 8.7. diff --git a/changelog/59448.fixed b/changelog/59448.fixed deleted file mode 100644 index 18820046cf2..00000000000 --- a/changelog/59448.fixed +++ /dev/null @@ -1 +0,0 @@ -Set default transport and port settings for Napalm NXOS, if not set. diff --git a/changelog/59503.fixed b/changelog/59503.fixed deleted file mode 100644 index b39daf7de4f..00000000000 --- a/changelog/59503.fixed +++ /dev/null @@ -1 +0,0 @@ -Use __salt_system_encoding__ when retrieving keystore certificate SHA1 str diff --git a/changelog/59554.fixed b/changelog/59554.fixed deleted file mode 100644 index 6e0fb07631a..00000000000 --- a/changelog/59554.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix error being thrown on empty flags list given to file.replace diff --git a/changelog/59604.fixed b/changelog/59604.fixed deleted file mode 100644 index c7c44896655..00000000000 --- a/changelog/59604.fixed +++ /dev/null @@ -1 +0,0 @@ -Update url for ez_setup.py script in virtualenv_mod.py diff --git a/changelog/59935.fixed b/changelog/59935.fixed deleted file mode 100644 index 6eea3cc5ed6..00000000000 --- a/changelog/59935.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix pillar_roots.write on subdirectories broken after CVE-2021-25282 patch. diff --git a/changelog/59970.fixed b/changelog/59970.fixed deleted file mode 100644 index 4cdeaf682e6..00000000000 --- a/changelog/59970.fixed +++ /dev/null @@ -1,3 +0,0 @@ -Improved performance of zfs.filesystem_present and zfs.volume_present. When -applying these states, only query specified ZFS properties rather than all -properties. diff --git a/changelog/60004.added b/changelog/60004.added deleted file mode 100644 index f02f39e6ce9..00000000000 --- a/changelog/60004.added +++ /dev/null @@ -1 +0,0 @@ -Added "Instant Clone" feature in the existing VMware Cloud module diff --git a/changelog/60029.fixed b/changelog/60029.fixed deleted file mode 100644 index c8f56c4d475..00000000000 --- a/changelog/60029.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed highstate outputter not displaying with salt.function in orchestration when module returns a dictionary. \ No newline at end of file diff --git a/changelog/60103.fixed b/changelog/60103.fixed deleted file mode 100644 index 28d13d13020..00000000000 --- a/changelog/60103.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix ability to set propagation on a folder to "this_folder_only" diff --git a/changelog/60106.fixed b/changelog/60106.fixed deleted file mode 100644 index 70c45e77697..00000000000 --- a/changelog/60106.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix name attribute access error in spm. diff --git a/changelog/60242.fixed b/changelog/60242.fixed deleted file mode 100644 index 3eb6f9ded76..00000000000 --- a/changelog/60242.fixed +++ /dev/null @@ -1 +0,0 @@ -Exit gracefully on ctrl+c. \ No newline at end of file diff --git a/changelog/60285.fixed b/changelog/60285.fixed deleted file mode 100644 index 2f84ec92207..00000000000 --- a/changelog/60285.fixed +++ /dev/null @@ -1 +0,0 @@ -loader: Fix loading grains with annotations diff --git a/changelog/60356.fixed b/changelog/60356.fixed deleted file mode 100644 index b8990dd98e8..00000000000 --- a/changelog/60356.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix exception in yumpkg.remove for not installed package on calling pkg.remove or pkg.removed diff --git a/changelog/60361.fixed b/changelog/60361.fixed deleted file mode 100644 index fad476428a7..00000000000 --- a/changelog/60361.fixed +++ /dev/null @@ -1 +0,0 @@ -Batch runs now return proper retcodes in a tuple of the form (result, retcode) diff --git a/changelog/60370.fixed b/changelog/60370.fixed deleted file mode 100644 index e60aaab3cca..00000000000 --- a/changelog/60370.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed issue with ansible roster __virtual__ when ansible is not installed. diff --git a/changelog/60402.changed b/changelog/60402.changed deleted file mode 100644 index 6772c875ddd..00000000000 --- a/changelog/60402.changed +++ /dev/null @@ -1 +0,0 @@ -Enhance logging when there are errors at loading beacons diff --git a/changelog/60431.fixed b/changelog/60431.fixed deleted file mode 100644 index 731e7e7fb48..00000000000 --- a/changelog/60431.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed error being thrown when None was passed as src/defaults or dest to defaults.update and defaults.merge \ No newline at end of file diff --git a/changelog/60583.fixed b/changelog/60583.fixed deleted file mode 100644 index 8a6a5f94bf6..00000000000 --- a/changelog/60583.fixed +++ /dev/null @@ -1 +0,0 @@ -Allow for additional options for xmit hash policy in mode 4 NIC bonding on Redhat diff --git a/changelog/60724.fixed b/changelog/60724.fixed deleted file mode 100644 index 30c1fefdecf..00000000000 --- a/changelog/60724.fixed +++ /dev/null @@ -1 +0,0 @@ -Allow for minion failure to respond to job sent in batch mode diff --git a/changelog/60829.fixed b/changelog/60829.fixed deleted file mode 100644 index 743111082bd..00000000000 --- a/changelog/60829.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix regression in win_timezone.get_zone which failed to resolve specific timezones that begin or end with d/s/t/o/f/_ characters diff --git a/changelog/60838.fixed b/changelog/60838.fixed deleted file mode 100644 index 83c0ffedce6..00000000000 --- a/changelog/60838.fixed +++ /dev/null @@ -1 +0,0 @@ -Moving the call to the validate function earlier to ensure that beacons are in the right format before we attempt to do anything to the configuration. Adding a generic validation to ensure the beacon configuration is in the wrong format when a validation function does not exist. diff --git a/changelog/60858.fixed b/changelog/60858.fixed deleted file mode 100644 index 180e3831413..00000000000 --- a/changelog/60858.fixed +++ /dev/null @@ -1 +0,0 @@ -Update the mac installer welcome and conclusion page, add docs for the salt-config tool diff --git a/changelog/60876.fixed b/changelog/60876.fixed deleted file mode 100644 index 6fdee02521d..00000000000 --- a/changelog/60876.fixed +++ /dev/null @@ -1 +0,0 @@ -Adjust Debian/Ubuntu package use of name 'ifenslave-2.6' to 'ifenslave' diff --git a/changelog/60897.fixed b/changelog/60897.fixed deleted file mode 100644 index b8d5fba2ad5..00000000000 --- a/changelog/60897.fixed +++ /dev/null @@ -1,3 +0,0 @@ -Clear and update the Pillar Cache when running saltutil.refresh_pillar. This only affects users -that have `pillar_cache` set to True. If you do not want to clear the cache you can pass the kwarg -`clean_cache=False` to `saltutil.refresh_pillar`. diff --git a/changelog/60905.added b/changelog/60905.added deleted file mode 100644 index 3fe39286a84..00000000000 --- a/changelog/60905.added +++ /dev/null @@ -1 +0,0 @@ -Support querying for JSON data in SQL external pillar diff --git a/changelog/60909.fixed b/changelog/60909.fixed deleted file mode 100644 index c3e86b78560..00000000000 --- a/changelog/60909.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed Python 2 syntax for Python 3, allow for view objects returned by dictionary keys() function diff --git a/changelog/60912.added b/changelog/60912.added deleted file mode 100644 index 907790605c4..00000000000 --- a/changelog/60912.added +++ /dev/null @@ -1 +0,0 @@ -Added support for yum and dnf on AIX diff --git a/changelog/60955.fixed b/changelog/60955.fixed deleted file mode 100644 index 86ca8295a42..00000000000 --- a/changelog/60955.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix REST CherryPY append the default permissions every request \ No newline at end of file diff --git a/changelog/60990.added b/changelog/60990.added deleted file mode 100644 index f70dbd54b27..00000000000 --- a/changelog/60990.added +++ /dev/null @@ -1 +0,0 @@ -Added percent success/failure of state runs in highstate summary output via new state_output_pct option diff --git a/changelog/61043.fixed b/changelog/61043.fixed deleted file mode 100644 index 79cd46db67a..00000000000 --- a/changelog/61043.fixed +++ /dev/null @@ -1 +0,0 @@ -schedule.job_status module: Convert datetime objects into formatted strings diff --git a/changelog/61054.fixed b/changelog/61054.fixed deleted file mode 100644 index 988d683dfc8..00000000000 --- a/changelog/61054.fixed +++ /dev/null @@ -1 +0,0 @@ -virt: don't crash if console doesn't have service or type attribute diff --git a/changelog/61062.fixed b/changelog/61062.fixed deleted file mode 100644 index 2e55a51ea91..00000000000 --- a/changelog/61062.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed conflict between importlib_metada from Salt and importlib.metadata from Python 3.10 diff --git a/changelog/61084.fixed b/changelog/61084.fixed deleted file mode 100644 index 0beb24581d6..00000000000 --- a/changelog/61084.fixed +++ /dev/null @@ -1 +0,0 @@ -sys.argspec now works with pillar.get, vault.read_secret, and vault.list_secrets diff --git a/changelog/61094.fixed b/changelog/61094.fixed deleted file mode 100644 index a190b7c8e2b..00000000000 --- a/changelog/61094.fixed +++ /dev/null @@ -1 +0,0 @@ -Set virtual grain on FreeBSD EC2 instances diff --git a/changelog/61113.fixed b/changelog/61113.fixed deleted file mode 100644 index f2e8a6dc204..00000000000 --- a/changelog/61113.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed v3004 windows minion failing to open log file at C:\ProgramData\Salt Project\Salt\var\log\salt\minion diff --git a/changelog/61117.fixed b/changelog/61117.fixed deleted file mode 100644 index 2353c237999..00000000000 --- a/changelog/61117.fixed +++ /dev/null @@ -1 +0,0 @@ -Correct returned result to False when an error exception occurs for pip.installed diff --git a/changelog/61121.fixed b/changelog/61121.fixed deleted file mode 100644 index 034bcd2ea28..00000000000 --- a/changelog/61121.fixed +++ /dev/null @@ -1 +0,0 @@ -fixed extend being too strict and wanting the system_type to exist when it is only needed for requisites. diff --git a/changelog/61124.fixed b/changelog/61124.fixed deleted file mode 100644 index a965ed977f6..00000000000 --- a/changelog/61124.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed bug where deserialization in script engine would throw an error after all output was read. \ No newline at end of file diff --git a/changelog/61130.removed b/changelog/61130.removed deleted file mode 100644 index c385a43b915..00000000000 --- a/changelog/61130.removed +++ /dev/null @@ -1 +0,0 @@ -Removed support for macos mojave diff --git a/changelog/61135.fixed b/changelog/61135.fixed deleted file mode 100644 index 5ab99d0d4eb..00000000000 --- a/changelog/61135.fixed +++ /dev/null @@ -1 +0,0 @@ -Adding missing import for salt.utils.beacons into beacons that were updated to use it. diff --git a/changelog/61146.added b/changelog/61146.added deleted file mode 100644 index ef979b800f6..00000000000 --- a/changelog/61146.added +++ /dev/null @@ -1 +0,0 @@ -Add support for retrieve IP-address from qemu agent by Salt-cloud on Proxmox \ No newline at end of file diff --git a/changelog/61160.fixed b/changelog/61160.fixed deleted file mode 100644 index 2454db8ae4f..00000000000 --- a/changelog/61160.fixed +++ /dev/null @@ -1 +0,0 @@ -added exception catch to salt.utils.vt.terminal.isalive(). diff --git a/changelog/61161.fixed b/changelog/61161.fixed deleted file mode 100644 index 742d06fef7b..00000000000 --- a/changelog/61161.fixed +++ /dev/null @@ -1 +0,0 @@ -Re-factor transport to make them more plug-able diff --git a/changelog/61163.fixed b/changelog/61163.fixed deleted file mode 100644 index 239e7f1cf1d..00000000000 --- a/changelog/61163.fixed +++ /dev/null @@ -1 +0,0 @@ -Remove max zeromq pinned version due to issues on FreeBSD diff --git a/changelog/61172.fixed b/changelog/61172.fixed deleted file mode 100644 index d1c25cc8762..00000000000 --- a/changelog/61172.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixing deltaproxy code to handle the situation where the control proxy is configured to control a proxy minion whose pillar data could not be loaded. diff --git a/changelog/61176.fixed b/changelog/61176.fixed deleted file mode 100644 index 2916b945390..00000000000 --- a/changelog/61176.fixed +++ /dev/null @@ -1 +0,0 @@ -Prevent get_tops from performing a Set operation on a List diff --git a/changelog/61191.fixed b/changelog/61191.fixed deleted file mode 100644 index 1fcd5dd1a21..00000000000 --- a/changelog/61191.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix a failure with salt.utils.vault.make_request when namespace is not defined in the connection. diff --git a/changelog/61192.fixed b/changelog/61192.fixed deleted file mode 100644 index b9f0009d735..00000000000 --- a/changelog/61192.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix race condition in `salt.utils.verify.verify_env` and ignore directories starting with dot diff --git a/changelog/61198.fixed b/changelog/61198.fixed deleted file mode 100644 index de88aa9f34a..00000000000 --- a/changelog/61198.fixed +++ /dev/null @@ -1 +0,0 @@ -LGPO: Search for policies in a case-sensitive manner first, then fall back to non case-sensitive names diff --git a/changelog/61200.fixed b/changelog/61200.fixed deleted file mode 100644 index fc7c3c5b8f3..00000000000 --- a/changelog/61200.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed state includes in dynamic environments diff --git a/changelog/61247.fixed b/changelog/61247.fixed deleted file mode 100644 index c8737356ae1..00000000000 --- a/changelog/61247.fixed +++ /dev/null @@ -1 +0,0 @@ -Minimize the number of network connections minions to the master diff --git a/changelog/61252.fixed b/changelog/61252.fixed deleted file mode 100644 index 2692f9b7b75..00000000000 --- a/changelog/61252.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix salt-call event.event with pillar or grains diff --git a/changelog/61270.added b/changelog/61270.added deleted file mode 100644 index 883f991011e..00000000000 --- a/changelog/61270.added +++ /dev/null @@ -1 +0,0 @@ -Add Etag support for file.managed web sources diff --git a/changelog/61271.fixed b/changelog/61271.fixed deleted file mode 100644 index 0fbad1c7824..00000000000 --- a/changelog/61271.fixed +++ /dev/null @@ -1 +0,0 @@ -Make the salt.utils.win_dacl.get_name() function include the "NT Security" prefix for Virtual Accounts. Virtual Accounts can only be added with the fully qualified name. \ No newline at end of file diff --git a/changelog/61275.deprecated b/changelog/61275.deprecated deleted file mode 100644 index 1f9c54ae036..00000000000 --- a/changelog/61275.deprecated +++ /dev/null @@ -1 +0,0 @@ -Deprecated transport kwarg inside salt.utils.event.get_event diff --git a/changelog/61277.fixed b/changelog/61277.fixed deleted file mode 100644 index 5de4971e20a..00000000000 --- a/changelog/61277.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed tracebacks and print helpful error message when proxy_return = True but no platform or primary_ip set in NetBox pillar. diff --git a/changelog/61297.fixed b/changelog/61297.fixed deleted file mode 100644 index 1c64eb26602..00000000000 --- a/changelog/61297.fixed +++ /dev/null @@ -1 +0,0 @@ -Ensure opts is included in pack for minion_mods and config loads opts from the named_context. diff --git a/changelog/61316.fixed b/changelog/61316.fixed deleted file mode 100644 index 1344bf87c49..00000000000 --- a/changelog/61316.fixed +++ /dev/null @@ -1 +0,0 @@ -Added prefix length info for IPv6 addresses in Windows diff --git a/changelog/61324.added b/changelog/61324.added deleted file mode 100644 index d67051a8da4..00000000000 --- a/changelog/61324.added +++ /dev/null @@ -1 +0,0 @@ -Adding the ability to add, delete, purge, and modify Salt scheduler jobs when the Salt minion is not running. diff --git a/changelog/61326.added b/changelog/61326.added deleted file mode 100644 index be765c43eaf..00000000000 --- a/changelog/61326.added +++ /dev/null @@ -1 +0,0 @@ -Added a force option to file.symlink to overwrite an existing symlink with the same name diff --git a/changelog/61331.fixed b/changelog/61331.fixed deleted file mode 100644 index dee52315849..00000000000 --- a/changelog/61331.fixed +++ /dev/null @@ -1 +0,0 @@ -Handle MariaDB 10.5+ SLAVE MONITOR grant diff --git a/changelog/61370.fixed b/changelog/61370.fixed deleted file mode 100644 index 4aee782298e..00000000000 --- a/changelog/61370.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix secondary ip addresses being added to ip4_interfaces and ip6_interfaces at the same time diff --git a/changelog/61377.fixed b/changelog/61377.fixed deleted file mode 100644 index 6c10147038a..00000000000 --- a/changelog/61377.fixed +++ /dev/null @@ -1 +0,0 @@ -Do not block the deltaproxy startup. Wrap the call to the individual proxy initialization functions in a try...except, catching the exception, logging an error and moving onto the next proxy minion. diff --git a/changelog/61392.fixed b/changelog/61392.fixed deleted file mode 100644 index a837322d351..00000000000 --- a/changelog/61392.fixed +++ /dev/null @@ -1 +0,0 @@ -show_instance of hetzner cloud provider should enforce an action like the other ones \ No newline at end of file diff --git a/changelog/61399.fixed b/changelog/61399.fixed deleted file mode 100644 index 3422a5b81a8..00000000000 --- a/changelog/61399.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix Hetzner Cloud config loading mechanism \ No newline at end of file diff --git a/changelog/61412.fixed b/changelog/61412.fixed deleted file mode 100644 index 7acc99d3bf4..00000000000 --- a/changelog/61412.fixed +++ /dev/null @@ -1 +0,0 @@ -Sets correctly the lvm grain even when lvm's command execution outputs a WARNING diff --git a/changelog/61413.fixed b/changelog/61413.fixed deleted file mode 100644 index 08abe92c5d8..00000000000 --- a/changelog/61413.fixed +++ /dev/null @@ -1 +0,0 @@ -Use net instead of sc in salt cloud when restarting the salt service diff --git a/changelog/61418.added b/changelog/61418.added deleted file mode 100644 index 457dda7b7ec..00000000000 --- a/changelog/61418.added +++ /dev/null @@ -1 +0,0 @@ -`gpg_decrypt_must_succeed` config to prevent gpg renderer from failing silently diff --git a/changelog/61440.fixed b/changelog/61440.fixed deleted file mode 100644 index 7babbc69dc3..00000000000 --- a/changelog/61440.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix use_etag support in fileclient by removing case sensitivity of expected header diff --git a/changelog/61445.fixed b/changelog/61445.fixed deleted file mode 100644 index 5500608aef0..00000000000 --- a/changelog/61445.fixed +++ /dev/null @@ -1 +0,0 @@ -Expand environment variables in the root_dir registry key diff --git a/changelog/61458.fixed b/changelog/61458.fixed deleted file mode 100644 index 0125322fecf..00000000000 --- a/changelog/61458.fixed +++ /dev/null @@ -1 +0,0 @@ -Use salt.utils.path.readlink everywhere instead of os.readlink diff --git a/changelog/61478.fixed b/changelog/61478.fixed deleted file mode 100644 index 0002b2b076c..00000000000 --- a/changelog/61478.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix state_aggregate minion option not respected diff --git a/changelog/61479.fixed b/changelog/61479.fixed deleted file mode 100644 index f037f9c4ae5..00000000000 --- a/changelog/61479.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed wua.installed and wua.uptodate to return all changes, failures, and supersedences diff --git a/changelog/61484.added b/changelog/61484.added deleted file mode 100644 index c77a2ee1440..00000000000 --- a/changelog/61484.added +++ /dev/null @@ -1 +0,0 @@ -Do not load a private copy of `__grains__` and `__salt__` for the sentry log handler if it is disabled. diff --git a/changelog/61494.fixed b/changelog/61494.fixed deleted file mode 100644 index 2167a32d853..00000000000 --- a/changelog/61494.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix issue with certutil when there's a space in the path to the certificate diff --git a/changelog/61502.added b/changelog/61502.added deleted file mode 100644 index 56fffae9459..00000000000 --- a/changelog/61502.added +++ /dev/null @@ -1 +0,0 @@ -Add Jinja filters for itertools functions, flatten, and a state template workflow diff --git a/changelog/61507.fixed b/changelog/61507.fixed deleted file mode 100644 index ec016af7f1f..00000000000 --- a/changelog/61507.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix cmdmod not respecting config for saltenv diff --git a/changelog/61509.fixed b/changelog/61509.fixed deleted file mode 100644 index 084d8706b33..00000000000 --- a/changelog/61509.fixed +++ /dev/null @@ -1 +0,0 @@ -Convert Py 2'isms to Python 3, and add tests for set_filesystems on AIX diff --git a/changelog/61533.fixed b/changelog/61533.fixed deleted file mode 100644 index 2afde4452ea..00000000000 --- a/changelog/61533.fixed +++ /dev/null @@ -1 +0,0 @@ -win_wua: Titles no longer limited to 40 characters diff --git a/changelog/61538.fixed b/changelog/61538.fixed deleted file mode 100644 index 682f8d67e52..00000000000 --- a/changelog/61538.fixed +++ /dev/null @@ -1 +0,0 @@ -Fixed error when using network module on RHEL 8 due to the name of the service changing from "network" to "NetworkManager". diff --git a/changelog/61544.fixed b/changelog/61544.fixed deleted file mode 100644 index c3b6a1661a8..00000000000 --- a/changelog/61544.fixed +++ /dev/null @@ -1 +0,0 @@ -Allow symlink to be created even if source is missing on Windows diff --git a/changelog/61549.added b/changelog/61549.added deleted file mode 100644 index aa0a35bd848..00000000000 --- a/changelog/61549.added +++ /dev/null @@ -1 +0,0 @@ -Add feature to allow roll-up of duplicate IDs with different names in highstate output diff --git a/changelog/61553.fixed b/changelog/61553.fixed deleted file mode 100644 index 3b2141ab3b3..00000000000 --- a/changelog/61553.fixed +++ /dev/null @@ -1 +0,0 @@ -Print jinja error context on `UndefinedError`. Previously `jinja2.exceptions.UndefinedError` resulted in a `SaltRenderError` without source file context, unlike all of the other Jinja exceptions handled in `salt/utils/templates.py`. diff --git a/changelog/61557.fixed b/changelog/61557.fixed deleted file mode 100644 index 5604a5c3e38..00000000000 --- a/changelog/61557.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix uptime on AIX systems when less than 24 hours diff --git a/changelog/61562.added b/changelog/61562.added deleted file mode 100644 index f4f4fea8dc0..00000000000 --- a/changelog/61562.added +++ /dev/null @@ -1 +0,0 @@ -Allow cp functions to derive saltenv from config if not explicitly set diff --git a/changelog/61566.deprecated b/changelog/61566.deprecated deleted file mode 100644 index 884d50d9c96..00000000000 --- a/changelog/61566.deprecated +++ /dev/null @@ -1 +0,0 @@ -Deprecated netmiko_conn and pyeapi_conn in napalm_mod.py as these function should not be called from the CLI diff --git a/changelog/61614.fixed b/changelog/61614.fixed deleted file mode 100644 index 744b05a6bc8..00000000000 --- a/changelog/61614.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix issue with state.show_state_usage when a saltenv is not referenced in any topfile diff --git a/changelog/61682.added b/changelog/61682.added deleted file mode 100644 index 6f5b75a2883..00000000000 --- a/changelog/61682.added +++ /dev/null @@ -1 +0,0 @@ -Add a function to the freezer module for comparison of packages and repos in two frozen states diff --git a/changelog/61691.removed b/changelog/61691.removed deleted file mode 100644 index 39df03d700b..00000000000 --- a/changelog/61691.removed +++ /dev/null @@ -1 +0,0 @@ -Remove the grains.get_or_set_hash function. Please reference pillar and SDB documentation for secure ways to manage sensitive information. Grains are an insecure way to store secrets. diff --git a/changelog/61693.removed b/changelog/61693.removed deleted file mode 100644 index 3dc04689b9f..00000000000 --- a/changelog/61693.removed +++ /dev/null @@ -1 +0,0 @@ -Removed the `telnet_port`, `serial_type` and `console` parameters in salt/modules/virt.py. Use the `serials` and `consoles` parameters instead. Use the `serials` parameter with a value like ``{{{{'type': 'tcp', 'protocol': 'telnet', 'port': {}}}}}`` instead and a similar `consoles` parameter. diff --git a/changelog/61694.removed b/changelog/61694.removed deleted file mode 100644 index 42dc18264c1..00000000000 --- a/changelog/61694.removed +++ /dev/null @@ -1,2 +0,0 @@ -Remove remove_lock in zypperpkg.py in favor of unhold. -Remove add_lock in zypperpkg.py in favor of hold. diff --git a/changelog/61696.removed b/changelog/61696.removed deleted file mode 100644 index 11b2d0dafc0..00000000000 --- a/changelog/61696.removed +++ /dev/null @@ -1,2 +0,0 @@ -Removed support for old-style Windows Group Policy names -Recommended policy names will be displayed in comments diff --git a/changelog/61698.removed b/changelog/61698.removed deleted file mode 100644 index f528ae9ce35..00000000000 --- a/changelog/61698.removed +++ /dev/null @@ -1,2 +0,0 @@ -Remove SaltMessageServer.shutdown in favor of close. -Remove LoadBalancerWorker.stop in favor of close. diff --git a/changelog/61708.added b/changelog/61708.added deleted file mode 100644 index 1653ca12119..00000000000 --- a/changelog/61708.added +++ /dev/null @@ -1 +0,0 @@ -Add grains_refresh_pre_exec option to allow grains to be refreshed before any operation diff --git a/changelog/61738.fixed b/changelog/61738.fixed deleted file mode 100644 index a37de9ea3a8..00000000000 --- a/changelog/61738.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix improper master caching of file listing in multiple dynamic environments diff --git a/changelog/61741.fixed b/changelog/61741.fixed deleted file mode 100644 index 1f6ab69ee78..00000000000 --- a/changelog/61741.fixed +++ /dev/null @@ -1 +0,0 @@ -When configured beacons are empty write an empty beacon configuration file. diff --git a/changelog/61743.fixed b/changelog/61743.fixed deleted file mode 100644 index 0a80deb97ab..00000000000 --- a/changelog/61743.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix file.replace updating mtime with no changes diff --git a/changelog/61763.added b/changelog/61763.added deleted file mode 100644 index 720a948d016..00000000000 --- a/changelog/61763.added +++ /dev/null @@ -1 +0,0 @@ -Add Etag support for archive.extracted web sources diff --git a/changelog/61848.fixed b/changelog/61848.fixed deleted file mode 100644 index e8e6fd34262..00000000000 --- a/changelog/61848.fixed +++ /dev/null @@ -1 +0,0 @@ -Update Markup and contextfunction imports for jinja versions >=3.1. diff --git a/cicd/amis.yml b/cicd/amis.yml index 99c2e211b41..47edcf0184b 100644 --- a/cicd/amis.yml +++ b/cicd/amis.yml @@ -1,18 +1 @@ -alma-8-x86_64: ami-0594d7cf435c3d2f7 -amazon-2-x86_64: ami-01226819a514516fe -arch-lts-x86_64: ami-018a6b479dcb87969 -centos-7-x86_64: ami-05764f27cdf8f99e0 -centosstream-8-x86_64: ami-02fc0a57f9b1fa4ed -debian-10-amd64: ami-0eb32b3297dc438d0 -debian-11-amd64: ami-08bf6df84b4488e8a -debian-11-arm64: ami-085ff5dc42735c52e -debian-9-amd64: ami-033ed8f0f55cad1e0 -fedora-34-x86_64: ami-0eb0a8e46caef07e8 -freebsd-130-amd64: ami-0b48fe6a03c29b2d9 -opensuse-15-x86_64: ami-0b57dabce687992c3 -photon-3-x86_64: ami-080bc696fab4f5840 -ubuntu-1804-amd64: ami-0decb138fa5e24979 -ubuntu-2004-amd64: ami-0468248e8ecfacd5c -ubuntu-2004-arm64: ami-07dcde5a6a61ce72a -windows-2016-x64: ami-03dce76a35067f8fd -windows-2019-x64: ami-08fe22a79bd743e34 +centosstream-9-x86_64: ami-044545f7a74d46acc diff --git a/cicd/golden-images.json b/cicd/golden-images.json new file mode 100644 index 00000000000..75341e64aeb --- /dev/null +++ b/cicd/golden-images.json @@ -0,0 +1,332 @@ +{ + "almalinux-8-arm64": { + "ami": "ami-0fc1e14bf9ff422aa", + "ami_description": "CI Image of AlmaLinux 8 arm64", + "ami_name": "salt-project/ci/almalinux/8/arm64/20230418.1731", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "almalinux-8": { + "ami": "ami-0bae4158c1f126271", + "ami_description": "CI Image of AlmaLinux 8 x86_64", + "ami_name": "salt-project/ci/almalinux/8/x86_64/20230418.1732", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "almalinux-9-arm64": { + "ami": "ami-08f4d0fbf5d53c3ab", + "ami_description": "CI Image of AlmaLinux 9 arm64", + "ami_name": "salt-project/ci/almalinux/9/arm64/20230418.1732", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "almalinux-9": { + "ami": "ami-00404c1cc5c5a08bd", + "ami_description": "CI Image of AlmaLinux 9 x86_64", + "ami_name": "salt-project/ci/almalinux/9/x86_64/20230418.1738", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "amazonlinux-2-arm64": { + "ami": "ami-05fbdb644d06c27b6", + "ami_description": "CI Image of AmazonLinux 2 arm64", + "ami_name": "salt-project/ci/amazonlinux/2/arm64/20230418.1717", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "amazonlinux-2": { + "ami": "ami-014171e6c30ec8387", + "ami_description": "CI Image of AmazonLinux 2 x86_64", + "ami_name": "salt-project/ci/amazonlinux/2/x86_64/20230418.1718", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "archlinux-lts": { + "ami": "ami-00cff81ed2e2fb0f4", + "ami_description": "CI Image of ArchLinux lts x86_64", + "ami_name": "salt-project/ci/archlinux/lts/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "false", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "arch" + }, + "centos-7-arm64": { + "ami": "ami-051cef43c13fcc0c9", + "ami_description": "CI Image of CentOS 7 arm64", + "ami_name": "salt-project/ci/centos/7/arm64/20230418.1743", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "centos" + }, + "centos-7": { + "ami": "ami-0dcc94e1bea829149", + "ami_description": "CI Image of CentOS 7 x86_64", + "ami_name": "salt-project/ci/centos/7/x86_64/20230418.1743", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "centos" + }, + "centosstream-8-arm64": { + "ami": "ami-02783136c1080c782", + "ami_description": "CI Image of CentOSStream 8 arm64", + "ami_name": "salt-project/ci/centosstream/8/arm64/20230418.1717", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "centos" + }, + "centosstream-8": { + "ami": "ami-055e35dc7180defad", + "ami_description": "CI Image of CentOSStream 8 x86_64", + "ami_name": "salt-project/ci/centosstream/8/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "centos" + }, + "centosstream-9-arm64": { + "ami": "ami-06fd13f7c7c702fc4", + "ami_description": "CI Image of CentOSStream 9 arm64", + "ami_name": "salt-project/ci/centosstream/9/arm64/20230418.1717", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "centosstream-9": { + "ami": "ami-044545f7a74d46acc", + "ami_description": "CI Image of CentOSStream 9 x86_64", + "ami_name": "salt-project/ci/centosstream/9/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "debian-10-arm64": { + "ami": "ami-045aedc47e7ddfbf1", + "ami_description": "CI Image of Debian 10 arm64", + "ami_name": "salt-project/ci/debian/10/arm64/20230418.1739", + "arch": "arm64", + "cloudwatch-agent-available": "false", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "admin" + }, + "debian-10": { + "ami": "ami-0a205a9361210b291", + "ami_description": "CI Image of Debian 10 x86_64", + "ami_name": "salt-project/ci/debian/10/x86_64/20230418.1739", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "admin" + }, + "debian-11-arm64": { + "ami": "ami-0be71acc27a8efa60", + "ami_description": "CI Image of Debian 11 arm64", + "ami_name": "salt-project/ci/debian/11/arm64/20230418.1739", + "arch": "arm64", + "cloudwatch-agent-available": "false", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "admin" + }, + "debian-11": { + "ami": "ami-0ad354da27b34289b", + "ami_description": "CI Image of Debian 11 x86_64", + "ami_name": "salt-project/ci/debian/11/x86_64/20230418.1742", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "admin" + }, + "fedora-36-arm64": { + "ami": "ami-00c0ab2829c887922", + "ami_description": "CI Image of Fedora 36 arm64", + "ami_name": "salt-project/ci/fedora/36/arm64/20230418.1726", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "fedora" + }, + "fedora-36": { + "ami": "ami-0185a1189bff7c771", + "ami_description": "CI Image of Fedora 36 x86_64", + "ami_name": "salt-project/ci/fedora/36/x86_64/20230418.1726", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "fedora" + }, + "fedora-37-arm64": { + "ami": "ami-075c52fda843ace1b", + "ami_description": "CI Image of Fedora 37 arm64", + "ami_name": "salt-project/ci/fedora/37/arm64/20230418.1726", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "fedora" + }, + "fedora-37": { + "ami": "ami-099a68403d6c65733", + "ami_description": "CI Image of Fedora 37 x86_64", + "ami_name": "salt-project/ci/fedora/37/x86_64/20230418.1726", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "fedora" + }, + "fedora-38-arm64": { + "ami": "ami-02fa22d081a9be052", + "ami_description": "CI Image of Fedora 38 arm64", + "ami_name": "salt-project/ci/fedora/38/arm64/20230418.1727", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "fedora" + }, + "fedora-38": { + "ami": "ami-0a8d949d0bb15bbc0", + "ami_description": "CI Image of Fedora 38 x86_64", + "ami_name": "salt-project/ci/fedora/38/x86_64/20230418.1727", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "fedora" + }, + "opensuse-15": { + "ami": "ami-089ac311f924f131f", + "ami_description": "CI Image of Opensuse 15 x86_64", + "ami_name": "salt-project/ci/opensuse/15/x86_64/20230418.1744", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ec2-user" + }, + "photonos-3": { + "ami": "ami-03ce6db789f90957b", + "ami_description": "CI Image of PhotonOS 3 x86_64", + "ami_name": "salt-project/ci/photonos/3/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "root" + }, + "photonos-4": { + "ami": "ami-0ef9996c398479d65", + "ami_description": "CI Image of PhotonOS 4 x86_64", + "ami_name": "salt-project/ci/photonos/4/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "root" + }, + "ubuntu-20.04-arm64": { + "ami": "ami-0c4d21e0772489c0d", + "ami_description": "CI Image of Ubuntu 20.04 arm64", + "ami_name": "salt-project/ci/ubuntu/20.04/arm64/20230418.1728", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ubuntu" + }, + "ubuntu-20.04": { + "ami": "ami-09ae6200865b29b9b", + "ami_description": "CI Image of Ubuntu 20.04 x86_64", + "ami_name": "salt-project/ci/ubuntu/20.04/x86_64/20230418.1728", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ubuntu" + }, + "ubuntu-22.04-arm64": { + "ami": "ami-024fe5d0b838f88f7", + "ami_description": "CI Image of Ubuntu 22.04 arm64", + "ami_name": "salt-project/ci/ubuntu/22.04/arm64/20230418.1731", + "arch": "arm64", + "cloudwatch-agent-available": "true", + "instance_type": "m6g.large", + "is_windows": "false", + "ssh_username": "ubuntu" + }, + "ubuntu-22.04": { + "ami": "ami-0d83f00f084d91451", + "ami_description": "CI Image of Ubuntu 22.04 x86_64", + "ami_name": "salt-project/ci/ubuntu/22.04/x86_64/20230418.1732", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.large", + "is_windows": "false", + "ssh_username": "ubuntu" + }, + "windows-2016": { + "ami": "ami-078d9229cfaf24d1b", + "ami_description": "CI Image of Windows 2016 x86_64", + "ami_name": "salt-project/ci/windows/2016/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.xlarge", + "is_windows": "true", + "ssh_username": "Administrator" + }, + "windows-2019": { + "ami": "ami-0ab20823965e1aa7a", + "ami_description": "CI Image of Windows 2019 x86_64", + "ami_name": "salt-project/ci/windows/2019/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.xlarge", + "is_windows": "true", + "ssh_username": "Administrator" + }, + "windows-2022": { + "ami": "ami-054c4cf04c0f31eb1", + "ami_description": "CI Image of Windows 2022 x86_64", + "ami_name": "salt-project/ci/windows/2022/x86_64/20230418.1717", + "arch": "x86_64", + "cloudwatch-agent-available": "true", + "instance_type": "t3a.xlarge", + "is_windows": "true", + "ssh_username": "Administrator" + } +} diff --git a/cicd/jenkins/pr-alma-8-x86_64-py3-pytest b/cicd/jenkins/pr-alma-8-x86_64-py3-pytest deleted file mode 100644 index 1e2a3405e3b..00000000000 --- a/cicd/jenkins/pr-alma-8-x86_64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'alma', - distro_version: '8', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-amazon-2-x86_64-py3-pytest b/cicd/jenkins/pr-amazon-2-x86_64-py3-pytest deleted file mode 100644 index 0aa8a82e024..00000000000 --- a/cicd/jenkins/pr-amazon-2-x86_64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'amazon', - distro_version: '2', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 7, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-arch-lts-x86_64-py3-pytest b/cicd/jenkins/pr-arch-lts-x86_64-py3-pytest deleted file mode 100644 index 14b2612a928..00000000000 --- a/cicd/jenkins/pr-arch-lts-x86_64-py3-pytest +++ /dev/null @@ -1,16 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'arch', - distro_version: 'lts', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-centos-7-x86_64-py3-cloud-pytest b/cicd/jenkins/pr-centos-7-x86_64-py3-cloud-pytest deleted file mode 100644 index 1f67e72a7b8..00000000000 --- a/cicd/jenkins/pr-centos-7-x86_64-py3-cloud-pytest +++ /dev/null @@ -1,18 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 0, // Don't cancel builds still running. Wait until they end. - distro_name: 'centos', - distro_version: '7', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - kitchen_platforms_file: '/var/jenkins/workspace/cloud-platforms.yml', - nox_env_name: 'pytest-cloud', - nox_passthrough_opts: '', - python_version: 'py3', - testrun_timeout: 6, - force_run_full: true, - use_spot_instances: true) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-centos-7-x86_64-py3-m2crypto-pytest b/cicd/jenkins/pr-centos-7-x86_64-py3-m2crypto-pytest deleted file mode 100644 index 6a6e1020cc9..00000000000 --- a/cicd/jenkins/pr-centos-7-x86_64-py3-m2crypto-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'centos', - distro_version: '7', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq-m2crypto', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 8, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-centos-7-x86_64-py3-pycryptodome-pytest b/cicd/jenkins/pr-centos-7-x86_64-py3-pycryptodome-pytest deleted file mode 100644 index 6b350bc9762..00000000000 --- a/cicd/jenkins/pr-centos-7-x86_64-py3-pycryptodome-pytest +++ /dev/null @@ -1,16 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'centos', - distro_version: '7', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq-pycryptodome', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 8, - use_spot_instances: true) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-centos-7-x86_64-py3-pytest b/cicd/jenkins/pr-centos-7-x86_64-py3-pytest deleted file mode 100644 index 89c5cdb666c..00000000000 --- a/cicd/jenkins/pr-centos-7-x86_64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'centos', - distro_version: '7', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 8, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-centos-7-x86_64-py3-tcp-pytest b/cicd/jenkins/pr-centos-7-x86_64-py3-tcp-pytest deleted file mode 100644 index 9db75571c74..00000000000 --- a/cicd/jenkins/pr-centos-7-x86_64-py3-tcp-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'centos', - distro_version: '7', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-tcp', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 8, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-centosstream-8-x86_64-py3-pytest b/cicd/jenkins/pr-centosstream-8-x86_64-py3-pytest deleted file mode 100644 index ad082234539..00000000000 --- a/cicd/jenkins/pr-centosstream-8-x86_64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'centosstream', - distro_version: '8', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-centosstream-9-x86_64-py3-cloud-pytest b/cicd/jenkins/pr-centosstream-9-x86_64-py3-cloud-pytest new file mode 100644 index 00000000000..b041f3b970c --- /dev/null +++ b/cicd/jenkins/pr-centosstream-9-x86_64-py3-cloud-pytest @@ -0,0 +1,18 @@ +@Library('salt@master-1.11') _ + +runTestSuite( + concurrent_builds: 0, // Don't cancel builds still running. Wait until they end. + distro_name: 'centosstream', + distro_version: '9', + distro_arch: 'x86-64', + env: env, + jenkins_slave_label: 'kitchen-slave', + kitchen_platforms_file: '/var/jenkins/workspace/cloud-platforms.yml', + nox_env_name: 'pytest-cloud', + nox_passthrough_opts: '', + python_version: 'py3', + testrun_timeout: 6, + force_run_full: true, + use_spot_instances: true) + +// vim: ft=groovy diff --git a/cicd/jenkins/pr-debian-10-amd64-py3-pytest b/cicd/jenkins/pr-debian-10-amd64-py3-pytest deleted file mode 100644 index 5877da9e5fe..00000000000 --- a/cicd/jenkins/pr-debian-10-amd64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'debian', - distro_version: '10', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-debian-11-amd64-py3-pytest b/cicd/jenkins/pr-debian-11-amd64-py3-pytest deleted file mode 100644 index dff5b0d7c4b..00000000000 --- a/cicd/jenkins/pr-debian-11-amd64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'debian', - distro_version: '11', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-debian-11-arm64-py3-pytest b/cicd/jenkins/pr-debian-11-arm64-py3-pytest deleted file mode 100644 index 91144f855e9..00000000000 --- a/cicd/jenkins/pr-debian-11-arm64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'debian', - distro_version: '11', - distro_arch: 'arm64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-debian-9-amd64-py3-pytest b/cicd/jenkins/pr-debian-9-amd64-py3-pytest deleted file mode 100644 index e56c2c7dd59..00000000000 --- a/cicd/jenkins/pr-debian-9-amd64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'debian', - distro_version: '9', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-docs b/cicd/jenkins/pr-docs deleted file mode 100644 index 43fdc71e30a..00000000000 --- a/cicd/jenkins/pr-docs +++ /dev/null @@ -1,6 +0,0 @@ -@Library('salt@master-1.11') _ - -runDocs( - env: env) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-fedora-34-x86_64-py3-pytest b/cicd/jenkins/pr-fedora-34-x86_64-py3-pytest deleted file mode 100644 index be89718c9f4..00000000000 --- a/cicd/jenkins/pr-fedora-34-x86_64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'fedora', - distro_version: '34', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-freebsd-130-amd64-py3-pytest b/cicd/jenkins/pr-freebsd-130-amd64-py3-pytest deleted file mode 100644 index 8cef7e907bd..00000000000 --- a/cicd/jenkins/pr-freebsd-130-amd64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'freebsd', - distro_version: '130', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-lint b/cicd/jenkins/pr-lint deleted file mode 100644 index 67ee50437e1..00000000000 --- a/cicd/jenkins/pr-lint +++ /dev/null @@ -1,6 +0,0 @@ -@Library('salt@master-1.11') _ - -runLint( - env: env) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-macosx-catalina-x86_64-py3-pytest b/cicd/jenkins/pr-macosx-catalina-x86_64-py3-pytest deleted file mode 100644 index df640d30a94..00000000000 --- a/cicd/jenkins/pr-macosx-catalina-x86_64-py3-pytest +++ /dev/null @@ -1,19 +0,0 @@ -@Library('salt@master-1.11') _ - -// Pre-nox pipeline -runTestSuite( - concurrent_builds: 1, - distro_name: 'macosx', - distro_version: 'catalina', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave-mac', - kitchen_platforms_file: '/var/jenkins/workspace/pre-golden-platforms-new.yml', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: false, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-opensuse-15-x86_64-py3-pytest b/cicd/jenkins/pr-opensuse-15-x86_64-py3-pytest deleted file mode 100644 index fc69bc7f941..00000000000 --- a/cicd/jenkins/pr-opensuse-15-x86_64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'opensuse', - distro_version: '15', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-photon-3-x86_64-py3-pytest b/cicd/jenkins/pr-photon-3-x86_64-py3-pytest deleted file mode 100644 index a63be35e51a..00000000000 --- a/cicd/jenkins/pr-photon-3-x86_64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'photon', - distro_version: '3', - distro_arch: 'x86-64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 8, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-pre-commit b/cicd/jenkins/pr-pre-commit deleted file mode 100644 index 72daae225d3..00000000000 --- a/cicd/jenkins/pr-pre-commit +++ /dev/null @@ -1,15 +0,0 @@ -@Library('salt@master-1.11') _ - -if (env.CHANGE_ID) { - // This is a PR - pre_commit_skips = '' -} else { - // This is a branch build - pre_commit_skips = 'pyupgrade,remove-import-headers,rstcheck' -} - -runPreCommit( - env: env, - pre_commit_skips: pre_commit_skips) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-ubuntu-1804-amd64-py3-pytest b/cicd/jenkins/pr-ubuntu-1804-amd64-py3-pytest deleted file mode 100644 index 20a911d7bbc..00000000000 --- a/cicd/jenkins/pr-ubuntu-1804-amd64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'ubuntu', - distro_version: '1804', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-m2crypto-pytest b/cicd/jenkins/pr-ubuntu-2004-amd64-py3-m2crypto-pytest deleted file mode 100644 index 3f1ec085ae4..00000000000 --- a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-m2crypto-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'ubuntu', - distro_version: '2004', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq-m2crypto', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-pycryptodome-pytest b/cicd/jenkins/pr-ubuntu-2004-amd64-py3-pycryptodome-pytest deleted file mode 100644 index 1a12f9e19a9..00000000000 --- a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-pycryptodome-pytest +++ /dev/null @@ -1,16 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'ubuntu', - distro_version: '2004', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq-pycryptodome', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-pytest b/cicd/jenkins/pr-ubuntu-2004-amd64-py3-pytest deleted file mode 100644 index f299894265a..00000000000 --- a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'ubuntu', - distro_version: '2004', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-tcp-pytest b/cicd/jenkins/pr-ubuntu-2004-amd64-py3-tcp-pytest deleted file mode 100644 index c99f8aee609..00000000000 --- a/cicd/jenkins/pr-ubuntu-2004-amd64-py3-tcp-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'ubuntu', - distro_version: '2004', - distro_arch: 'amd64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-tcp', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-ubuntu-2004-arm64-py3-pytest b/cicd/jenkins/pr-ubuntu-2004-arm64-py3-pytest deleted file mode 100644 index 807ced06fca..00000000000 --- a/cicd/jenkins/pr-ubuntu-2004-arm64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'ubuntu', - distro_version: '2004', - distro_arch: 'arm64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '--ssh-tests', - python_version: 'py3', - testrun_timeout: 6, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-windows-2016-x64-py3-pytest b/cicd/jenkins/pr-windows-2016-x64-py3-pytest deleted file mode 100644 index 8e7b3cb1827..00000000000 --- a/cicd/jenkins/pr-windows-2016-x64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'windows', - distro_version: '2016', - distro_arch: 'x64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '', - python_version: 'py3', - testrun_timeout: 9, - use_spot_instances: false, -) - -// vim: ft=groovy diff --git a/cicd/jenkins/pr-windows-2019-x64-py3-pytest b/cicd/jenkins/pr-windows-2019-x64-py3-pytest deleted file mode 100644 index 509f59b5497..00000000000 --- a/cicd/jenkins/pr-windows-2019-x64-py3-pytest +++ /dev/null @@ -1,17 +0,0 @@ -@Library('salt@master-1.11') _ - -runTestSuite( - concurrent_builds: 1, - distro_name: 'windows', - distro_version: '2019', - distro_arch: 'x64', - env: env, - jenkins_slave_label: 'kitchen-slave', - nox_env_name: 'pytest-zeromq', - nox_passthrough_opts: '', - python_version: 'py3', - testrun_timeout: 10, - use_spot_instances: true, -) - -// vim: ft=groovy diff --git a/cicd/kitchen_template.yml b/cicd/kitchen_template.yml index 99aad6f59cc..5f67437c3e0 100644 --- a/cicd/kitchen_template.yml +++ b/cicd/kitchen_template.yml @@ -47,4 +47,3 @@ - artifacts/ - .kitchen/ expire_in: 6 months - diff --git a/cicd/shared-gh-workflows-context.yml b/cicd/shared-gh-workflows-context.yml new file mode 100644 index 00000000000..ec3d939fe03 --- /dev/null +++ b/cicd/shared-gh-workflows-context.yml @@ -0,0 +1,4 @@ +python_version_linux: "3.10.11" +python_version_macos: "3.10.11" +python_version_windows: "3.10.11" +relenv_version: "0.12.3" diff --git a/conf/master b/conf/master index 17b3768267e..2c0a5c9cb87 100644 --- a/conf/master +++ b/conf/master @@ -51,7 +51,7 @@ # Key cache. Increases master speed for large numbers of accepted # keys. Available options: 'sched'. (Updates on a fixed schedule.) # Note that enabling this feature means that minions will not be -# available to target for up to the length of the maintanence loop +# available to target for up to the length of the maintenance loop # which by default is 60s. #key_cache: '' @@ -60,23 +60,31 @@ # #cachedir: /var/cache/salt/master -# Directory for custom modules. This directory can contain subdirectories for -# each of Salt's module types such as "runners", "output", "wheel", "modules", -# "states", "returners", "engines", "utils", etc. +# Directory where custom modules sync to. This directory can contain +# subdirectories for each of Salt's module types such as "runners", +# "output", "wheel", "modules", "states", "returners", "engines", +# "utils", etc. +# +# Note, any directories or files not found in the `module_dirs` +# location will be removed from the extension_modules path. + #extension_modules: /var/cache/salt/master/extmods # Directory for custom modules. This directory can contain subdirectories for # each of Salt's module types such as "runners", "output", "wheel", "modules", # "states", "returners", "engines", "utils", etc. -# Like 'extension_modules' but can take an array of paths #module_dirs: [] # Verify and set permissions on configuration directories at startup: #verify_env: True -# Set the number of hours to keep old job information in the job cache: +# Set the number of hours to keep old job information in the job cache. +# This option is deprecated by the keep_jobs_seconds option. #keep_jobs: 24 +# Set the number of seconds to keep old job information in the job cache: +#keep_jobs_seconds: 86400 + # The number of seconds to wait when the client is requesting information # about running jobs. #gather_job_timeout: 10 @@ -420,6 +428,11 @@ # Set to True to enable keeping the calculated user's auth list in the token # file. This is disabled by default and the auth list is calculated or requested # from the eauth driver each time. +# +# Note: `keep_acl_in_token` will be forced to True when using external authentication +# for REST API (`rest` is present under `external_auth`). This is because the REST API +# does not store the password, and can therefore not retroactively fetch the ACL, so +# the ACL must be stored in the token. #keep_acl_in_token: False # Auth subsystem module to use to get authorized access list for a user. By default it's @@ -1012,6 +1025,7 @@ # If and only if a master has set ``pillar_cache: True``, the cache TTL controls the amount # of time, in seconds, before the cache is considered invalid by a master and a fresh # pillar is recompiled and stored. +# The cache TTL does not prevent pillar cache from being refreshed before its TTL expires. #pillar_cache_ttl: 3600 # If and only if a master has set `pillar_cache: True`, one of several storage providers @@ -1340,3 +1354,6 @@ ############################################ # Allow the raw_shell parameter to be used when calling Salt SSH client via API #netapi_allow_raw_shell: True + +# Set a list of clients to enable in in the API +#netapi_enable_clients: [] diff --git a/conf/minion b/conf/minion index 959cadae296..eeef626fa83 100644 --- a/conf/minion +++ b/conf/minion @@ -171,7 +171,8 @@ # asynchronously, however, it still adds 5 seconds every time grains are # generated if an IP does not resolve. In Windows grains are regenerated each # time a new process is spawned. Therefore, the default for Windows is `False`. -# All other OSes default to `True` +# On macOS, FQDN resolution can be very slow, therefore the default for macOS is +# `False` as well. All other OSes default to `True` # enable_fqdns_grains: True # The minion can take a while to start up when lspci and/or dmidecode is used @@ -591,6 +592,16 @@ # #state_aggregate: False +# Instead of failing immediately when another state run is in progress, a value +# of True will queue the new state run to begin running once the other has +# finished. This option starts a new thread for each queued state run, so use +# this option sparingly. Additionally, it can be set to an integer representing +# the maximum queue size which can be attained before the state runs will fail +# to be queued. This can prevent runaway conditions where new threads are +# started until system performance is hampered. +# +#state_queue: False + # Disable requisites during state runs by specifying a single requisite # or a list of requisites to disable. # @@ -600,6 +611,14 @@ # - require # - require_in +# If set, this parameter expects a dictionary of state module names as keys +# and list of conditions which must be satisfied in order to run any functions +# in that state module. +# +#global_state_conditions: +# "*": ["G@global_noop:false"] +# service: ["not G@virtual_subtype:chroot"] + ##### File Directory Settings ##### ########################################## # The Salt Minion can redirect all file server operations to a local directory, diff --git a/conf/roster b/conf/roster index e5a83183844..3eac2fa0706 100644 --- a/conf/roster +++ b/conf/roster @@ -6,4 +6,3 @@ # sudo: True # Whether to sudo to root, not enabled by default #web2: # host: 192.168.42.2 - diff --git a/conf/suse/master b/conf/suse/master index 1262348a308..863d8790240 100644 --- a/conf/suse/master +++ b/conf/suse/master @@ -49,7 +49,7 @@ syndic_user: salt # Key cache. Increases master speed for large numbers of accepted # keys. Available options: 'sched'. (Updates on a fixed schedule.) # Note that enabling this feature means that minions will not be -# available to target for up to the length of the maintanence loop +# available to target for up to the length of the maintenance loop # which by default is 60s. #key_cache: '' @@ -74,8 +74,12 @@ syndic_user: salt #verify_env: True # Set the number of hours to keep old job information in the job cache: +# This option is deprecated by the keep_jobs_seconds option. #keep_jobs: 24 +# Set the number of seconds to keep old job information in the job cache: +#keep_jobs_seconds: 86400 + # The number of seconds to wait when the client is requesting information # about running jobs. #gather_job_timeout: 10 @@ -372,6 +376,11 @@ syndic_user: salt # Set to True to enable keeping the calculated user's auth list in the token # file. This is disabled by default and the auth list is calculated or requested # from the eauth driver each time. +# +# Note: `keep_acl_in_token` will be forced to True when using external authentication +# for REST API (`rest` is present under `external_auth`). This is because the REST API +# does not store the password, and can therefore not retroactively fetch the ACL, so +# the ACL must be stored in the token. #keep_acl_in_token: False # Auth subsystem module to use to get authorized access list for a user. By default it's @@ -529,8 +538,8 @@ syndic_user: salt # variable_end_string: '}}' # comment_start_string: '{#' # comment_end_string: '#}' -# line_statement_prefix: -# line_comment_prefix: +# line_statement_prefix: +# line_comment_prefix: # trim_blocks: False # lstrip_blocks: False # newline_sequence: '\n' @@ -544,8 +553,8 @@ syndic_user: salt # variable_end_string: '}}' # comment_start_string: '{#' # comment_end_string: '#}' -# line_statement_prefix: -# line_comment_prefix: +# line_statement_prefix: +# line_comment_prefix: # trim_blocks: False # lstrip_blocks: False # newline_sequence: '\n' @@ -941,6 +950,7 @@ syndic_user: salt # If and only if a master has set ``pillar_cache: True``, the cache TTL controls the amount # of time, in seconds, before the cache is considered invalid by a master and a fresh # pillar is recompiled and stored. +# The cache TTL does not prevent pillar cache from being refreshed before its TTL expires. #pillar_cache_ttl: 3600 # If and only if a master has set `pillar_cache: True`, one of several storage providers diff --git a/doc/_ext/httpdomain.py b/doc/_ext/httpdomain.py deleted file mode 100644 index b9af8773b05..00000000000 --- a/doc/_ext/httpdomain.py +++ /dev/null @@ -1,554 +0,0 @@ -""" - sphinxcontrib.httpdomain - ~~~~~~~~~~~~~~~~~~~~~~~~ - - The HTTP domain for documenting RESTful HTTP APIs. - - :copyright: Copyright 2011 by Hong Minhee - :license: BSD, see LICENSE for details. - -""" - -import re - -from docutils import nodes -from docutils.parsers.rst.roles import set_classes -from pygments.lexer import RegexLexer, bygroups -from pygments.lexers import get_lexer_by_name -from pygments.token import Keyword, Literal, Name, Number, Operator, Text -from pygments.util import ClassNotFound -from sphinx import addnodes -from sphinx.directives import ObjectDescription -from sphinx.domains import Domain, Index, ObjType -from sphinx.roles import XRefRole -from sphinx.util.docfields import GroupedField, TypedField -from sphinx.util.nodes import make_refnode - - -class DocRef: - """Represents a link to an RFC which defines an HTTP method.""" - - def __init__(self, base_url, anchor, section): - """Stores the specified attributes which represent a URL which links to - an RFC which defines an HTTP method. - - """ - self.base_url = base_url - self.anchor = anchor - self.section = section - - def __repr__(self): - """Returns the URL which this object represents, which points to the - location of the RFC which defines some HTTP method. - - """ - return "{}#{}{}".format(self.base_url, self.anchor, self.section) - - -#: The URL of the HTTP/1.1 RFC which defines the HTTP methods OPTIONS, GET, -#: HEAD, POST, PUT, DELETE, TRACE, and CONNECT. -RFC2616 = "http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html" - -#: The name to use for section anchors in RFC2616. -RFC2616ANCHOR = "sec" - -#: The URL of the RFC which defines the HTTP PATCH method. -RFC5789 = "http://tools.ietf.org/html/rfc5789" - -#: The name to use for section anchors in RFC5789. -RFC5789ANCHOR = "section-" - -#: Mapping from lowercase HTTP method name to :class:`DocRef` object which -#: maintains the URL which points to the section of the RFC which defines that -#: HTTP method. -DOCREFS = { - "patch": DocRef(RFC5789, RFC5789ANCHOR, 2), - "options": DocRef(RFC2616, RFC2616ANCHOR, 9.2), - "get": DocRef(RFC2616, RFC2616ANCHOR, 9.3), - "head": DocRef(RFC2616, RFC2616ANCHOR, 9.4), - "post": DocRef(RFC2616, RFC2616ANCHOR, 9.5), - "put": DocRef(RFC2616, RFC2616ANCHOR, 9.6), - "delete": DocRef(RFC2616, RFC2616ANCHOR, 9.7), - "trace": DocRef(RFC2616, RFC2616ANCHOR, 9.8), - "connect": DocRef(RFC2616, RFC2616ANCHOR, 9.9), -} - -HTTP_STATUS_CODES = { - 100: "Continue", - 101: "Switching Protocols", - 102: "Processing", - 200: "OK", - 201: "Created", - 202: "Accepted", - 203: "Non Authoritative Information", - 204: "No Content", - 205: "Reset Content", - 206: "Partial Content", - 207: "Multi Status", - 226: "IM Used", # see RFC 3229 - 300: "Multiple Choices", - 301: "Moved Permanently", - 302: "Found", - 303: "See Other", - 304: "Not Modified", - 305: "Use Proxy", - 307: "Temporary Redirect", - 400: "Bad Request", - 401: "Unauthorized", - 402: "Payment Required", # unused - 403: "Forbidden", - 404: "Not Found", - 405: "Method Not Allowed", - 406: "Not Acceptable", - 407: "Proxy Authentication Required", - 408: "Request Timeout", - 409: "Conflict", - 410: "Gone", - 411: "Length Required", - 412: "Precondition Failed", - 413: "Request Entity Too Large", - 414: "Request URI Too Long", - 415: "Unsupported Media Type", - 416: "Requested Range Not Satisfiable", - 417: "Expectation Failed", - 418: "I'm a teapot", # see RFC 2324 - 422: "Unprocessable Entity", - 423: "Locked", - 424: "Failed Dependency", - 426: "Upgrade Required", - 449: "Retry With", # proprietary MS extension - 500: "Internal Server Error", - 501: "Not Implemented", - 502: "Bad Gateway", - 503: "Service Unavailable", - 504: "Gateway Timeout", - 505: "HTTP Version Not Supported", - 507: "Insufficient Storage", - 510: "Not Extended", -} - -http_sig_param_re = re.compile( - r"\((?:(?P[^:)]+):)?(?P[\w_]+)\)", re.VERBOSE -) - - -def http_resource_anchor(method, path): - path = re.sub(r"[<>:/]", "-", path) - return method.lower() + "-" + path - - -class HTTPResource(ObjectDescription): - - doc_field_types = [ - TypedField( - "parameter", - label="Parameters", - names=("param", "parameter", "arg", "argument"), - typerolename="obj", - typenames=("paramtype", "type"), - ), - TypedField( - "jsonparameter", - label="JSON Parameters", - names=("jsonparameter", "jsonparam", "json"), - typerolename="obj", - typenames=("jsonparamtype", "jsontype"), - ), - TypedField( - "queryparameter", - label="Query Parameters", - names=("queryparameter", "queryparam", "qparam", "query"), - typerolename="obj", - typenames=("queryparamtype", "querytype", "qtype"), - ), - GroupedField( - "formparameter", - label="Form Parameters", - names=("formparameter", "formparam", "fparam", "form"), - ), - GroupedField( - "requestheader", - label="Request Headers", - rolename="mailheader", - names=("reqheader", "requestheader"), - ), - GroupedField( - "responseheader", - label="Response Headers", - rolename="mailheader", - names=("resheader", "responseheader"), - ), - GroupedField( - "statuscode", - label="Status Codes", - rolename="statuscode", - names=("statuscode", "status", "code"), - ), - ] - - method = NotImplemented - - def handle_signature(self, sig, signode): - method = self.method.upper() + " " - signode += addnodes.desc_name(method, method) - offset = 0 - for match in http_sig_param_re.finditer(sig): - path = sig[offset : match.start()] - signode += addnodes.desc_name(path, path) - params = addnodes.desc_parameterlist() - typ = match.group("type") - if typ: - typ = typ + ": " - params += addnodes.desc_annotation(typ, typ) - name = match.group("name") - params += addnodes.desc_parameter(name, name) - signode += params - offset = match.end() - if offset < len(sig): - path = sig[offset : len(sig)] - signode += addnodes.desc_name(path, path) - fullname = self.method.upper() + " " + path - signode["method"] = self.method - signode["path"] = sig - signode["fullname"] = fullname - return (fullname, self.method, sig) - - def needs_arglist(self): - return False - - def add_target_and_index(self, name_cls, sig, signode): - signode["ids"].append(http_resource_anchor(*name_cls[1:])) - self.env.domaindata["http"][self.method][sig] = (self.env.docname, "") - - def get_index_text(self, modname, name): - return "" - - -class HTTPOptions(HTTPResource): - - method = "options" - - -class HTTPHead(HTTPResource): - - method = "head" - - -class HTTPPatch(HTTPResource): - - method = "patch" - - -class HTTPPost(HTTPResource): - - method = "post" - - -class HTTPGet(HTTPResource): - - method = "get" - - -class HTTPPut(HTTPResource): - - method = "put" - - -class HTTPDelete(HTTPResource): - - method = "delete" - - -class HTTPTrace(HTTPResource): - - method = "trace" - - -def http_statuscode_role(name, rawtext, text, lineno, inliner, options={}, content=[]): - if text.isdigit(): - code = int(text) - try: - status = HTTP_STATUS_CODES[code] - except KeyError: - msg = inliner.reporter.error( - "%d is invalid HTTP status code" % code, lineno=lineno - ) - prb = inliner.problematic(rawtext, rawtext, msg) - return [prb], [msg] - else: - try: - code, status = re.split(r"\s", text.strip(), 1) - code = int(code) - except ValueError: - msg = inliner.reporter.error( - "HTTP status code must be an integer (e.g. `200`) or " - "start with an integer (e.g. `200 OK`); %r is invalid" % text, - line=lineno, - ) - prb = inliner.problematic(rawtext, rawtext, msg) - return [prb], [msg] - nodes.reference(rawtext) - if code == 226: - url = "http://www.ietf.org/rfc/rfc3229.txt" - if code == 418: - url = "http://www.ietf.org/rfc/rfc2324.txt" - if code == 449: - url = "http://msdn.microsoft.com/en-us/library/dd891478(v=prot.10).aspx" - elif code in HTTP_STATUS_CODES: - url = ( - "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10." - + "%d.%d" % (code // 100, 1 + code % 100) - ) - else: - url = "" - set_classes(options) - node = nodes.reference(rawtext, "%d %s" % (code, status), refuri=url, **options) - return [node], [] - - -def http_method_role(name, rawtext, text, lineno, inliner, options={}, content=[]): - method = str(text).lower() - if method not in DOCREFS: - msg = inliner.reporter.error( - "%s is not valid HTTP method" % method, lineno=lineno - ) - prb = inliner.problematic(rawtext, rawtext, msg) - return [prb], [msg] - url = str(DOCREFS[method]) - node = nodes.reference(rawtext, method.upper(), refuri=url, **options) - return [node], [] - - -class HTTPXRefRole(XRefRole): - def __init__(self, method, **kwargs): - XRefRole.__init__(self, **kwargs) - self.method = method - - def process_link(self, env, refnode, has_explicit_title, title, target): - if not target.startswith("/"): - pass - if not has_explicit_title: - title = self.method.upper() + " " + title - return title, target - - -class HTTPIndex(Index): - - name = "routingtable" - localname = "HTTP Routing Table" - shortname = "routing table" - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - - self.ignore = [ - [l for l in x.split("/") if l] - for x in self.domain.env.config["http_index_ignore_prefixes"] - ] - self.ignore.sort(key=lambda x: -len(x)) - - def grouping_prefix(self, path): - letters = [x for x in path.split("/") if x] - for prefix in self.ignore: - if letters[: len(prefix)] == prefix: - return "/" + "/".join(letters[: len(prefix) + 1]) - return "/{}".format(letters[0] if letters else "") - - def generate(self, docnames=None): - content = {} - items = ( - (method, path, info) - for method, routes in self.domain.routes.items() - for path, info in routes.items() - ) - items = sorted(items, key=lambda item: item[1]) - for method, path, info in items: - entries = content.setdefault(self.grouping_prefix(path), []) - entries.append( - [ - method.upper() + " " + path, - 0, - info[0], - http_resource_anchor(method, path), - "", - "", - info[1], - ] - ) - content = sorted(content.items(), key=lambda k: k[0]) - return (content, True) - - -class HTTPDomain(Domain): - """HTTP domain.""" - - name = "http" - label = "HTTP" - - object_types = { - "options": ObjType("options", "options", "obj"), - "head": ObjType("head", "head", "obj"), - "post": ObjType("post", "post", "obj"), - "get": ObjType("get", "get", "obj"), - "put": ObjType("put", "put", "obj"), - "patch": ObjType("patch", "patch", "obj"), - "delete": ObjType("delete", "delete", "obj"), - "trace": ObjType("trace", "trace", "obj"), - } - - directives = { - "options": HTTPOptions, - "head": HTTPHead, - "post": HTTPPost, - "get": HTTPGet, - "put": HTTPPut, - "patch": HTTPPatch, - "delete": HTTPDelete, - "trace": HTTPTrace, - } - - roles = { - "options": HTTPXRefRole("options"), - "head": HTTPXRefRole("head"), - "post": HTTPXRefRole("post"), - "get": HTTPXRefRole("get"), - "put": HTTPXRefRole("put"), - "patch": HTTPXRefRole("patch"), - "delete": HTTPXRefRole("delete"), - "trace": HTTPXRefRole("trace"), - "statuscode": http_statuscode_role, - "method": http_method_role, - } - - initial_data = { - "options": {}, # path: (docname, synopsis) - "head": {}, - "post": {}, - "get": {}, - "put": {}, - "patch": {}, - "delete": {}, - "trace": {}, - } - - # indices = [HTTPIndex] - indices = [] - - @property - def routes(self): - return {key: self.data[key] for key in self.object_types} - - def clear_doc(self, docname): - for typ, routes in self.routes.items(): - for path, info in list(routes.items()): - if info[0] == docname: - del routes[path] - - def resolve_xref(self, env, fromdocname, builder, typ, target, node, contnode): - try: - info = self.data[str(typ)][target] - except KeyError: - return - else: - anchor = http_resource_anchor(typ, target) - title = typ.upper() + " " + target - return make_refnode(builder, fromdocname, info[0], anchor, contnode, title) - - def get_objects(self): - for method, routes in self.routes.items(): - for path, info in routes.items(): - anchor = http_resource_anchor(method, path) - yield (path, path, method, info[0], anchor, 1) - - -class HTTPLexer(RegexLexer): - """Lexer for HTTP sessions.""" - - name = "HTTP" - aliases = ["http"] - - flags = re.DOTALL - - def header_callback(self, match): - if match.group(1).lower() == "content-type": - content_type = match.group(5).strip() - if ";" in content_type: - content_type = content_type[: content_type.find(";")].strip() - self.content_type = content_type - yield match.start(1), Name.Attribute, match.group(1) - yield match.start(2), Text, match.group(2) - yield match.start(3), Operator, match.group(3) - yield match.start(4), Text, match.group(4) - yield match.start(5), Literal, match.group(5) - yield match.start(6), Text, match.group(6) - - def continuous_header_callback(self, match): - yield match.start(1), Text, match.group(1) - yield match.start(2), Literal, match.group(2) - yield match.start(3), Text, match.group(3) - - def content_callback(self, match): - content_type = getattr(self, "content_type", None) - content = match.group() - offset = match.start() - if content_type: - from pygments.lexers import get_lexer_for_mimetype - - try: - lexer = get_lexer_for_mimetype(content_type) - except ClassNotFound: - pass - else: - for idx, token, value in lexer.get_tokens_unprocessed(content): - yield offset + idx, token, value - return - yield offset, Text, content - - tokens = { - "root": [ - ( - r"(GET|POST|PUT|PATCH|DELETE|HEAD|OPTIONS|TRACE)( +)([^ ]+)( +)" - r"(HTTPS?)(/)(1\.[01])(\r?\n|$)", - bygroups( - Name.Function, - Text, - Name.Namespace, - Text, - Keyword.Reserved, - Operator, - Number, - Text, - ), - "headers", - ), - ( - r"(HTTPS?)(/)(1\.[01])( +)(\d{3})( +)([^\r\n]+)(\r?\n|$)", - bygroups( - Keyword.Reserved, - Operator, - Number, - Text, - Number, - Text, - Name.Exception, - Text, - ), - "headers", - ), - ], - "headers": [ - (r"([^\s:]+)( *)(:)( *)([^\r\n]+)(\r?\n|$)", header_callback), - (r"([\t ]+)([^\r\n]+)(\r?\n|$)", continuous_header_callback), - (r"\r?\n", Text, "content"), - ], - "content": [(r".+", content_callback)], - } - - -def setup(app): - app.add_domain(HTTPDomain) - try: - get_lexer_by_name("http") - except ClassNotFound: - app.add_lexer("http", HTTPLexer()) - app.add_config_value("http_index_ignore_prefixes", [], None) diff --git a/doc/_ext/saltdomain.py b/doc/_ext/saltdomain.py index 03db0f1905d..9810ae4c31a 100644 --- a/doc/_ext/saltdomain.py +++ b/doc/_ext/saltdomain.py @@ -2,7 +2,6 @@ import os import re -import salt from docutils import nodes from docutils.parsers.rst import Directive from docutils.statemachine import ViewList @@ -14,6 +13,8 @@ from sphinx.roles import XRefRole from sphinx.util.nodes import make_refnode, nested_parse_with_titles, set_source_info +import salt + class Event(PyObject): """ @@ -316,3 +317,4 @@ def setup(app): rolename="jinja_ref", indextemplate="pair: %s; jinja filters", ) + return dict(parallel_read_safe=True, parallel_write_safe=True) diff --git a/doc/_ext/shorturls.py b/doc/_ext/shorturls.py deleted file mode 100644 index 36fa12cf8b3..00000000000 --- a/doc/_ext/shorturls.py +++ /dev/null @@ -1,24 +0,0 @@ -""" -Short-URL redirects -""" -import json -import os - -import sphinx.ext.intersphinx - -DOCS_URL = "https://docs.saltproject.io/en/latest/" - - -def write_urls_index(app, exc): - """ - Generate a JSON file to serve as an index for short-URL lookups - """ - inventory = os.path.join(app.builder.outdir, "objects.inv") - objects = sphinx.ext.intersphinx.fetch_inventory(app, DOCS_URL, inventory) - - with open(os.path.join(app.builder.outdir, "shorturls.json"), "w") as f: - json.dump(objects, f) - - -def setup(app): - app.connect("build-finished", write_urls_index) diff --git a/doc/_ext/youtube.py b/doc/_ext/youtube.py deleted file mode 100644 index 9603a326b7a..00000000000 --- a/doc/_ext/youtube.py +++ /dev/null @@ -1,150 +0,0 @@ -#!/usr/bin/env python - -# Taken from sphinx-contrib -# https://bitbucket.org/birkenfeld/sphinx-contrib/src/a3d904f8ab24/youtube - -# If not otherwise noted, the extensions in this package are licensed -# under the following license. -# -# Copyright (c) 2009 by the contributors (see AUTHORS file). -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -import re - -from docutils import nodes -from docutils.parsers.rst import directives - -try: - from sphinx.util.compat import Directive -except ImportError: - from docutils.parsers.rst import Directive - -CONTROL_HEIGHT = 30 - - -def get_size(d, key): - if key not in d: - return None - m = re.match(r"(\d+)(|%|px)$", d[key]) - if not m: - raise ValueError("invalid size %r" % d[key]) - return int(m.group(1)), m.group(2) or "px" - - -def css(d): - return "; ".join(sorted("%s: %s" % kv for kv in d.iteritems())) - - -class youtube(nodes.General, nodes.Element): - pass - - -def visit_youtube_node(self, node): - aspect = node["aspect"] - width = node["width"] - height = node["height"] - - if aspect is None: - aspect = 16, 9 - - if (height is None) and (width is not None) and (width[1] == "%"): - style = { - "padding-top": "%dpx" % CONTROL_HEIGHT, - "padding-bottom": "%f%%" % (width[0] * aspect[1] / aspect[0]), - "width": "%d%s" % width, - "position": "relative", - } - self.body.append(self.starttag(node, "div", style=css(style))) - style = { - "position": "absolute", - "top": "0", - "left": "0", - "width": "100%", - "height": "100%", - "border": "0", - } - attrs = { - "src": "http://www.youtube.com/embed/%s" % node["id"], - "style": css(style), - } - self.body.append(self.starttag(node, "iframe", **attrs)) - self.body.append("") - else: - if width is None: - if height is None: - width = 560, "px" - else: - width = height[0] * aspect[0] / aspect[1], "px" - if height is None: - height = width[0] * aspect[1] / aspect[0], "px" - style = { - "width": "%d%s" % width, - "height": "%d%s" % (height[0] + CONTROL_HEIGHT, height[1]), - "border": "0", - } - attrs = { - "src": "http://www.youtube.com/embed/%s" % node["id"], - "style": css(style), - } - self.body.append(self.starttag(node, "iframe", **attrs)) - self.body.append("") - - -def depart_youtube_node(self, node): - pass - - -class YouTube(Directive): - has_content = True - required_arguments = 1 - optional_arguments = 0 - final_argument_whitespace = False - option_spec = { - "width": directives.unchanged, - "height": directives.unchanged, - "aspect": directives.unchanged, - } - - def run(self): - if "aspect" in self.options: - aspect = self.options.get("aspect") - m = re.match(r"(\d+):(\d+)", aspect) - if m is None: - raise ValueError("invalid aspect ratio %r" % aspect) - aspect = tuple(int(x) for x in m.groups()) - else: - aspect = None - width = get_size(self.options, "width") - height = get_size(self.options, "height") - return [ - youtube(id=self.arguments[0], aspect=aspect, width=width, height=height) - ] - - -def setup(app): - app.add_node(youtube, html=(visit_youtube_node, depart_youtube_node)) - app.add_directive("youtube", YouTube) diff --git a/doc/_incl/extend_with_require_watch.rst b/doc/_incl/extend_with_require_watch.rst index 9491b727129..3f22ebada94 100644 --- a/doc/_incl/extend_with_require_watch.rst +++ b/doc/_incl/extend_with_require_watch.rst @@ -1,4 +1,4 @@ .. admonition:: Using extend with require or watch The ``extend`` statement works differently for ``require`` or ``watch``. - It appends to, rather than replacing the requisite component. \ No newline at end of file + It appends to, rather than replacing the requisite component. diff --git a/doc/_incl/grains_passwords.rst b/doc/_incl/grains_passwords.rst index 3958683431e..5548ca03757 100644 --- a/doc/_incl/grains_passwords.rst +++ b/doc/_incl/grains_passwords.rst @@ -3,4 +3,4 @@ Grains can be set by users that have access to the minion configuration files on the local system, making them less secure than other identifiers in Salt. Avoid storing sensitive data, such as passwords or keys, on minions. Instead, make - use of :ref:`pillar` and/or :ref:`sdb`. \ No newline at end of file + use of :ref:`pillar` and/or :ref:`sdb`. diff --git a/doc/_incl/jinja_security.rst b/doc/_incl/jinja_security.rst index e9ecf7542a0..e8edd635e04 100644 --- a/doc/_incl/jinja_security.rst +++ b/doc/_incl/jinja_security.rst @@ -3,4 +3,4 @@ :ref:`Jinja ` supports a `secure, sandboxed template execution environment `__ that Salt takes advantage of. Other text :ref:`renderers` do not support this - functionality, so Salt highly recommends usage of ``jinja`` / ``jinja|yaml``. \ No newline at end of file + functionality, so Salt highly recommends usage of ``jinja`` / ``jinja|yaml``. diff --git a/doc/_incl/requisite_incl.rst b/doc/_incl/requisite_incl.rst index fd5e75d54a4..b478527d6b1 100644 --- a/doc/_incl/requisite_incl.rst +++ b/doc/_incl/requisite_incl.rst @@ -1,9 +1,10 @@ **Before continuing** make sure you have a working Salt installation by -following the :ref:`installation` and the -:ref:`configuration ` instructions. +following the instructions in the +`Salt install guide `_. .. admonition:: Stuck? - There are many ways to :ref:`salt-community` including our - `mailing list `_ - and our `IRC channel `_ #salt. + The Salt Project community can help offer advice and help troubleshoot + technical issues as you're learning about Salt. One of the best places to + talk to the community is on the + `Salt Project Slack workspace `_. diff --git a/doc/_templates/autosummary.rst.tmpl b/doc/_templates/autosummary.rst.tmpl index 32ee30879c0..e70b361fdd0 100644 --- a/doc/_templates/autosummary.rst.tmpl +++ b/doc/_templates/autosummary.rst.tmpl @@ -3,4 +3,4 @@ {{ underline }} .. automodule:: {{ fullname }} - :members: \ No newline at end of file + :members: diff --git a/doc/_themes/saltstack2/layout.html b/doc/_themes/saltstack2/layout.html index fad70e008e6..04bff89e1fb 100644 --- a/doc/_themes/saltstack2/layout.html +++ b/doc/_themes/saltstack2/layout.html @@ -158,7 +158,7 @@