diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/build_test.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/codeql.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/coverity.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/development_freeze.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/differential-shellcheck.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/gather-pr-metadata.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/issue_labeler.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/labeler.yml | 4 | ||||
| -rw-r--r-- | .github/workflows/linter.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/mkosi.yml | 304 | ||||
| -rw-r--r-- | .github/workflows/scorecards.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/unit_tests.yml | 2 |
12 files changed, 172 insertions, 156 deletions
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 164b3a0..284a284 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -33,6 +33,6 @@ jobs: env: ${{ matrix.env }} steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Build check run: .github/workflows/build_test.sh diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0d284f7..4065cae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index ad7a5d2..06f4f5f 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -22,7 +22,7 @@ jobs: COVERITY_SCAN_NOTIFICATION_EMAIL: "${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}" steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # Reuse the setup phase of the unit test script to avoid code duplication - name: Install build dependencies run: sudo -E .github/workflows/unit_tests.sh SETUP diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml index c2360a3..becbbdc 100644 --- a/.github/workflows/development_freeze.yml +++ b/.github/workflows/development_freeze.yml @@ -30,7 +30,7 @@ jobs: name: Pull Request Metadata - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index 244f5d5..68c2c72 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: fetch-depth: 0 diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml index e4a0caf..633cca1 100644 --- a/.github/workflows/gather-pr-metadata.yml +++ b/.github/workflows/gather-pr-metadata.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - id: metadata name: Gather Pull Request Metadata diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml index 4bedf0d..fb26d4f 100644 --- a/.github/workflows/issue_labeler.yml +++ b/.github/workflows/issue_labeler.yml @@ -20,7 +20,7 @@ jobs: template: [ bug_report.yml, feature_request.yml ] steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Parse issue form uses: stefanbuck/github-issue-parser@1e5bdee70d4b3e066a33aa0669ab782943825f94 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 241b581..2058d22 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -30,12 +30,12 @@ jobs: steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 if: github.event_name == 'pull_request' - name: Label PR based on policy in labeler.yml uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 - if: startsWith(github.event_name, 'pull_request') && github.event.action != 'closed' + if: startsWith(github.event_name, 'pull_request') && github.base_ref == 'main' && github.event.action != 'closed' with: repo-token: "${{ secrets.GITHUB_TOKEN }}" configuration-path: .github/labeler.yml diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index cf0bc09..b66720a 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Repo checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: # We need a full repo clone fetch-depth: 0 diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index 425d737..d76a935 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -10,36 +10,36 @@ on: - main - v[0-9]+-stable paths: - - '**' - - '!README*' - - '!LICENSE*' - - '!LICENSES/**' - - '!TODO' - - '!docs/**' - - '!man/**' - - '!catalog/**' - - '!shell-completion/**' - - '!po/**' - - '!.**' - - '.github/**' + - "**" + - "!README*" + - "!LICENSE*" + - "!LICENSES/**" + - "!TODO" + - "!docs/**" + - "!man/**" + - "!catalog/**" + - "!shell-completion/**" + - "!po/**" + - "!.**" + - ".github/**" pull_request: branches: - main - v[0-9]+-stable paths: - - '**' - - '!README*' - - '!LICENSE*' - - '!LICENSES/**' - - '!TODO' - - '!docs/**' - - '!man/**' - - '!catalog/**' - - '!shell-completion/**' - - '!po/**' - - '!.**' - - '.github/**' + - "**" + - "!README*" + - "!LICENSE*" + - "!LICENSES/**" + - "!TODO" + - "!docs/**" + - "!man/**" + - "!catalog/**" + - "!shell-completion/**" + - "!po/**" + - "!.**" + - ".github/**" permissions: contents: read @@ -59,155 +59,171 @@ jobs: sanitizers: "" llvm: 0 cflags: "-O2 -D_FORTIFY_SOURCE=3" + relabel: no - distro: debian release: testing sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: ubuntu release: noble sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: fedora release: "40" sanitizers: "" llvm: 0 cflags: "-Og" + relabel: yes - distro: fedora release: rawhide sanitizers: address,undefined llvm: 1 cflags: "-Og" + relabel: yes - distro: opensuse release: tumbleweed sanitizers: "" llvm: 0 cflags: "-Og" + relabel: no - distro: centos release: "9" sanitizers: "" llvm: 0 cflags: "-Og" + relabel: yes + - distro: centos + release: "10" + sanitizers: "" + llvm: 0 + cflags: "-Og" + relabel: yes steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - - uses: systemd/mkosi@0081ea66faf56a35353d6aeadfe42f9679c7d1cf - - # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space - # immediately, we remove the files in the background. However, we first move them to a different location - # so that nothing tries to use anything in these directories anymore while we're busy deleting them. - - name: Free disk space - run: | - sudo mv /usr/local /usr/local.trash - sudo mv /opt/hostedtoolcache /opt/hostedtoolcache.trash - sudo systemd-run rm -rf /usr/local.trash /opt/hostedtoolcache.trash - - - name: Btrfs - run: | - truncate --size=100G btrfs.raw - mkfs.btrfs btrfs.raw - sudo mkdir /mnt/mkosi - LOOP="$(sudo losetup --find --show --direct-io=on btrfs.raw)" - sudo mount "$LOOP" /mnt/mkosi --options compress=zstd:1,user_subvol_rm_allowed,noatime,discard=async,space_cache=v2 - sudo chown "$(id -u):$(id -g)" /mnt/mkosi - mkdir /mnt/mkosi/tmp - echo "TMPDIR=/mnt/mkosi/tmp" >>"$GITHUB_ENV" - ln -s /mnt/mkosi/build build - - - name: Configure - run: | - tee mkosi.local.conf <<EOF - [Distribution] - Distribution=${{ matrix.distro }} - Release=${{ matrix.release }} - - [Output] - # Build a disk image in CI as this logic is much more prone to breakage. - Format=disk - UseSubvolumes=yes - - WorkspaceDirectory=$TMPDIR - PackageCacheDirectory=$TMPDIR/cache - - [Content] - Environment= - # Build debuginfo packages since we'll be publishing the packages as artifacts. - WITH_DEBUG=1 - CFLAGS="${{ matrix.cflags }}" - SANITIZERS=${{ matrix.sanitizers }} - MESON_OPTIONS=--werror - LLVM=${{ matrix.llvm }} - - [Host] - QemuMem=4G - # We build with debuginfo so there's no point in mounting the sources into the machine. - RuntimeBuildSources=no - EOF - - - name: Generate secure boot key - run: mkosi --debug genkey - - - name: Show image summary - run: mkosi summary - - - name: Install dependencies - run: | - mkosi dependencies | - xargs -d '\n' sudo apt-get install \ - gperf \ - libblkid-dev \ - libcap-dev \ - libcryptsetup-dev \ - libcurl4-openssl-dev \ - libfdisk-dev \ - libmicrohttpd-dev \ - libmount-dev \ - libtss2-dev \ - meson - - - name: Configure meson - run: | - meson setup build \ - --buildtype=debugoptimized \ - -Dintegration-tests=true \ - -Dremote=enabled \ - -Dopenssl=enabled \ - -Dblkid=enabled \ - -Dtpm2=enabled \ - -Dlibcryptsetup=enabled \ - -Dlibcurl=enabled \ - -Drepart=enabled \ - -Dfirstboot=true \ - -Dsysusers=true \ - -Dtmpfiles=true \ - -Dhwdb=true \ - -Dvmspawn=enabled - - - name: Build image - run: meson compile -C build mkosi - - - name: Run integration tests - run: sudo --preserve-env meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))" - - - name: Archive failed test journals - uses: actions/upload-artifact@v4 - if: failure() && (github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable') - with: - name: ci-mkosi-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.distro }}-${{ matrix.release }}-failed-test-journals - path: | - build/test/journal/*.journal - build/meson-logs/* - retention-days: 7 - - - name: Archive packages - uses: actions/upload-artifact@v4 - if: (success() || failure()) && (github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable') - with: - name: ci-mkosi-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.distro }}-${{ matrix.release }}-packages - path: | - build/mkosi.output/*.rpm - build/mkosi.output/*.deb - build/mkosi.output/*.ddeb - build/mkosi.output/*.pkg.tar - retention-days: 4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: systemd/mkosi@31b4e756c1484c302435653da5d3b9bdfae38518 + + # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space + # immediately, we remove the files in the background. However, we first move them to a different location + # so that nothing tries to use anything in these directories anymore while we're busy deleting them. + - name: Free disk space + run: | + sudo mv /usr/local /usr/local.trash + sudo mv /opt/hostedtoolcache /opt/hostedtoolcache.trash + sudo systemd-run rm -rf /usr/local.trash /opt/hostedtoolcache.trash + + - name: Btrfs + run: | + truncate --size=100G btrfs.raw + mkfs.btrfs btrfs.raw + sudo mkdir /mnt/mkosi + LOOP="$(sudo losetup --find --show --direct-io=on btrfs.raw)" + sudo mount "$LOOP" /mnt/mkosi --options compress=zstd:1,user_subvol_rm_allowed,noatime,discard=async,space_cache=v2 + sudo chown "$(id -u):$(id -g)" /mnt/mkosi + mkdir /mnt/mkosi/tmp + echo "TMPDIR=/mnt/mkosi/tmp" >>"$GITHUB_ENV" + ln -s /mnt/mkosi/build build + + - name: Configure + run: | + # XXX: drop after the HyperV bug that breaks secure boot KVM guests is solved + sed -i "s/'firmware'\s*:\s*'auto'/'firmware' : 'uefi'/g" test/*/meson.build + tee mkosi.local.conf <<EOF + [Distribution] + Distribution=${{ matrix.distro }} + Release=${{ matrix.release }} + + [Output] + # Build a disk image in CI as this logic is much more prone to breakage. + Format=disk + UseSubvolumes=yes + + WorkspaceDirectory=$TMPDIR + PackageCacheDirectory=$TMPDIR/cache + + [Content] + Environment= + # Build debuginfo packages since we'll be publishing the packages as artifacts. + WITH_DEBUG=1 + CFLAGS="${{ matrix.cflags }}" + SANITIZERS=${{ matrix.sanitizers }} + MESON_OPTIONS=--werror + LLVM=${{ matrix.llvm }} + SYSEXT=1 + + SELinuxRelabel=${{ matrix.relabel }} + + [Host] + QemuMem=4G + EOF + + - name: Generate secure boot key + run: mkosi --debug genkey + + - name: Show image summary + run: mkosi summary + + - name: Install dependencies + run: | + mkosi dependencies | + xargs -d '\n' sudo apt-get install \ + gperf \ + libblkid-dev \ + libcap-dev \ + libcryptsetup-dev \ + libcurl4-openssl-dev \ + libfdisk-dev \ + libmicrohttpd-dev \ + libmount-dev \ + libtss2-dev \ + meson + + - name: Configure meson + run: | + meson setup build \ + --buildtype=debugoptimized \ + -Dintegration-tests=true \ + -Dremote=enabled \ + -Dopenssl=enabled \ + -Dblkid=enabled \ + -Dtpm2=enabled \ + -Dlibcryptsetup=enabled \ + -Dlibcurl=enabled \ + -Drepart=enabled \ + -Dfirstboot=true \ + -Dsysusers=true \ + -Dtmpfiles=true \ + -Dhwdb=true \ + -Dvmspawn=enabled + + - name: Build image + run: sudo meson compile -C build mkosi + + - name: Run integration tests + run: sudo --preserve-env meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))" + + - name: Archive failed test journals + uses: actions/upload-artifact@v4 + if: failure() && (github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable') + with: + name: ci-mkosi-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.distro }}-${{ matrix.release }}-failed-test-journals + path: | + build/test/journal/*.journal + build/meson-logs/* + retention-days: 7 + + - name: Archive packages + uses: actions/upload-artifact@v4 + if: (success() || failure()) && (github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable') + with: + name: ci-mkosi-${{ github.run_id }}-${{ github.run_attempt }}-${{ matrix.distro }}-${{ matrix.release }}-packages + path: | + build/mkosi.output/*.rpm + build/mkosi.output/*.deb + build/mkosi.output/*.ddeb + build/mkosi.output/*.pkg.tar + retention-days: 4 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 44ee6f1..c7bd6c4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 895068c..a83b485 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -30,7 +30,7 @@ jobs: cryptolib: gcrypt steps: - name: Repository checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Install build dependencies run: | # Drop XDG_* stuff from /etc/environment, so we don't get the user |