summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/add-to-project.yml4
-rw-r--r--.github/workflows/build.yml87
-rw-r--r--.github/workflows/codeql.yml117
-rw-r--r--.github/workflows/packaging.yml11
-rw-r--r--.github/workflows/review.yml23
-rw-r--r--.github/workflows/tests.yml56
6 files changed, 223 insertions, 75 deletions
diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml
index ae58cfce2..a80d8b41d 100644
--- a/.github/workflows/add-to-project.yml
+++ b/.github/workflows/add-to-project.yml
@@ -13,13 +13,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Add issues to Agent project board
- uses: actions/add-to-project@v0.3.0
+ uses: actions/add-to-project@v0.4.0
with:
project-url: https://github.com/orgs/netdata/projects/32
github-token: ${{ secrets.NETDATABOT_ORG_GITHUB_TOKEN }}
- name: Add issues to Product Bug project board
- uses: actions/add-to-project@v0.3.0
+ uses: actions/add-to-project@v0.4.0
with:
project-url: https://github.com/orgs/netdata/projects/45
github-token: ${{ secrets.NETDATABOT_ORG_GITHUB_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 26849312f..53f1590f8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -670,16 +670,18 @@ jobs:
with:
name: final-artifacts
path: final-artifacts
- - name: Setup Gcloud
- id: gcloud
- uses: google-github-actions/setup-gcloud@v0.6.0
+ - name: Authenticate to GCS
+ id: gcs-auth
+ uses: google-github-actions/auth@v1
with:
project_id: ${{ secrets.GCP_NIGHTLY_STORAGE_PROJECT }}
- service_account_key: ${{ secrets.GCP_STORAGE_SERVICE_ACCOUNT_KEY }}
- export_default_credentials: true
+ credentials_json: ${{ secrets.GCS_STORAGE_SERVICE_KEY_JSON }}
+ - name: Setup GCS
+ id: gcs-setup
+ uses: google-github-actions/setup-gcloud@v1.0.1
- name: Upload Artifacts
id: upload
- uses: google-github-actions/upload-cloud-storage@v0.10.2
+ uses: google-github-actions/upload-cloud-storage@v1.0.0
with:
destination: ${{ secrets.GCP_NIGHTLY_STORAGE_BUCKET }}
gzip: false
@@ -696,7 +698,8 @@ jobs:
SLACK_MESSAGE: |-
${{ github.repository }}: Failed to upload nightly release artifacts.
Fetch artifacts: ${{ steps.fetch.outcome }}
- Setup GCloud: ${{ steps.gcloud.outcome }}
+ Authenticatie GCS: ${{ steps.gcs-auth.outcome }}
+ Setup GCS: ${{ steps.gcs-setup.outcome }}
Upload artifacts: ${{ steps.upload.outcome }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
if: >-
@@ -706,6 +709,76 @@ jobs:
&& github.event_name != 'pull_request'
}}
+ create-nightly: # Create a nightly build release in netdata/netdata-nightlies
+ name: Create Nightly Release
+ runs-on: ubuntu-latest
+ if: github.event_name == 'workflow_dispatch' && github.event.inputs.type == 'nightly' && github.repository == 'netdata/netdata'
+ needs:
+ - updater-check
+ - source-build
+ - artifact-verification-dist
+ - artifact-verification-static
+ steps:
+ - name: Checkout Main Repo
+ id: checkout-main
+ uses: actions/checkout@v3
+ with:
+ path: main
+ - name: Checkout Nightly Repo
+ id: checkout-nightly
+ uses: actions/checkout@v3
+ with:
+ repository: netdata/netdata-nightlies
+ path: nightlies
+ token: ${{ secrets.NETDATABOT_GITHUB_TOKEN }}
+ - name: Retrieve Artifacts
+ id: fetch
+ uses: actions/download-artifact@v3
+ with:
+ name: final-artifacts
+ path: final-artifacts
+ - name: Prepare version info
+ id: version
+ run: |
+ # shellcheck disable=SC2129
+ echo "version=$(cat main/packaging/version)" >> "${GITHUB_OUTPUT}"
+ echo "commit=$(cd nightlies && git rev-parse HEAD)" >> "${GITHUB_OUTPUT}"
+ echo "date=$(date +%F)" >> "${GITHUB_OUTPUT}"
+ - name: Create Release
+ id: create-release
+ uses: ncipollo/release-action@v1
+ with:
+ allowUpdates: false
+ artifactErrorsFailBuild: true
+ artifacts: 'final-artifacts/sha256sums.txt,final-artifacts/netdata-*.tar.gz,final-artifacts/netdata-*.gz.run'
+ owner: netdata
+ repo: netdata-nightlies
+ body: Netdata nightly build for ${{ steps.version.outputs.date }}.
+ commit: ${{ steps.version.outputs.commit }}
+ tag: ${{ steps.version.outputs.version }}
+ token: ${{ secrets.NETDATABOT_GITHUB_TOKEN }}
+ - name: Failure Notification
+ uses: rtCamp/action-slack-notify@v2
+ env:
+ SLACK_COLOR: 'danger'
+ SLACK_FOOTER: ''
+ SLACK_ICON_EMOJI: ':github-actions:'
+ SLACK_TITLE: 'Failed to draft release:'
+ SLACK_USERNAME: 'GitHub Actions'
+ SLACK_MESSAGE: |-
+ ${{ github.repository }}: Failed to create nightly release or attach artifacts.
+ Checkout netdata/netdata: ${{ steps.checkout-main.outcome }}
+ Checkout netdata/netdata-nightlies: ${{ steps.checkout-nightly.outcome }}
+ Fetch artifacts: ${{ steps.fetch.outcome }}
+ Prepare version info: ${{ steps.version.outcome }}
+ Create release: ${{ steps.create-release.outcome }}
+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+ if: >-
+ ${{
+ failure()
+ && github.event_name == 'workflow_dispatch'
+ }}
+
normalize-tag: # Fix the release tag if needed
name: Normalize Release Tag
runs-on: ubuntu-latest
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000..021376a2d
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,117 @@
+---
+# Run CodeQL to analyze C/C++ and Python code.
+name: CodeQL
+on:
+ pull_request:
+ types: [opened, reopened, labeled, synchronize]
+ branches: [master]
+ push:
+ branches: [master]
+ schedule:
+ - cron: "27 2 * * 1"
+env:
+ DISABLE_TELEMETRY: 1
+concurrency:
+ group: codeql-${{ github.ref }}
+ cancel-in-progress: true
+jobs:
+ prepare:
+ name: Prepare Jobs
+ runs-on: ubuntu-latest
+ outputs:
+ cpp: ${{ steps.cpp.outputs.run }}
+ python: ${{ steps.python.outputs.run }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout@v3
+ with:
+ submodules: recursive
+ fetch-depth: 0
+ - name: Check if we should always run
+ id: always
+ run: |
+ if [ "${{ github.event_name }}" = "pull_request" ]; then
+ if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/codeql') }}" = "true" ]; then
+ echo '::set-output name=run::true'
+ echo '::notice::Found ci/codeql label, unconditionally running all CodeQL checks.'
+ else
+ echo '::set-output name=run::false'
+ fi
+ else
+ echo '::set-output name=run::true'
+ fi
+ - name: Check for C/C++ changes
+ id: cpp
+ run: |
+ if [ "${{ steps.always.outputs.run }}" = "false" ]; then
+ if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.[ch](xx|\+\+)?' ; then
+ echo '::set-output name=run::true'
+ echo '::notice::C/C++ code has changed, need to run CodeQL.'
+ else
+ echo '::set-output name=run::false'
+ fi
+ else
+ echo '::set-output name=run::true'
+ fi
+ - name: Check for python changes
+ id: python
+ run: |
+ if [ "${{ steps.always.outputs.run }}" = "false" ]; then
+ if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq 'collectors/python.d.plugin/.*\.py' ; then
+ echo '::set-output name=run::true'
+ echo '::notice::Python code has changed, need to run CodeQL.'
+ else
+ echo '::set-output name=run::false'
+ fi
+ else
+ echo '::set-output name=run::true'
+ fi
+
+ analyze-cpp:
+ name: Analyze C/C++
+ runs-on: ubuntu-latest
+ needs: prepare
+ if: needs.prepare.outputs.cpp == 'true'
+ permissions:
+ security-events: write
+ steps:
+ - name: Git clone repository
+ uses: actions/checkout@v3
+ with:
+ submodules: recursive
+ fetch-depth: 0
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: cpp
+ - name: Prepare environment
+ run: ./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata
+ - name: Build netdata
+ run: ./netdata-installer.sh --dont-start-it --disable-telemetry --dont-wait --install /tmp/install --one-time-build
+ - name: Run CodeQL
+ uses: github/codeql-action/analyze@v2
+ with:
+ category: "/language:cpp"
+
+ analyze-python:
+ name: Analyze Python
+ runs-on: ubuntu-latest
+ needs: prepare
+ if: needs.prepare.outputs.python == 'true'
+ permissions:
+ security-events: write
+ steps:
+ - name: Git clone repository
+ uses: actions/checkout@v3
+ with:
+ submodules: recursive
+ fetch-depth: 0
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ config-file: ./.github/codeql/python-config.yml
+ languages: python
+ - name: Run CodeQL
+ uses: github/codeql-action/analyze@v2
+ with:
+ category: "/language:python"
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index ec4e42c00..ddd8356e4 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -3,9 +3,13 @@
name: Packages
on:
pull_request:
+ types:
+ - opened
+ - reopened
+ - labeled
+ - synchronize
branches:
- master
- - develop
push:
branches:
- master
@@ -45,9 +49,8 @@ jobs:
from ruamel.yaml import YAML
import json
import re
- FULL_CI_REGEX = '/actions run full ci'
+ import os
ALWAYS_RUN_ARCHES = ["amd64", "x86_64"]
- PR_BODY = """${{ github.event.pull_request.body }}"""
yaml = YAML(typ='safe')
entries = list()
run_limited = False
@@ -55,7 +58,7 @@ jobs:
with open('.github/data/distros.yml') as f:
data = yaml.load(f)
- if "${{ github.event_name }}" == "pull_request" and re.search(FULL_CI_REGEX, PR_BODY, re.I) is None:
+ if "${{ github.event_name }}" == "pull_request" and "${{ !contains(github.event.pull_request.labels.*.name, 'run-ci/packaging') }}":
run_limited = True
for i, v in enumerate(data['include']):
diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
index f631b929a..5679b246c 100644
--- a/.github/workflows/review.yml
+++ b/.github/workflows/review.yml
@@ -2,7 +2,8 @@
# Runs various ReviewDog based checks against PR with suggested changes to improve quality
name: Review
on:
- pull_request: null
+ pull_request:
+ types: [opened, reopened, labeled, synchronize]
env:
DISABLE_TELEMETRY: 1
concurrency:
@@ -27,7 +28,9 @@ jobs:
- name: Check files for actionlint
id: actionlint
run: |
- if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '\.github/workflows/.*' ; then
+ if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/actionlint') }}" = "true" ]; then
+ echo '::set-output name=run::true'
+ elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '\.github/workflows/.*' ; then
echo '::set-output name=run::true'
echo 'GitHub Actions workflows have changed, need to run actionlint.'
else
@@ -36,7 +39,9 @@ jobs:
- name: Check files for eslint
id: eslint
run: |
- if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -v "web/gui/dashboard" | grep -Eq '.*\.js|node\.d\.plugin\.in' ; then
+ if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/eslint') }}" = "true" ]; then
+ echo '::set-output name=run::true'
+ elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -v "web/gui/dashboard" | grep -Eq '.*\.js|node\.d\.plugin\.in' ; then
echo '::set-output name=run::true'
echo 'JS files have changed, need to run ESLint.'
else
@@ -45,7 +50,9 @@ jobs:
- name: Check files for hadolint
id: hadolint
run: |
- if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*Dockerfile.*' ; then
+ if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/hadolint') }}" = "true" ]; then
+ echo '::set-output name=run::true'
+ elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*Dockerfile.*' ; then
echo '::set-output name=run::true'
echo 'Dockerfiles have changed, need to run Hadolint.'
else
@@ -54,7 +61,9 @@ jobs:
- name: Check files for shellcheck
id: shellcheck
run: |
- if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.sh.*' ; then
+ if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/shellcheck') }}" = "true" ]; then
+ echo '::set-output name=run::true'
+ elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.sh.*' ; then
echo '::set-output name=run::true'
echo 'Shell scripts have changed, need to run shellcheck.'
else
@@ -63,7 +72,9 @@ jobs:
- name: Check files for yamllint
id: yamllint
run: |
- if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.ya?ml|python\.d/.*\.conf' ; then
+ if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/yamllint') }}" = "true" ]; then
+ echo '::set-output name=run::true'
+ elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.ya?ml|python\.d/.*\.conf' ; then
echo '::set-output name=run::true'
echo 'YAML files have changed, need to run yamllint.'
else
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 6272a6d68..d48386855 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -39,59 +39,3 @@ jobs:
CFLAGS: "-O1 -DNETDATA_INTERNAL_CHECKS=1 -DNETDATA_VERIFY_LOCKS=1"
run: |
./tests/run-unit-tests.sh
-
- unit-tests-cmocka:
- name: Unit Tests (cmocka)
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- with:
- submodules: recursive
- - name: Prepare environment
- run: |
- ./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata-all
- sudo apt-get install -y libjson-c-dev libipmimonitoring-dev libcups2-dev libsnappy-dev \
- libprotobuf-dev libprotoc-dev libssl-dev protobuf-compiler \
- libnetfilter-acct-dev libmongoc-dev libcmocka-dev libzstd-dev
- - name: Configure
- run: |
- autoreconf -ivf
- ./configure --disable-ml --disable-dependency-tracking
- # XXX: Work-around for bug with libbson-1.0 in Ubuntu 18.04
- # See: https://bugs.launchpad.net/ubuntu/+source/libmongoc/+bug/1790771
- # https://jira.mongodb.org/browse/CDRIVER-2818
- - name: Fix libbson
- run: |
- pushd /usr/lib || exit 1
- sudo ln -s /usr/include .
- popd || exit 1
- - name: Build
- run: |
- mkdir build-tmp
- cd build-tmp
- cmake \
- -D UNIT_TESTING=1 \
- -D BUILD_TESTING=1 \
- -D CMAKE_BUILD_TYPE="Debug" \
- -D BSON_LIBRARY=/usr/lib/x86_64-linux-gnu/libbson-1.0.so \
- -D MONGOC_LIBRARY=/usr/lib/x86_64-linux-gnu/libmongoc-1.0.so \
- ..
- make
- - name: Run ctest
- run: |
- cd build-tmp
- ctest
- - name: Prepare Artifacts
- if: always()
- run: |
- mkdir logs
- pushd build-tmp || exit 1
- find . -type f -name '*.log' -exec cp {} ../logs/ \;
- popd || exit 1
- - name: Upload Artifacts
- uses: actions/upload-artifact@v3
- if: always()
- with:
- name: logs
- path: logs