diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/add-to-project.yml | 4 | ||||
-rw-r--r-- | .github/workflows/build.yml | 87 | ||||
-rw-r--r-- | .github/workflows/codeql.yml | 117 | ||||
-rw-r--r-- | .github/workflows/packaging.yml | 11 | ||||
-rw-r--r-- | .github/workflows/review.yml | 23 | ||||
-rw-r--r-- | .github/workflows/tests.yml | 56 |
6 files changed, 223 insertions, 75 deletions
diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml index ae58cfce2..a80d8b41d 100644 --- a/.github/workflows/add-to-project.yml +++ b/.github/workflows/add-to-project.yml @@ -13,13 +13,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Add issues to Agent project board - uses: actions/add-to-project@v0.3.0 + uses: actions/add-to-project@v0.4.0 with: project-url: https://github.com/orgs/netdata/projects/32 github-token: ${{ secrets.NETDATABOT_ORG_GITHUB_TOKEN }} - name: Add issues to Product Bug project board - uses: actions/add-to-project@v0.3.0 + uses: actions/add-to-project@v0.4.0 with: project-url: https://github.com/orgs/netdata/projects/45 github-token: ${{ secrets.NETDATABOT_ORG_GITHUB_TOKEN }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 26849312f..53f1590f8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -670,16 +670,18 @@ jobs: with: name: final-artifacts path: final-artifacts - - name: Setup Gcloud - id: gcloud - uses: google-github-actions/setup-gcloud@v0.6.0 + - name: Authenticate to GCS + id: gcs-auth + uses: google-github-actions/auth@v1 with: project_id: ${{ secrets.GCP_NIGHTLY_STORAGE_PROJECT }} - service_account_key: ${{ secrets.GCP_STORAGE_SERVICE_ACCOUNT_KEY }} - export_default_credentials: true + credentials_json: ${{ secrets.GCS_STORAGE_SERVICE_KEY_JSON }} + - name: Setup GCS + id: gcs-setup + uses: google-github-actions/setup-gcloud@v1.0.1 - name: Upload Artifacts id: upload - uses: google-github-actions/upload-cloud-storage@v0.10.2 + uses: google-github-actions/upload-cloud-storage@v1.0.0 with: destination: ${{ secrets.GCP_NIGHTLY_STORAGE_BUCKET }} gzip: false @@ -696,7 +698,8 @@ jobs: SLACK_MESSAGE: |- ${{ github.repository }}: Failed to upload nightly release artifacts. Fetch artifacts: ${{ steps.fetch.outcome }} - Setup GCloud: ${{ steps.gcloud.outcome }} + Authenticatie GCS: ${{ steps.gcs-auth.outcome }} + Setup GCS: ${{ steps.gcs-setup.outcome }} Upload artifacts: ${{ steps.upload.outcome }} SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} if: >- @@ -706,6 +709,76 @@ jobs: && github.event_name != 'pull_request' }} + create-nightly: # Create a nightly build release in netdata/netdata-nightlies + name: Create Nightly Release + runs-on: ubuntu-latest + if: github.event_name == 'workflow_dispatch' && github.event.inputs.type == 'nightly' && github.repository == 'netdata/netdata' + needs: + - updater-check + - source-build + - artifact-verification-dist + - artifact-verification-static + steps: + - name: Checkout Main Repo + id: checkout-main + uses: actions/checkout@v3 + with: + path: main + - name: Checkout Nightly Repo + id: checkout-nightly + uses: actions/checkout@v3 + with: + repository: netdata/netdata-nightlies + path: nightlies + token: ${{ secrets.NETDATABOT_GITHUB_TOKEN }} + - name: Retrieve Artifacts + id: fetch + uses: actions/download-artifact@v3 + with: + name: final-artifacts + path: final-artifacts + - name: Prepare version info + id: version + run: | + # shellcheck disable=SC2129 + echo "version=$(cat main/packaging/version)" >> "${GITHUB_OUTPUT}" + echo "commit=$(cd nightlies && git rev-parse HEAD)" >> "${GITHUB_OUTPUT}" + echo "date=$(date +%F)" >> "${GITHUB_OUTPUT}" + - name: Create Release + id: create-release + uses: ncipollo/release-action@v1 + with: + allowUpdates: false + artifactErrorsFailBuild: true + artifacts: 'final-artifacts/sha256sums.txt,final-artifacts/netdata-*.tar.gz,final-artifacts/netdata-*.gz.run' + owner: netdata + repo: netdata-nightlies + body: Netdata nightly build for ${{ steps.version.outputs.date }}. + commit: ${{ steps.version.outputs.commit }} + tag: ${{ steps.version.outputs.version }} + token: ${{ secrets.NETDATABOT_GITHUB_TOKEN }} + - name: Failure Notification + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_COLOR: 'danger' + SLACK_FOOTER: '' + SLACK_ICON_EMOJI: ':github-actions:' + SLACK_TITLE: 'Failed to draft release:' + SLACK_USERNAME: 'GitHub Actions' + SLACK_MESSAGE: |- + ${{ github.repository }}: Failed to create nightly release or attach artifacts. + Checkout netdata/netdata: ${{ steps.checkout-main.outcome }} + Checkout netdata/netdata-nightlies: ${{ steps.checkout-nightly.outcome }} + Fetch artifacts: ${{ steps.fetch.outcome }} + Prepare version info: ${{ steps.version.outcome }} + Create release: ${{ steps.create-release.outcome }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} + if: >- + ${{ + failure() + && github.event_name == 'workflow_dispatch' + }} + normalize-tag: # Fix the release tag if needed name: Normalize Release Tag runs-on: ubuntu-latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..021376a2d --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,117 @@ +--- +# Run CodeQL to analyze C/C++ and Python code. +name: CodeQL +on: + pull_request: + types: [opened, reopened, labeled, synchronize] + branches: [master] + push: + branches: [master] + schedule: + - cron: "27 2 * * 1" +env: + DISABLE_TELEMETRY: 1 +concurrency: + group: codeql-${{ github.ref }} + cancel-in-progress: true +jobs: + prepare: + name: Prepare Jobs + runs-on: ubuntu-latest + outputs: + cpp: ${{ steps.cpp.outputs.run }} + python: ${{ steps.python.outputs.run }} + steps: + - name: Clone repository + uses: actions/checkout@v3 + with: + submodules: recursive + fetch-depth: 0 + - name: Check if we should always run + id: always + run: | + if [ "${{ github.event_name }}" = "pull_request" ]; then + if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/codeql') }}" = "true" ]; then + echo '::set-output name=run::true' + echo '::notice::Found ci/codeql label, unconditionally running all CodeQL checks.' + else + echo '::set-output name=run::false' + fi + else + echo '::set-output name=run::true' + fi + - name: Check for C/C++ changes + id: cpp + run: | + if [ "${{ steps.always.outputs.run }}" = "false" ]; then + if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.[ch](xx|\+\+)?' ; then + echo '::set-output name=run::true' + echo '::notice::C/C++ code has changed, need to run CodeQL.' + else + echo '::set-output name=run::false' + fi + else + echo '::set-output name=run::true' + fi + - name: Check for python changes + id: python + run: | + if [ "${{ steps.always.outputs.run }}" = "false" ]; then + if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq 'collectors/python.d.plugin/.*\.py' ; then + echo '::set-output name=run::true' + echo '::notice::Python code has changed, need to run CodeQL.' + else + echo '::set-output name=run::false' + fi + else + echo '::set-output name=run::true' + fi + + analyze-cpp: + name: Analyze C/C++ + runs-on: ubuntu-latest + needs: prepare + if: needs.prepare.outputs.cpp == 'true' + permissions: + security-events: write + steps: + - name: Git clone repository + uses: actions/checkout@v3 + with: + submodules: recursive + fetch-depth: 0 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: cpp + - name: Prepare environment + run: ./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata + - name: Build netdata + run: ./netdata-installer.sh --dont-start-it --disable-telemetry --dont-wait --install /tmp/install --one-time-build + - name: Run CodeQL + uses: github/codeql-action/analyze@v2 + with: + category: "/language:cpp" + + analyze-python: + name: Analyze Python + runs-on: ubuntu-latest + needs: prepare + if: needs.prepare.outputs.python == 'true' + permissions: + security-events: write + steps: + - name: Git clone repository + uses: actions/checkout@v3 + with: + submodules: recursive + fetch-depth: 0 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + config-file: ./.github/codeql/python-config.yml + languages: python + - name: Run CodeQL + uses: github/codeql-action/analyze@v2 + with: + category: "/language:python" diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index ec4e42c00..ddd8356e4 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -3,9 +3,13 @@ name: Packages on: pull_request: + types: + - opened + - reopened + - labeled + - synchronize branches: - master - - develop push: branches: - master @@ -45,9 +49,8 @@ jobs: from ruamel.yaml import YAML import json import re - FULL_CI_REGEX = '/actions run full ci' + import os ALWAYS_RUN_ARCHES = ["amd64", "x86_64"] - PR_BODY = """${{ github.event.pull_request.body }}""" yaml = YAML(typ='safe') entries = list() run_limited = False @@ -55,7 +58,7 @@ jobs: with open('.github/data/distros.yml') as f: data = yaml.load(f) - if "${{ github.event_name }}" == "pull_request" and re.search(FULL_CI_REGEX, PR_BODY, re.I) is None: + if "${{ github.event_name }}" == "pull_request" and "${{ !contains(github.event.pull_request.labels.*.name, 'run-ci/packaging') }}": run_limited = True for i, v in enumerate(data['include']): diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml index f631b929a..5679b246c 100644 --- a/.github/workflows/review.yml +++ b/.github/workflows/review.yml @@ -2,7 +2,8 @@ # Runs various ReviewDog based checks against PR with suggested changes to improve quality name: Review on: - pull_request: null + pull_request: + types: [opened, reopened, labeled, synchronize] env: DISABLE_TELEMETRY: 1 concurrency: @@ -27,7 +28,9 @@ jobs: - name: Check files for actionlint id: actionlint run: | - if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '\.github/workflows/.*' ; then + if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/actionlint') }}" = "true" ]; then + echo '::set-output name=run::true' + elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '\.github/workflows/.*' ; then echo '::set-output name=run::true' echo 'GitHub Actions workflows have changed, need to run actionlint.' else @@ -36,7 +39,9 @@ jobs: - name: Check files for eslint id: eslint run: | - if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -v "web/gui/dashboard" | grep -Eq '.*\.js|node\.d\.plugin\.in' ; then + if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/eslint') }}" = "true" ]; then + echo '::set-output name=run::true' + elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -v "web/gui/dashboard" | grep -Eq '.*\.js|node\.d\.plugin\.in' ; then echo '::set-output name=run::true' echo 'JS files have changed, need to run ESLint.' else @@ -45,7 +50,9 @@ jobs: - name: Check files for hadolint id: hadolint run: | - if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*Dockerfile.*' ; then + if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/hadolint') }}" = "true" ]; then + echo '::set-output name=run::true' + elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*Dockerfile.*' ; then echo '::set-output name=run::true' echo 'Dockerfiles have changed, need to run Hadolint.' else @@ -54,7 +61,9 @@ jobs: - name: Check files for shellcheck id: shellcheck run: | - if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.sh.*' ; then + if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/shellcheck') }}" = "true" ]; then + echo '::set-output name=run::true' + elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.sh.*' ; then echo '::set-output name=run::true' echo 'Shell scripts have changed, need to run shellcheck.' else @@ -63,7 +72,9 @@ jobs: - name: Check files for yamllint id: yamllint run: | - if git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.ya?ml|python\.d/.*\.conf' ; then + if [ "${{ contains(github.event.pull_request.labels.*.name, 'run-ci/yamllint') }}" = "true" ]; then + echo '::set-output name=run::true' + elif git diff --name-only origin/${{ github.base_ref }} HEAD | grep -Eq '.*\.ya?ml|python\.d/.*\.conf' ; then echo '::set-output name=run::true' echo 'YAML files have changed, need to run yamllint.' else diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6272a6d68..d48386855 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -39,59 +39,3 @@ jobs: CFLAGS: "-O1 -DNETDATA_INTERNAL_CHECKS=1 -DNETDATA_VERIFY_LOCKS=1" run: | ./tests/run-unit-tests.sh - - unit-tests-cmocka: - name: Unit Tests (cmocka) - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - submodules: recursive - - name: Prepare environment - run: | - ./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata-all - sudo apt-get install -y libjson-c-dev libipmimonitoring-dev libcups2-dev libsnappy-dev \ - libprotobuf-dev libprotoc-dev libssl-dev protobuf-compiler \ - libnetfilter-acct-dev libmongoc-dev libcmocka-dev libzstd-dev - - name: Configure - run: | - autoreconf -ivf - ./configure --disable-ml --disable-dependency-tracking - # XXX: Work-around for bug with libbson-1.0 in Ubuntu 18.04 - # See: https://bugs.launchpad.net/ubuntu/+source/libmongoc/+bug/1790771 - # https://jira.mongodb.org/browse/CDRIVER-2818 - - name: Fix libbson - run: | - pushd /usr/lib || exit 1 - sudo ln -s /usr/include . - popd || exit 1 - - name: Build - run: | - mkdir build-tmp - cd build-tmp - cmake \ - -D UNIT_TESTING=1 \ - -D BUILD_TESTING=1 \ - -D CMAKE_BUILD_TYPE="Debug" \ - -D BSON_LIBRARY=/usr/lib/x86_64-linux-gnu/libbson-1.0.so \ - -D MONGOC_LIBRARY=/usr/lib/x86_64-linux-gnu/libmongoc-1.0.so \ - .. - make - - name: Run ctest - run: | - cd build-tmp - ctest - - name: Prepare Artifacts - if: always() - run: | - mkdir logs - pushd build-tmp || exit 1 - find . -type f -name '*.log' -exec cp {} ../logs/ \; - popd || exit 1 - - name: Upload Artifacts - uses: actions/upload-artifact@v3 - if: always() - with: - name: logs - path: logs |