From 578930e62c76baead9a79d8a6a97dfdd36b93fe6 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus <915544+detiber@users.noreply.github.com> Date: Thu, 19 Dec 2024 21:37:51 -0500 Subject: [PATCH 1/8] [centos-workstation] github action changes for fork --- .github/workflows/auto-merge-dependabot.yml | 23 -------- .github/workflows/build.yaml | 27 ++++++++++ .github/workflows/pr_best_practices.yml | 18 ------- .github/workflows/stale-cleanup.yml | 16 ------ .github/workflows/testingfarm-unit.yml | 43 --------------- .github/workflows/testingfarm.yml | 60 --------------------- .github/workflows/tests.yml | 18 +++---- 7 files changed, 36 insertions(+), 169 deletions(-) delete mode 100644 .github/workflows/auto-merge-dependabot.yml delete mode 100644 .github/workflows/pr_best_practices.yml delete mode 100644 .github/workflows/stale-cleanup.yml delete mode 100644 .github/workflows/testingfarm-unit.yml delete mode 100644 .github/workflows/testingfarm.yml diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml deleted file mode 100644 index f5e014fb..00000000 --- a/.github/workflows/auto-merge-dependabot.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Taken from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#common-dependabot-automations - -name: Dependabot auto-approve and auto-merge -on: pull_request_target - -permissions: write-all - -jobs: - dependabot: - runs-on: ubuntu-latest - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Approve a PR - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN}} - - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --rebase "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN}} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index eb024497..99d3910e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -25,3 +25,30 @@ jobs: image: ${{ env.IMAGE_NAME }} tags: "latest" containerfiles: Containerfile + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ env.IMAGE_REGISTRY }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + if: github.event_name != 'pull_request' + id: push + with: + registry: ${{ steps.registry_case.outputs.lowercase }} + image: ${{ env.IMAGE_NAME }} + tags: "latest" + extra-args: | + --disable-content-trust \ No newline at end of file diff --git a/.github/workflows/pr_best_practices.yml b/.github/workflows/pr_best_practices.yml deleted file mode 100644 index d7a1b0c4..00000000 --- a/.github/workflows/pr_best_practices.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: "Verify PR best practices" - -on: - pull_request_target: - branches: [main] - types: [opened, synchronize, reopened, edited] - issue_comment: - types: [created] - -jobs: - pr-best-practices: - runs-on: ubuntu-latest - steps: - - name: PR best practice check - uses: osbuild/pr-best-practices@main - with: - token: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }} - jira_token: ${{ secrets.IMAGEBUILDER_BOT_JIRA_TOKEN }} diff --git a/.github/workflows/stale-cleanup.yml b/.github/workflows/stale-cleanup.yml deleted file mode 100644 index e647e318..00000000 --- a/.github/workflows/stale-cleanup.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Mark and close stale issues and PRs - -on: - schedule: - - cron: '0 4 * * *' - -jobs: - stale: - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write - steps: - - uses: osbuild/common-stale-action@main - with: - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/testingfarm-unit.yml b/.github/workflows/testingfarm-unit.yml deleted file mode 100644 index 67f900dc..00000000 --- a/.github/workflows/testingfarm-unit.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -name: Testing farm go unit tests - -on: - pull_request_target: - types: [opened, synchronize, reopened] - -# see testingfarm.yml -jobs: - testingfarm: - name: "Run in testing farm" - runs-on: ubuntu-latest - steps: - - name: Get User Permission - id: checkAccess - uses: actions-cool/check-user-permission@v2 - with: - require: write - username: ${{ github.triggering_actor }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check User Permission - if: steps.checkAccess.outputs.require-result == 'false' - run: | - echo "${{ github.triggering_actor }} does not have permissions on this repo." - echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" - echo "Job originally triggered by ${{ github.actor }}" - exit 1 - - name: Check out code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - - name: Run the tests - uses: sclorg/testing-farm-as-github-action@v3 - with: - compose: Fedora-40 - tmt_plan_regex: "/plans/unit-go" - api_key: ${{ secrets.TF_API_KEY }} - git_url: ${{ github.event.pull_request.head.repo.clone_url }} - git_ref: ${{ github.event.pull_request.head.ref }} - pull_request_status_name: "Testing farm" - tf_scope: private - secrets: "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }};AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }};RHSM_ORG=${{ secrets.RHSM_ORG }};RHSM_ACTIVATION_KEY=${{ secrets.RHSM_ACTIVATION_KEY }} " diff --git a/.github/workflows/testingfarm.yml b/.github/workflows/testingfarm.yml deleted file mode 100644 index 82c2c273..00000000 --- a/.github/workflows/testingfarm.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -name: Testing farm tests - -on: - pull_request_target: - types: [opened, synchronize, reopened] - -# To use testing farm we need the TF_API_KEY secret available inside the -# forked repo which requires the pull_request_target trigger. To protect -# the secrets we need to make sure only people with repo write access -# can trigger this workflow. This means that ouside contributors will -# get an initial failure when the workflow is run. But once someone from -# the team re-triggers it it will work. -# -# Note that "pull_requqest_target" events are always triggered even -# when the "Fork pull request workflows from outside collaborators" -# setting is restricted to "Require approval for all outside collaborators" -# (see https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks) -# -# Note also that this precautions might be overkill because a fork -# cannot modify this workflow and all we do is run a branch inside -# testing farm. But a) the scope of workflow may expand over time -# b) it feels safer this way and is not a big burden in practise. -# -# This follows https://michaelheap.com/access-secrets-from-forks/ -jobs: - testingfarm: - name: "Run in testing farm" - runs-on: ubuntu-latest - steps: - - name: Get User Permission - id: checkAccess - uses: actions-cool/check-user-permission@v2 - with: - require: write - username: ${{ github.triggering_actor }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Check User Permission - if: steps.checkAccess.outputs.require-result == 'false' - run: | - echo "${{ github.triggering_actor }} does not have permissions on this repo." - echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" - echo "Job originally triggered by ${{ github.actor }}" - exit 1 - - name: Check out code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - - name: Run the tests - uses: sclorg/testing-farm-as-github-action@v3 - with: - compose: Fedora-40 - tmt_plan_regex: "/plans/integration" - api_key: ${{ secrets.TF_API_KEY }} - git_url: ${{ github.event.pull_request.head.repo.clone_url }} - git_ref: ${{ github.event.pull_request.head.ref }} - pull_request_status_name: "Testing farm" - tf_scope: private - secrets: "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }};AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }};RHSM_ORG=${{ secrets.RHSM_ORG }};RHSM_ACTIVATION_KEY=${{ secrets.RHSM_ACTIVATION_KEY }} " diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 73d576f4..6e48ff31 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -110,15 +110,15 @@ jobs: with: path: /var/tmp/osbuild-test-store key: no-key-needed-here - - name: Run tests - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - run: | - # podman needs (parts of) the environment but will break when - # XDG_RUNTIME_DIR is set. - # TODO: figure out what exactly podman needs - sudo -E XDG_RUNTIME_DIR= pytest-3 --basetemp=/mnt/var/tmp/bib-tests + # - name: Run tests + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # run: | + # # podman needs (parts of) the environment but will break when + # # XDG_RUNTIME_DIR is set. + # # TODO: figure out what exactly podman needs + # sudo -E XDG_RUNTIME_DIR= pytest-3 --basetemp=/mnt/var/tmp/bib-tests - name: Diskspace (after) if: ${{ always() }} run: | From e4d08a3b8060a1aa670316ccf1028397f86f26fb Mon Sep 17 00:00:00 2001 From: Jason DeTiberus <915544+detiber@users.noreply.github.com> Date: Thu, 19 Dec 2024 21:40:00 -0500 Subject: [PATCH 2/8] [centos-workstation] build and push image on push events --- .github/workflows/build.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 99d3910e..656e6d0c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -3,6 +3,9 @@ name: Build containers on: pull_request: branches: [main] + push: + branches: + - "main" # for merge queue merge_group: From 34fb728a36ea90c67ad678cd70ee0d6374de2d6e Mon Sep 17 00:00:00 2001 From: Jason DeTiberus <915544+detiber@users.noreply.github.com> Date: Thu, 19 Dec 2024 21:44:09 -0500 Subject: [PATCH 3/8] [centos-workstation] enable workflow_dispatch for build workflow --- .github/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 656e6d0c..470a4722 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -8,6 +8,7 @@ on: - "main" # for merge queue merge_group: + workflow_dispatch: env: IMAGE_NAME: ${{ github.repository }} From 78491b54bf902fb33e37c373b1ccba95c248070c Mon Sep 17 00:00:00 2001 From: Jason DeTiberus <915544+detiber@users.noreply.github.com> Date: Thu, 19 Dec 2024 21:46:52 -0500 Subject: [PATCH 4/8] [centos-workstation] fix registry --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 470a4722..1b39d2eb 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -51,7 +51,7 @@ jobs: if: github.event_name != 'pull_request' id: push with: - registry: ${{ steps.registry_case.outputs.lowercase }} + registry: "ghcr.io" image: ${{ env.IMAGE_NAME }} tags: "latest" extra-args: | From c670ef5f43f26195e263b6a10a823cd7bb586dcc Mon Sep 17 00:00:00 2001 From: Jason DeTiberus <915544+detiber@users.noreply.github.com> Date: Thu, 19 Dec 2024 21:48:12 -0500 Subject: [PATCH 5/8] [centos-workstation] add concurrency config --- .github/workflows/build.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1b39d2eb..82b9a9f9 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -16,6 +16,10 @@ env: permissions: contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.ref || github.run_id }} + cancel-in-progress: true + jobs: build: runs-on: ubuntu-22.04 From cf9223a3838fe66eaebf486d5fbfbede30a8b864 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus <915544+detiber@users.noreply.github.com> Date: Thu, 19 Dec 2024 21:54:12 -0500 Subject: [PATCH 6/8] [centos-workstation] fix registry perms for build job --- .github/workflows/build.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 82b9a9f9..90e385a6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,6 +15,8 @@ env: permissions: contents: read + packages: write + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.ref || github.run_id }} From 201a1ba75881d341706a2d8da8e34f1c18253ea0 Mon Sep 17 00:00:00 2001 From: Tulip Blossom Date: Tue, 24 Dec 2024 23:09:07 -0300 Subject: [PATCH 7/8] ci: have proper pull app configuration --- .github/pull.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .github/pull.yml diff --git a/.github/pull.yml b/.github/pull.yml new file mode 100644 index 00000000..7af33fb9 --- /dev/null +++ b/.github/pull.yml @@ -0,0 +1,7 @@ +version: "1" +rules: + - base: main + upstream: osbuild:main # Required. Must be in the same fork network. + mergeMethod: rebase # Optional, one of [none, merge, squash, rebase, hardreset], Default: none. + + From b215180c696b16fc021da3372ca21d3f03f5a05c Mon Sep 17 00:00:00 2001 From: Tulip Blossom Date: Thu, 26 Dec 2024 18:13:27 -0300 Subject: [PATCH 8/8] feat: add imbev's minimal pr so that they have proper heliumOS support until it gets merged --- bib/data/defs/heliumos-10.yaml | 1 + bib/data/defs/heliumos-9.yaml | 1 + 2 files changed, 2 insertions(+) create mode 120000 bib/data/defs/heliumos-10.yaml create mode 120000 bib/data/defs/heliumos-9.yaml diff --git a/bib/data/defs/heliumos-10.yaml b/bib/data/defs/heliumos-10.yaml new file mode 120000 index 00000000..31ce3eb1 --- /dev/null +++ b/bib/data/defs/heliumos-10.yaml @@ -0,0 +1 @@ +centos-10.yaml \ No newline at end of file diff --git a/bib/data/defs/heliumos-9.yaml b/bib/data/defs/heliumos-9.yaml new file mode 120000 index 00000000..f09a8726 --- /dev/null +++ b/bib/data/defs/heliumos-9.yaml @@ -0,0 +1 @@ +centos-9.yaml \ No newline at end of file