s0undt3ch · s0undt3ch · Mar 18, 2024 · Mar 18, 2024 · Mar 18, 2024 · Mar 18, 2024
diff --git a/.github/actions/build-onedir-deps/action.yml b/.github/actions/build-onedir-deps/action.yml
@@ -1,45 +1,33 @@
 ---
 name: build-onedir-deps
 description: Build Onedir Dependencies
+
 inputs:
   platform:
     required: true
-    type: string
     description: The platform to build
   arch:
     required: true
-    type: string
     description: The platform arch to build
   python-version:
     required: true
-    type: string
     description: The python version to build
   package-name:
     required: false
-    type: string
     description: The onedir package name to create
     default: salt
   cache-prefix:
     required: true
-    type: string
     description: Seed used to invalidate caches
 
 
-env:
-  COLUMNS: 190
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
-  RELENV_BUILDENV: 1
-
-
 runs:
   using: composite
 
   steps:
-
     - name: Cache Deps Onedir Package Directory
       id: onedir-pkg-cache
-      uses: actions/cache@v3.3.1
+      uses: ./.github/actions/cache
       with:
         path: artifacts/${{ inputs.package-name }}
         key: >
@@ -56,6 +44,8 @@ runs:
     - name: Install Salt Onedir Package Dependencies
       shell: bash
       if: steps.onedir-pkg-cache.outputs.cache-hit != 'true'
+      env:
+        RELENV_BUILDENV: "1"
       run: |
         tools pkg build onedir-dependencies --arch ${{ inputs.arch }} --python-version ${{ inputs.python-version }} --package-name artifacts/${{ inputs.package-name }} --platform ${{ inputs.platform }}
 

diff --git a/.github/actions/build-onedir-salt/action.yml b/.github/actions/build-onedir-salt/action.yml
@@ -1,49 +1,37 @@
 ---
 name: build-onedir-salt
 description: Build Onedir Package
+
 inputs:
   platform:
     required: true
-    type: string
     description: The platform to build
   arch:
     required: true
-    type: string
     description: The platform arch to build
   package-name:
     required: false
-    type: string
     description: The onedir package name to create
     default: salt
   cache-prefix:
     required: true
-    type: string
     description: Seed used to invalidate caches
   python-version:
     required: true
-    type: string
     description: The python version to build
   salt-version:
-    type: string
     required: true
     description: The Salt version to set prior to building packages.
 
 
-env:
-  COLUMNS: 190
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
-  RELENV_BUILDENV: 1
-
-
 runs:
   using: composite
 
   steps:
 
     - name: Download Cached Deps Onedir Package Directory
       id: onedir-bare-cache
-      uses: actions/cache@v3.3.1
+      uses: ./.github/actions/cache
       with:
         path: artifacts/${{ inputs.package-name }}
         key: >
@@ -64,6 +52,8 @@ runs:
 
     - name: Install Salt Into Onedir
       shell: bash
+      env:
+        RELENV_BUILDENV: "1"
       run: |
         tools pkg build salt-onedir salt-${{ inputs.salt-version }}.tar.gz --platform ${{ inputs.platform }} --package-name artifacts/${{ inputs.package-name }}
 

diff --git a/.github/actions/build-source-tarball/action.yml b/.github/actions/build-source-tarball/action.yml
@@ -1,24 +1,17 @@
 ---
 name: build-source-tarball
 description: Build Source Tarball
+
 inputs:
   salt-version:
-    type: string
     required: true
     description: The Salt version to set prior to building the tarball.
   nox-version:
     required: false
-    type: string
     description: The version of Nox to install
     default: "2022.8.7"
 
 
-env:
-  COLUMNS: 190
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
-
-
 runs:
   using: composite
 

diff --git a/.github/actions/cache/action.yml b/.github/actions/cache/action.yml
@@ -0,0 +1,112 @@
+---
+name: cache
+description: GitHub Actions Cache
+inputs:
+  path:
+    description: 'A list of files, directories, and wildcard patterns to cache and restore'
+    required: true
+  key:
+    description: 'An explicit key for restoring and saving the cache'
+    required: true
+  restore-keys:
+    description: 'An ordered list of keys to use for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case.'
+    required: false
+  upload-chunk-size:
+    description: 'The chunk size used to split up large files during upload, in bytes'
+    required: false
+  enableCrossOsArchive:
+    description: 'An optional boolean when enabled, allows windows runners to save or restore caches that can be restored or saved respectively on other platforms'
+    default: 'false'
+    required: false
+  fail-on-cache-miss:
+    description: 'Fail the workflow if cache entry is not found'
+    default: 'false'
+    required: false
+  lookup-only:
+    description: 'Check if a cache entry exists for the given input(s) (key, restore-keys) without downloading the cache'
+    default: 'false'
+    required: false
+  save-always:
+    description: 'Run the post step to save the cache even if another step before fails'
+    default: 'false'
+    required: false
+
+outputs:
+  cache-hit:
+    description: 'A boolean value to indicate an exact match was found for the primary key'
+    value: ${{ steps.github-cache.outputs.cache-hit || steps.s3-cache.outputs.cache-hit }}
+
+runs:
+  using: composite
+
+  steps:
+
+    - name: Map inputs to environment variables
+      shell: bash
+      run: |
+        echo "GHA_CACHE_PATH=${{ inputs.path }}" | tee -a "${GITHUB_ENV}"
+        echo "GHA_CACHE_KEY=${{ inputs.key }}" | tee -a "${GITHUB_ENV}"
+        echo "GHA_CACHE_ENABLE_CROSS_OS_ARCHIVE=${{ inputs.enableCrossOsArchive }}" | tee -a "${GITHUB_ENV}"
+        echo "GHA_CACHE_FAIL_ON_CACHE_MISS=${{ inputs.fail-on-cache-miss }}" | tee -a "${GITHUB_ENV}"
+        echo "GHA_CACHE_LOOKUP_ONLY=${{ inputs.lookup-only }}" | tee -a "${GITHUB_ENV}"
+        echo "GHA_CACHE_SAVE_ALWAYS=${{ inputs.save-always }}" | tee -a "${GITHUB_ENV}"
+        echo "GHA_CACHE_RESTORE_KEYS=${{ inputs.restore-keys }}" | tee -a "${GITHUB_ENV}"
+        echo "GHA_CACHE_UPLOAD_CHUNK_SIZE=${{ inputs.upload-chunk-size }}" | tee -a "${GITHUB_ENV}"
+
+    - name: Cache Provided Path (GitHub Actions)
+      id: github-cache
+      if: ${{ env.USE_S3_CACHE != 'true' }}
+      uses: actions/cache@v4
+      with:
+        path: ${{ env.GHA_CACHE_PATH }}
+        key: ${{ env.GHA_CACHE_KEY }}
+        enableCrossOsArchive: ${{ env.GHA_CACHE_ENABLE_CROSS_OS_ARCHIVE }}
+        fail-on-cache-miss: ${{ env.GHA_CACHE_FAIL_ON_CACHE_MISS }}
+        lookup-only: ${{ env.GHA_CACHE_LOOKUP_ONLY }}
+        save-always: ${{ env.GHA_CACHE_SAVE_ALWAYS }}
+        restore-keys: ${{ env.GHA_CACHE_RESTORE_KEYS }}
+        upload-chunk-size: ${{ env.GHA_CACHE_UPLOAD_CHUNK_SIZE }}
+
+    - name: Get Salt Project GitHub Actions Bot Environment
+      if: ${{ env.USE_S3_CACHE == 'true' }}
+      shell: bash
+      run: |
+        TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
+        SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
+        echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" | tee -a "$GITHUB_ENV"
+        REGION=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/region)
+        echo "GHA_CACHE_AWS_REGION=$REGION" | tee -a "$GITHUB_ENV"
+
+    - name: Configure AWS Credentials to access cache bucket
+      id: creds
+      if: ${{ env.USE_S3_CACHE == 'true' }}
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-region: ${{ env.GHA_CACHE_AWS_REGION }}
+
+    - name: Cache Provided Path (S3)
+      if: ${{ env.USE_S3_CACHE == 'true' }}
+      id: s3-cache
+      env:
+        AWS_REGION: ${{ env.GHA_CACHE_AWS_REGION }}
+        RUNS_ON_S3_BUCKET_CACHE: salt-project-${{ env.SPB_ENVIRONMENT}}-salt-github-actions-s3-cache
+      uses: runs-on/cache@v4
+      with:
+        path: ${{ env.GHA_CACHE_PATH }}
+        key: ${{ env.GHA_CACHE_KEY }}
+        enableCrossOsArchive: ${{ env.GHA_CACHE_ENABLE_CROSS_OS_ARCHIVE }}
+        fail-on-cache-miss: ${{ env.GHA_CACHE_FAIL_ON_CACHE_MISS }}
+        lookup-only: ${{ env.GHA_CACHE_LOOKUP_ONLY }}
+        save-always: ${{ env.GHA_CACHE_SAVE_ALWAYS }}
+        restore-keys: ${{ env.GHA_CACHE_RESTORE_KEYS }}
+        upload-chunk-size: ${{ env.GHA_CACHE_UPLOAD_CHUNK_SIZE }}
+
+    - name: Verify 'fail-on-cache-miss'
+      if: ${{ inputs.fail-on-cache-miss == 'true' }}
+      shell: bash
+      run: |
+        CACHE_HIT="${{ steps.github-cache.outputs.cache-hit || steps.s3-cache.outputs.cache-hit }}"
+        if [ "$CACHE_HIT" != "true" ]; then
+          echo "No cache hit and fail-on-cache-miss is set to true."
+          exit 1
+        fi
diff --git a/.github/actions/cached-virtualenv/action.yml b/.github/actions/cached-virtualenv/action.yml
@@ -5,26 +5,23 @@ description: Setup a cached python virtual environment
 inputs:
   name:
     required: true
-    type: string
     description: The Virtualenv Name
   cache-seed:
     required: true
-    type: string
     description: Seed used to invalidate caches
+
 outputs:
   cache-hit:
+    description: 'A boolean value to indicate an exact match was found for the primary key'
     value: ${{ steps.cache-virtualenv.outputs.cache-hit }}
   cache-key:
+    description: The value of the cache key
     value: ${{ steps.setup-cache-key.outputs.cache-key }}
   python-executable:
+    description: The path to the virtualenv's python executable
     value: ${{ steps.define-python-executable.outputs.python-executable }}
 
 
-env:
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
-
-
 runs:
   using: composite
 
@@ -54,7 +51,7 @@ runs:
 
     - name: Cache VirtualEnv
       id: cache-virtualenv
-      uses: actions/cache@v3.3.1
+      uses: ./.github/actions/cache
       with:
         key: ${{ steps.setup-cache-key.outputs.cache-key }}
         path: ${{ steps.virtualenv-path.outputs.venv-path }}

diff --git a/.github/actions/download-artifact/action.yml b/.github/actions/download-artifact/action.yml
@@ -20,6 +20,7 @@ inputs:
       without overriding the existing archives.
     required: false
 
+
 runs:
   using: composite
   steps:

diff --git a/.github/actions/get-python-version/action.yml b/.github/actions/get-python-version/action.yml
@@ -1,19 +1,24 @@
 ---
 name: get-python-version
 description: Setup Relenv
+
 inputs:
   python-binary:
     required: true
-    type: string
     description: The python binary to get the version from
+
 outputs:
   binary:
+    description: The python binary executable
     value: ${{ steps.get-python-version.outputs.binary }}
   version:
+    description: The python version
     value: ${{ steps.get-python-version.outputs.version }}
   full-version:
+    description: The full python version
     value: ${{ steps.get-python-version.outputs.full-version }}
   version-sha256sum:
+    description: The sha256sum of the version
     value: ${{ steps.get-python-version.outputs.version-sha256sum }}
 
 

diff --git a/.github/actions/setup-actionlint/action.yml b/.github/actions/setup-actionlint/action.yml
@@ -1,21 +1,22 @@
 ---
 name: setup-actionlint
 description: Setup actionlint
+
 inputs:
   version:
     description: The version of actionlint
     default: 1.6.26
   cache-seed:
     required: true
-    type: string
     description: Seed used to invalidate caches
 
+
 runs:
   using: composite
   steps:
 
     - name: Cache actionlint Binary
-      uses: actions/cache@v3.3.1
+      uses: ./.github/actions/cache
       with:
         path: /usr/local/bin/actionlint
         key: ${{ inputs.cache-seed }}|${{ runner.os }}|${{ runner.arch }}|actionlint|${{ inputs.version }}

diff --git a/.github/actions/setup-pre-commit/action.yml b/.github/actions/setup-pre-commit/action.yml
@@ -4,19 +4,13 @@ description: Setup 'pre-commit'
 
 inputs:
   version:
-    type: string
     description: Pre-commit version to install
     required: true
     default: 3.0.3
   cache-seed:
     required: true
-    type: string
     description: Seed used to invalidate caches
 
-env:
-  PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/
-  PIP_EXTRA_INDEX_URL: https://pypi.org/simple
-
 
 runs:
   using: composite
@@ -36,7 +30,7 @@ runs:
         ${{ steps.pre-commit-virtualenv.outputs.python-executable }} -m pip install pre-commit==${{ inputs.version }}
 
     - name: Cache Pre-Commit Hooks
-      uses: actions/cache@v3.3.1
+      uses: ./.github/actions/cache
       id: pre-commit-hooks-cache
       with:
         key: ${{ steps.pre-commit-virtualenv.outputs.cache-key }}|${{ inputs.version }}|${{ hashFiles('.pre-commit-config.yaml') }}