diff --git a/.github/workflows/all_solutions.yml b/.github/workflows/all_solutions.yml index 6cfd69d37e..e807dd2852 100644 --- a/.github/workflows/all_solutions.yml +++ b/.github/workflows/all_solutions.yml @@ -776,7 +776,6 @@ jobs: name: deploy-artifacts path: | ${{ github.workspace }}\build\BuildArtifacts - ${{ github.workspace }}\deploy if-no-files-found: error # This job is necessary in order for us to have a branch protection rule for tests with a matrix diff --git a/.github/workflows/deploy_agent.yml b/.github/workflows/deploy_agent.yml index 2d3afc0125..16f18bee64 100644 --- a/.github/workflows/deploy_agent.yml +++ b/.github/workflows/deploy_agent.yml @@ -76,13 +76,6 @@ jobs: path: ${{ github.workspace }}/build/BuildArtifacts if-no-files-found: error - - name: Upload Deploy Tooling Locally - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: deploy-tooling - path: ${{ github.workspace }}/deploy/ - if-no-files-found: error - deploy-downloadsite: needs: get-external-artifacts if: ${{ github.event.inputs.downloadsite == 'true' }} @@ -262,19 +255,18 @@ jobs: sudo apt-get update -y sudo apt-get install -y dos2unix shell: bash - + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + - name: Download Deploy Artifacts uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: deploy-artifacts path: ${{ github.workspace }}/ - - name: Download Deploy Tooling - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: deploy-tooling - path: ${{ github.workspace }}/deploy - - name: Get GPG Key id: write_gpgkey run: | diff --git a/.github/workflows/post_deploy_agent.yml b/.github/workflows/post_deploy_agent.yml index 0df03cda01..8f4ee861c1 100644 --- a/.github/workflows/post_deploy_agent.yml +++ b/.github/workflows/post_deploy_agent.yml @@ -7,17 +7,17 @@ on: description: 'Agent Version to validate. Needs to match the version from the Release Workflow (all_solutions.yml). Format: X.X.X' required: true type: string - external_call: - type: boolean - default: true - required: false workflow_call: inputs: agent_version: description: 'Agent Version to validate. Needs to match the version from the Release Workflow (all_solutions.yml). Format: X.X.X' required: true type: string - + external_call: + type: boolean + default: true + required: false + permissions: contents: read packages: read @@ -37,7 +37,7 @@ jobs: disable-sudo: false egress-policy: audit - name: Wait for APT to update - if: ${{ github.event.inputs.external_call }} # only wait if this workflow was called by another workflow + if: ${{ github.event.inputs.external_call == 'true' }} # only wait if this workflow was called by another workflow run: | echo "Sleeping 5 minutes to wait for apt to update itself" sleep 300 @@ -76,7 +76,7 @@ jobs: fetch-depth: 0 - name: Wait for YUM to update - if: ${{ github.event.inputs.external_call }} # only wait if this workflow was called by another workflow + if: ${{ github.event.inputs.external_call == 'true'}} # only wait if this workflow was called by another workflow run: | echo "Sleeping 5 minutes to wait for yum to update itself" sleep 300 diff --git a/.github/workflows/publish_release_notes.yml b/.github/workflows/publish_release_notes.yml index c0414d1491..456bae6610 100644 --- a/.github/workflows/publish_release_notes.yml +++ b/.github/workflows/publish_release_notes.yml @@ -30,36 +30,7 @@ env: DOTNET_NOLOGO: true jobs: - - get-external-artifacts: - name: Get and Publish Deploy Artifacts Locally - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 - with: - disable-sudo: true - egress-policy: audit - - - name: Download Deploy Artifacts - uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2.28.0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - workflow: all_solutions.yml - run_id: ${{ github.event.inputs.run_id }} - name: deploy-artifacts - path: ${{ github.workspace }} - repo: ${{ github.repository }} - - - name: Upload Deploy Artifacts Locally - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - with: - name: deploy-artifacts - path: ${{ github.workspace }}/build/BuildArtifacts - if-no-files-found: error - publish-release-notes: - needs: get-external-artifacts name: Create and Publish Release Notes runs-on: ubuntu-latest steps: @@ -74,10 +45,14 @@ jobs: fetch-depth: 0 - name: Download Deploy Artifacts - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2.28.0 with: + github_token: ${{ secrets.GITHUB_TOKEN }} + workflow: all_solutions.yml + run_id: ${{ github.event.inputs.run_id }} name: deploy-artifacts - path: ${{ github.workspace }}/artifacts + path: ${{ github.workspace }}/deploy-artifacts + repo: ${{ github.repository }} - name: Set Docs PR Branch Name run: | @@ -97,7 +72,7 @@ jobs: BUILD_PATH: ${{ github.workspace }}/build/ReleaseNotesBuilder/ReleaseNotesBuilder.csproj RUN_PATH: ${{ github.workspace }}/build/ReleaseNotesBuilder/bin/Release/net7.0/ CHANGELOG: ${{ github.workspace }}/src/Agent/CHANGELOG.md - CHECKSUMS: ${{ github.workspace }}/artifacts/DownloadSite/SHA256/checksums.md + CHECKSUMS: ${{ github.workspace }}/deploy-artifacts/build/BuildArtifacts/DownloadSite/SHA256/checksums.md OUTPUT_PATH: ${{ github.workspace }} - name: Create branch diff --git a/deploy/linux/Dockerfile b/deploy/linux/Dockerfile index a79a757236..d61e61103e 100644 --- a/deploy/linux/Dockerfile +++ b/deploy/linux/Dockerfile @@ -1,9 +1,9 @@ -FROM debian:stable-20231120@sha256:6a798ffaa39776765d80c63afffc5920d09f8003b1b7d6a24026527d826c8de7 +FROM debian:buster-20230703-slim@sha256:cddb688e1263b9752275b064171ef6ac9c70ae21a77c774339aecfb53690b9a1 RUN apt-get update && apt-get install -y \ apt-utils \ dpkg-dev \ - createrepo-c \ + createrepo \ awscli \ curl \ dos2unix \ diff --git a/deploy/linux/deploy_scripts/deploy-packages.bash b/deploy/linux/deploy_scripts/deploy-packages.bash index 03336e08fb..c883b0f029 100644 --- a/deploy/linux/deploy_scripts/deploy-packages.bash +++ b/deploy/linux/deploy_scripts/deploy-packages.bash @@ -165,7 +165,7 @@ fi export TARGET='production' # this is just a string used in local paths for repository data pulled down from S3 and then pushed back up # Make sure we have all the external tools we need -for CMD in apt-ftparchive gpg createrepo_c curl rsync; do +for CMD in apt-ftparchive gpg createrepo curl rsync; do if ! command -v $CMD > /dev/null; then die 'command not found:' $CMD fi diff --git a/deploy/linux/deploy_scripts/libexec/repoman-rebuild.bash b/deploy/linux/deploy_scripts/libexec/repoman-rebuild.bash index 638d44e92f..4697d46dfa 100644 --- a/deploy/linux/deploy_scripts/libexec/repoman-rebuild.bash +++ b/deploy/linux/deploy_scripts/libexec/repoman-rebuild.bash @@ -110,7 +110,7 @@ rebuild_yum() { printf \\n if [[ -d "$REPO_DIR" ]]; then - createrepo_c --update --checksum sha "$REPO_DIR" + createrepo --update --checksum sha "$REPO_DIR" fi done } diff --git a/deploy/linux/deploy_scripts/puppet/manifests/site.pp b/deploy/linux/deploy_scripts/puppet/manifests/site.pp index 12f68e58ea..e92c9db6c8 100644 --- a/deploy/linux/deploy_scripts/puppet/manifests/site.pp +++ b/deploy/linux/deploy_scripts/puppet/manifests/site.pp @@ -12,7 +12,7 @@ } # YUM repo mgmt -package { "createrepo-c": +package { "createrepo": ensure => installed }