From 7c9de79524bf12f0a2e50c78781acc62036f8139 Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 16 May 2024 14:24:38 +0200 Subject: [PATCH 1/4] ci: update workflows to run on source-git setup rhel-only Related: RHEL-36636 --- .github/workflows/cflite_pr.yml | 3 --- .github/workflows/codeql.yml | 6 ------ .github/workflows/differential-shellcheck.yml | 4 ---- .github/workflows/linter.yml | 3 --- .github/workflows/unit_tests.yml | 3 --- 5 files changed, 19 deletions(-) diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml index f0d321794a..87dcd3c478 100644 --- a/.github/workflows/cflite_pr.yml +++ b/.github/workflows/cflite_pr.yml @@ -5,9 +5,6 @@ name: ClusterFuzzLite PR fuzzing on: pull_request: - branches: - - main - - v[0-9]+-stable permissions: read-all diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0d284f75f1..daf34486d2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -6,9 +6,6 @@ name: "CodeQL" on: pull_request: - branches: - - main - - v[0-9]+-stable paths: - '**/meson.build' - '.github/**/codeql*' @@ -16,9 +13,6 @@ on: - 'test/**' - 'tools/**' push: - branches: - - main - - v[0-9]+-stable permissions: contents: read diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index 244f5d503b..403b5cfc58 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -4,11 +4,7 @@ name: Differential ShellCheck on: push: - branches: - - main pull_request: - branches: - - main permissions: contents: read diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index cf0bc09453..e7fb70f2f5 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -6,9 +6,6 @@ name: Lint Code Base on: pull_request: - branches: - - main - - v[0-9]+-stable permissions: contents: read diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 895068c2a2..bf6c820092 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -5,9 +5,6 @@ name: Unit tests on: pull_request: - branches: - - main - - v[0-9]+-stable permissions: contents: read From 9a92d089c52c3d6a21d72c95d8d2000b3031fcac Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 16 May 2024 14:36:04 +0200 Subject: [PATCH 2/4] ci: setup source-git automation rhel-only Related: RHEL-36636 --- .github/advanced-commit-linter.yml | 17 +++++ .github/auto-merge.yml | 4 ++ .github/pull-request-validator.yml | 4 ++ .github/regression-sniffer.yml | 1 + .github/tracker-validator.yml | 31 ++++++++ .github/workflows/gather-pr-metadata.yml | 12 ++-- .../source-git-automation-on-demand.yml | 72 +++++++++++++++++++ .github/workflows/source-git-automation.yml | 45 ++++++++++++ 8 files changed, 179 insertions(+), 7 deletions(-) create mode 100644 .github/advanced-commit-linter.yml create mode 100644 .github/auto-merge.yml create mode 100644 .github/pull-request-validator.yml create mode 100644 .github/regression-sniffer.yml create mode 100644 .github/tracker-validator.yml create mode 100644 .github/workflows/source-git-automation-on-demand.yml create mode 100644 .github/workflows/source-git-automation.yml diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml new file mode 100644 index 0000000000..3609fe4612 --- /dev/null +++ b/.github/advanced-commit-linter.yml @@ -0,0 +1,17 @@ +policy: + cherry-pick: + upstream: + - github: systemd/systemd + exception: + note: + - rhel-only + - RHEL-only + tracker: + - keyword: + - 'Resolves: ' + - 'Related: ' + - 'Reverts: ' + type: jira + issue-format: + - 'RHEL-\d+$' + url: 'https://issues.redhat.com/browse/' diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml new file mode 100644 index 0000000000..35c2539295 --- /dev/null +++ b/.github/auto-merge.yml @@ -0,0 +1,4 @@ +labels: + dont-merge: dont-merge + manual-merge: pr/needs-manual-merge +target-branch': ['main'] diff --git a/.github/pull-request-validator.yml b/.github/pull-request-validator.yml new file mode 100644 index 0000000000..4bb5bbec12 --- /dev/null +++ b/.github/pull-request-validator.yml @@ -0,0 +1,4 @@ +labels: + missing-review: pr/needs-review + changes-requested: pr/changes-requested + missing-failing-ci: pr/needs-ci diff --git a/.github/regression-sniffer.yml b/.github/regression-sniffer.yml new file mode 100644 index 0000000000..3824028e92 --- /dev/null +++ b/.github/regression-sniffer.yml @@ -0,0 +1 @@ +upstream: systemd/systemd diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml new file mode 100644 index 0000000000..2e858606ff --- /dev/null +++ b/.github/tracker-validator.yml @@ -0,0 +1,31 @@ +labels: + missing-tracker: tracker/missing + invalid-product: tracker/invalid-product + invalid-component: tracker/invalid-component + unapproved: tracker/unapproved +products: + - Red Hat Enterprise Linux 10 + - CentOS Stream 10 + - rhel-10.0.beta + - rhel-10.0 + - rhel-10.0.z + - rhel-10.1 + - rhel-10.1.z + - rhel-10.2 + - rhel-10.2.z + - rhel-10.3 + - rhel-10.3.z + - rhel-10.4 + - rhel-10.4.z + - rhel-10.5 + - rhel-10.5.z + - rhel-10.6 + - rhel-10.6.z + - rhel-10.7 + - rhel-10.7.z + - rhel-10.8 + - rhel-10.8.z + - rhel-10.9 + - rhel-10.9.z + - rhel-10.10 + - rhel-10.10.z diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml index e4a0caff03..857689a37b 100644 --- a/.github/workflows/gather-pr-metadata.yml +++ b/.github/workflows/gather-pr-metadata.yml @@ -1,18 +1,17 @@ --- - name: Gather Pull Request Metadata on: pull_request: - branches: [ main ] + types: [ opened, reopened, synchronize ] + branches: [ main, rhel-10.0.beta, rhel-10.* ] permissions: contents: read jobs: gather-metadata: - if: github.repository == 'systemd/systemd' - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest steps: - name: Repository checkout @@ -20,11 +19,10 @@ jobs: - id: metadata name: Gather Pull Request Metadata - uses: redhat-plumbers-in-action/gather-pull-request-metadata@17821d3bc27c1efed339595898c2e622accc5a1b + uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1 - name: Upload Pull Request Metadata artifact - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 + uses: actions/upload-artifact@v4 with: name: Pull Request Metadata path: ${{ steps.metadata.outputs.metadata-file }} - retention-days: 1 diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml new file mode 100644 index 0000000000..af9ea781f6 --- /dev/null +++ b/.github/workflows/source-git-automation-on-demand.yml @@ -0,0 +1,72 @@ +name: Source git Automation Scheduled/On Demand +on: + schedule: + # Workflow runs every 45 minutes + - cron: '*/45 * * * *' + workflow_dispatch: + inputs: + pr-number: + description: 'Pull Request number/s ; when not provided, the workflow will run for all open PRs' + required: true + default: '0' + +permissions: + contents: read + +jobs: + # Get all open PRs + gather-pull-requests: + if: github.repository == 'redhat-plumbers/systemd-rhel10' + runs-on: ubuntu-latest + + outputs: + pr-numbers: ${{ steps.get-pr-numbers.outputs.result }} + pr-numbers-manual: ${{ steps.parse-manual-input.outputs.result }} + + steps: + - id: get-pr-numbers + if: inputs.pr-number == '0' + name: Get all open PRs + uses: actions/github-script@v6 + with: + # !FIXME: this is not working if there is more than 100 PRs opened + script: | + const { data: pullRequests } = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'open', + per_page: 100 + }); + return pullRequests.map(pr => pr.number); + + - id: parse-manual-input + if: inputs.pr-number != '0' + name: Parse manual input + run: | + # shellcheck disable=SC2086 + echo "result="[ ${{ inputs.pr-number }} ]"" >> $GITHUB_OUTPUT + shell: bash + + validate-pr: + name: 'Validation of Pull Request #${{ matrix.pr-number }}' + needs: [ gather-pull-requests ] + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }} + + permissions: + # required for merging PRs + contents: write + # required for PR comments and setting labels + pull-requests: write + + steps: + - name: Source-git Automation + uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-number: ${{ matrix.pr-number }} + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml new file mode 100644 index 0000000000..d58242efa7 --- /dev/null +++ b/.github/workflows/source-git-automation.yml @@ -0,0 +1,45 @@ +name: Source git Automation +on: + workflow_run: + workflows: [ Gather Pull Request Metadata ] + types: + - completed + +permissions: + contents: read + +jobs: + download-metadata: + if: > + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion == 'success' && + github.repository == 'redhat-plumbers/systemd-rhel10' + runs-on: ubuntu-latest + + outputs: + pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }} + + steps: + - id: Artifact + name: Download Artifact + uses: redhat-plumbers-in-action/download-artifact@v1 + with: + name: Pull Request Metadata + + source-git-automation: + needs: [ download-metadata ] + runs-on: ubuntu-latest + + permissions: + # required for merging PRs + contents: write + # required for PR comments and setting labels + pull-requests: write + + steps: + - name: Source-git Automation + uses: redhat-plumbers-in-action/source-git-automation@v1 + with: + pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} + jira-api-token: ${{ secrets.JIRA_API_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} From eae8a0dc335edbdcf578697e95fa86607ff734da Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 16 May 2024 15:14:17 +0200 Subject: [PATCH 3/4] ci: deploy systemd man to GitHub Pages rhel-only Related: RHEL-36636 --- .github/workflows/deploy-man-pages.yml | 59 ++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/deploy-man-pages.yml diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml new file mode 100644 index 0000000000..9739228a87 --- /dev/null +++ b/.github/workflows/deploy-man-pages.yml @@ -0,0 +1,59 @@ +name: Deploy systemd man to Pages + +on: + push: + branches: [ main ] + paths: + - man/* + - .github/workflows/deploy-man-pages.yml + schedule: + # Run every Monday at 4:00 AM UTC + - cron: 0 4 * * 1 + workflow_dispatch: + +permissions: + contents: read + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: pages + cancel-in-progress: false + +jobs: + # Single deploy job since we're just deploying + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + + permissions: + pages: write + id-token: write + + steps: + - uses: actions/checkout@v4 + + - name: Install dependencies + run: | + sudo add-apt-repository -y --no-update --enable-source + sudo apt-get -y update + sudo apt-get -y build-dep systemd + + - name: Build HTML man pages + run: | + meson setup build + ninja -C build man/html + + - name: Setup Pages + uses: actions/configure-pages@v4 + + - name: Upload artifact + uses: actions/upload-pages-artifact@v3 + with: + path: ./build/man + + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 From a13f61cd9d7b61b1273aa054f493354c8ac5178b Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Fri, 17 May 2024 13:55:40 +0200 Subject: [PATCH 4/4] ci: reconfigure Packit for RHEL 10 rhel-only Related: RHEL-36636 --- .packit.yml | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/.packit.yml b/.packit.yml index 2dcc9e86ca..340c6992ec 100644 --- a/.packit.yml +++ b/.packit.yml @@ -24,14 +24,12 @@ actions: - "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'" post-upstream-clone: - # Use the Fedora Rawhide specfile - - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" + # Use the CentOS Stream 10 specfile + - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" - # Drop backported patches from the specfile, but keep the downstream-only ones - # - Patch(0000-0499): backported patches from upstream - # - Patch0500-9999: downstream-only patches - - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" + # Drop all patches, since they're already included in the tarball + - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec" # Build the RPM with --werror. Even though --werror doesn't work in all # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). @@ -45,20 +43,12 @@ actions: # until the change propagates to Rawhide's specfile - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec" +# Available targets can be listed via `copr-cli list-chroots` jobs: - job: copr_build trigger: pull_request targets: - - fedora-rawhide-aarch64 - - fedora-rawhide-i386 - - fedora-rawhide-ppc64le - - fedora-rawhide-s390x - - fedora-rawhide-x86_64 - -- job: tests - trigger: pull_request - fmf_url: https://src.fedoraproject.org/tests/systemd - fmf_ref: main - tmt_plan: ci - targets: - - fedora-rawhide-x86_64 + - centos-stream-10-aarch64 + - centos-stream-10-ppc64le + - centos-stream-10-s390x + - centos-stream-10-x86_64