redhat-plumbers · jamacku · Jun 12, 2024 · May 16, 2024 · May 16, 2024 · May 16, 2024
diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml
@@ -0,0 +1,17 @@
+policy:
+  cherry-pick:
+    upstream:
+      - github: systemd/systemd
+    exception:
+      note:
+        - rhel-only
+        - RHEL-only
+  tracker:
+    - keyword:
+        - 'Resolves: '
+        - 'Related: '
+        - 'Reverts: '
+      type: jira
+      issue-format:
+        - 'RHEL-\d+$'
+      url: 'https://issues.redhat.com/browse/'
diff --git a/.github/auto-merge.yml b/.github/auto-merge.yml
@@ -0,0 +1,4 @@
+labels:
+  dont-merge: dont-merge
+  manual-merge: pr/needs-manual-merge
+target-branch': ['main']
diff --git a/.github/pull-request-validator.yml b/.github/pull-request-validator.yml
@@ -0,0 +1,4 @@
+labels:
+  missing-review: pr/needs-review
+  changes-requested: pr/changes-requested
+  missing-failing-ci: pr/needs-ci
diff --git a/.github/regression-sniffer.yml b/.github/regression-sniffer.yml
@@ -0,0 +1 @@
+upstream: systemd/systemd
diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
@@ -0,0 +1,31 @@
+labels:
+  missing-tracker: tracker/missing
+  invalid-product: tracker/invalid-product
+  invalid-component: tracker/invalid-component
+  unapproved: tracker/unapproved
+products:
+  - Red Hat Enterprise Linux 10
+  - CentOS Stream 10
+  - rhel-10.0.beta 
+  - rhel-10.0
+  - rhel-10.0.z
+  - rhel-10.1
+  - rhel-10.1.z
+  - rhel-10.2
+  - rhel-10.2.z
+  - rhel-10.3
+  - rhel-10.3.z
+  - rhel-10.4
+  - rhel-10.4.z
+  - rhel-10.5
+  - rhel-10.5.z
+  - rhel-10.6
+  - rhel-10.6.z
+  - rhel-10.7
+  - rhel-10.7.z
+  - rhel-10.8
+  - rhel-10.8.z
+  - rhel-10.9
+  - rhel-10.9.z
+  - rhel-10.10
+  - rhel-10.10.z
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
@@ -5,9 +5,6 @@
 name: ClusterFuzzLite PR fuzzing
 on:
   pull_request:
-    branches:
-      - main
-      - v[0-9]+-stable
 
 permissions: read-all
 

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -6,19 +6,13 @@ name: "CodeQL"
 
 on:
   pull_request:
-    branches:
-      - main
-      - v[0-9]+-stable
     paths:
       - '**/meson.build'
       - '.github/**/codeql*'
       - 'src/**'
       - 'test/**'
       - 'tools/**'
   push:
-    branches:
-      - main
-      - v[0-9]+-stable
 
 permissions:
   contents: read

diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml
@@ -0,0 +1,59 @@
+name: Deploy systemd man to Pages
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - man/*
+      - .github/workflows/deploy-man-pages.yml
+  schedule:
+    # Run every Monday at 4:00 AM UTC
+    - cron: 0 4 * * 1
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: pages
+  cancel-in-progress: false
+
+jobs:
+  # Single deploy job since we're just deploying
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+
+    permissions:
+      pages: write
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo add-apt-repository -y --no-update --enable-source
+          sudo apt-get -y update
+          sudo apt-get -y build-dep systemd
+
+      - name: Build HTML man pages
+        run: |
+          meson setup build
+          ninja -C build man/html
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: ./build/man
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
@@ -4,11 +4,7 @@
 name: Differential ShellCheck
 on:
   push:
-    branches:
-      - main
   pull_request:
-    branches:
-      - main
 
 permissions:
   contents: read

diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml
@@ -1,30 +1,28 @@
 ---
-
 name: Gather Pull Request Metadata
 
 on:
   pull_request:
-    branches: [ main ]
+    types: [ opened, reopened, synchronize ]
+    branches: [ main, rhel-10.0.beta, rhel-10.* ]
 
 permissions:
   contents: read
 
 jobs:
   gather-metadata:
-    if: github.repository == 'systemd/systemd'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
 
     steps:
       - name: Repository checkout
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
 
       - id: metadata
         name: Gather Pull Request Metadata
-        uses: redhat-plumbers-in-action/gather-pull-request-metadata@17821d3bc27c1efed339595898c2e622accc5a1b
+        uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
 
       - name: Upload Pull Request Metadata artifact
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3
+        uses: actions/upload-artifact@v4
         with:
           name: Pull Request Metadata
           path: ${{ steps.metadata.outputs.metadata-file }}
-          retention-days: 1
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -6,9 +6,6 @@ name: Lint Code Base
 
 on:
   pull_request:
-    branches:
-      - main
-      - v[0-9]+-stable
 
 permissions:
   contents: read

diff --git a/.github/workflows/source-git-automation-on-demand.yml b/.github/workflows/source-git-automation-on-demand.yml
@@ -0,0 +1,72 @@
+name: Source git Automation Scheduled/On Demand
+on:
+  schedule:
+    # Workflow runs every 45 minutes
+    - cron: '*/45 * * * *'
+  workflow_dispatch:
+    inputs:
+      pr-number:
+        description: 'Pull Request number/s ; when not provided, the workflow will run for all open PRs'
+        required: true
+        default: '0'
+
+permissions:
+  contents: read
+
+jobs:
+  # Get all open PRs
+  gather-pull-requests:
+    if: github.repository == 'redhat-plumbers/systemd-rhel10'
+    runs-on: ubuntu-latest
+
+    outputs:
+      pr-numbers: ${{ steps.get-pr-numbers.outputs.result }}
+      pr-numbers-manual: ${{ steps.parse-manual-input.outputs.result }}
+
+    steps:
+      - id: get-pr-numbers
+        if: inputs.pr-number == '0'
+        name: Get all open PRs
+        uses: actions/github-script@v6
+        with:
+          # !FIXME: this is not working if there is more than 100 PRs opened
+          script: |
+            const { data: pullRequests } = await github.rest.pulls.list({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              per_page: 100
+            });
+            return pullRequests.map(pr => pr.number);
+
+      - id: parse-manual-input
+        if: inputs.pr-number != '0'
+        name: Parse manual input
+        run: |
+          # shellcheck disable=SC2086
+          echo "result="[ ${{ inputs.pr-number }} ]"" >> $GITHUB_OUTPUT
+        shell: bash
+
+  validate-pr:
+    name: 'Validation of Pull Request #${{ matrix.pr-number }}'
+    needs: [ gather-pull-requests ]
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }}
+
+    permissions:
+      # required for merging PRs
+      contents: write
+      # required for PR comments and setting labels
+      pull-requests: write
+
+    steps:
+      - name: Source-git Automation
+        uses: redhat-plumbers-in-action/source-git-automation@v1
+        with:
+          pr-number: ${{ matrix.pr-number }}
+          jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml
@@ -0,0 +1,45 @@
+name: Source git Automation
+on:
+  workflow_run:
+    workflows: [ Gather Pull Request Metadata ]
+    types:
+      - completed
+
+permissions:
+  contents: read
+
+jobs:
+  download-metadata:
+    if: >
+      github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success' &&
+      github.repository == 'redhat-plumbers/systemd-rhel10'
+    runs-on: ubuntu-latest
+
+    outputs:
+      pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }}
+
+    steps:
+      - id: Artifact
+        name: Download Artifact
+        uses: redhat-plumbers-in-action/download-artifact@v1
+        with:
+          name: Pull Request Metadata
+
+  source-git-automation:
+    needs: [ download-metadata ]
+    runs-on: ubuntu-latest
+
+    permissions:
+      # required for merging PRs
+      contents: write
+      # required for PR comments and setting labels
+      pull-requests: write
+
+    steps:
+      - name: Source-git Automation
+        uses: redhat-plumbers-in-action/source-git-automation@v1
+        with:
+          pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }}
+          jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
@@ -5,9 +5,6 @@
 name: Unit tests
 on:
   pull_request:
-    branches:
-      - main
-      - v[0-9]+-stable
 
 permissions:
   contents: read

diff --git a/.packit.yml b/.packit.yml
@@ -24,14 +24,12 @@ actions:
     - "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'"
 
   post-upstream-clone:
-    # Use the Fedora Rawhide specfile
-    - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
+    # Use the CentOS Stream 10 specfile
+    - "git clone -b c10s https://gitlab.com/redhat/centos-stream/rpms/systemd.git .packit_rpm --depth=1"
     # Drop the "sources" file so rebase-helper doesn't think we're a dist-git
     - "rm -fv .packit_rpm/sources"
-    # Drop backported patches from the specfile, but keep the downstream-only ones
-    # - Patch(0000-0499): backported patches from upstream
-    # - Patch0500-9999: downstream-only patches
-    - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec"
+    # Drop all patches, since they're already included in the tarball
+    - "sed -ri '/^Patch[0-9]+:/d' .packit_rpm/systemd.spec"
     # Build the RPM with --werror. Even though --werror doesn't work in all
     # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
     # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
@@ -45,20 +43,12 @@ actions:
     # until the change propagates to Rawhide's specfile
     - "sed -ri '0,/^BuildRequires: .+$/s//&\\nBuildRequires: libarchive-devel\\nRequires: libarchive/' .packit_rpm/systemd.spec"
 
+# Available targets can be listed via `copr-cli list-chroots`
 jobs:
 - job: copr_build
   trigger: pull_request
   targets:
-  - fedora-rawhide-aarch64
-  - fedora-rawhide-i386
-  - fedora-rawhide-ppc64le
-  - fedora-rawhide-s390x
-  - fedora-rawhide-x86_64
-
-- job: tests
-  trigger: pull_request
-  fmf_url: https://src.fedoraproject.org/tests/systemd
-  fmf_ref: main
-  tmt_plan: ci
-  targets:
-  - fedora-rawhide-x86_64
+  - centos-stream-10-aarch64
+  - centos-stream-10-ppc64le
+  - centos-stream-10-s390x
+  - centos-stream-10-x86_64