Skip to content

Commit

Permalink
[WIP] initial testing for CI/CD clean up
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmurphy18
dmurphy18 committed Nov 15, 2024
1 parent 8782a3b commit a8b1804
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 269 deletions.
15 changes: 0 additions & 15 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,20 +245,6 @@ jobs:
instances: '["stable-3007", "onedir-3007", "stable-3007-1", "git-master", "latest", "default"]'


fedora-39:
name: Fedora 39
if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
uses: ./.github/workflows/test-linux.yml
needs:
- lint
- generate-actions-workflow
with:
distro-slug: fedora-39
display-name: Fedora 39
timeout: 20
instances: '["stable-3006", "onedir-3006", "stable-3006-8", "latest", "default"]'


fedora-40:
name: Fedora 40
if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
Expand Down Expand Up @@ -430,7 +416,6 @@ jobs:
- centos-stream9
- debian-11
- debian-12
- fedora-39
- fedora-40
- opensuse-15
- oraclelinux-8
Expand Down
58 changes: 0 additions & 58 deletions .github/workflows/nightly.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,61 +41,3 @@ jobs:
echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
echo "requirements-met=true" >> "${GITHUB_OUTPUT}"
fi
update-s3-bucket:
name: Update S3 Bucket
if: ${{ fromJSON(needs.workflow-requirements.outputs.requirements-met) }}
runs-on:
- self-hosted
- linux
- repo-release
needs:
- workflow-requirements
environment: release

steps:
- uses: actions/checkout@v4

- name: Get Salt Project GitHub Actions Bot Environment
run: |
TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"
- name: Setup GnuPG
run: |
sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
GNUPGHOME="$(mktemp -d -p /run/gpg)"
echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
cat <<EOF > "${GNUPGHOME}/gpg.conf"
batch
no-tty
pinentry-mode loopback
EOF
- name: Get Secrets
id: get-secrets
env:
SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
run: |
SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text | jq .default_key -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
| gpg --import -
sync
aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
--query SecretString --output text| jq .default_passphrase -r | base64 -d \
| gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
sync
rm "$SECRETS_KEY_FILE"
echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
- name: Install Requirements
run: |
python3 -m pip install -r requirements/release.txt
- name: Upload Develop to S3
run: |
tools release s3-publish --key-id 64CBBC8173D76B3F develop
181 changes: 4 additions & 177 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,7 @@ jobs:
update-develop:
name: Update CHANGELOG.md and bootstrap-salt.sh
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
## - repo-release
runs-on: ubuntu-latest
permissions:
contents: write # To be able to publish the release
environment: release
Expand All @@ -75,45 +71,13 @@ jobs:
python3 -m pip install -r requirements/release.txt
pre-commit install --install-hooks
## - name: Setup GnuPG
## run: |
## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## batch
## no-tty
## pinentry-mode loopback
## EOF

## - name: Get Secrets
## id: get-secrets
## env:
## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## run: |
## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text | jq .default_key -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## | gpg --import -
## sync
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## sync
## rm "$SECRETS_KEY_FILE"
## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

- name: Configure Git
shell: bash
run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging"
git config --global user.email [email protected]
git config --global commit.gpgsign false
## git config --global user.signingkey 64CBBC8173D76B3F
## git config --global commit.gpgsign true
- name: Update Repository
id: update-repo
Expand Down Expand Up @@ -151,11 +115,7 @@ jobs:

merge-develop-into-stable:
name: Merge develop into stable
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
## - repo-release
runs-on: ubuntu-latest
needs:
- update-develop
environment: release
Expand All @@ -169,45 +129,13 @@ jobs:
ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }}
fetch-depth: 0

## - name: Setup GnuPG
## run: |
## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## batch
## no-tty
## pinentry-mode loopback
## EOF

## - name: Get Secrets
## id: get-secrets
## env:
## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## run: |
## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text | jq .default_key -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## | gpg --import -
## sync
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## sync
## rm "$SECRETS_KEY_FILE"
## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

- name: Configure Git
shell: bash
run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging"
git config --global user.email [email protected]
git config --global commit.gpgsign false
## git config --global user.signingkey 64CBBC8173D76B3F
## git config --global commit.gpgsign true
- name: Download Release Details
uses: actions/download-artifact@v4
Expand Down Expand Up @@ -250,10 +178,7 @@ jobs:

publish-release:
name: Create GitHub Release
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
runs-on: ubuntu-latest
needs:
- merge-develop-into-stable
environment: release
Expand Down Expand Up @@ -299,75 +224,9 @@ jobs:
name: release-details
failOnError: false

## update-s3-bucket:
## name: Update S3 Bucket
## runs-on:
## - ubuntu-latest
## ## - self-hosted
## ## - linux
## ## - repo-release
## needs:
## - publish-release
## environment: release

## steps:
## - uses: actions/checkout@v4
## with:
## ref: stable
## repository: ${{ github.repository }}
## ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }}

## - name: Get Salt Project GitHub Actions Bot Environment
## run: |
## TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 30")
## SPB_ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/spb:environment)
## echo "SPB_ENVIRONMENT=$SPB_ENVIRONMENT" >> "$GITHUB_ENV"

## ## - name: Setup GnuPG
## ## run: |
## ## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## ## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## ## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## ## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## ## batch
## ## no-tty
## ## pinentry-mode loopback
## ## EOF

## ## - name: Get Secrets
## ## id: get-secrets
## ## env:
## ## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## ## run: |
## ## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## ## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## ## --query SecretString --output text | jq .default_key -r | base64 -d \
## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## ## | gpg --import -
## ## sync
## ## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## ## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## ## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## ## sync
## ## rm "$SECRETS_KEY_FILE"
## ## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

## ## - name: Install Requirements
## ## run: |
## ## python3 -m pip install -r requirements/release.txt

## ## - name: Upload Stable Release to S3
## ## run: |
## ## tools release s3-publish --key-id 64CBBC8173D76B3F stable

update-develop-checksums:
name: Update Release Checksums on Develop
runs-on:
- ubuntu-latest
## - self-hosted
## - linux
## - repo-release
runs-on: ubuntu-latest
needs:
- publish-release
environment: release
Expand All @@ -393,45 +252,13 @@ jobs:
repository: ${{ github.repository }}
ssh-key: ${{ secrets.SALT_BOOTSTRAP_RELEASE_KEY }}

## - name: Setup GnuPG
## run: |
## sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
## GNUPGHOME="$(mktemp -d -p /run/gpg)"
## echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
## cat <<EOF > "${GNUPGHOME}/gpg.conf"
## batch
## no-tty
## pinentry-mode loopback
## EOF

## - name: Get Secrets
## id: get-secrets
## env:
## SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
## run: |
## SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
## echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text | jq .default_key -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
## | gpg --import -
## sync
## aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
## --query SecretString --output text| jq .default_passphrase -r | base64 -d \
## | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
## sync
## rm "$SECRETS_KEY_FILE"
## echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"

- name: Configure Git
shell: bash
run: |
git config --global --add safe.directory "$(pwd)"
git config --global user.name "Salt Project Packaging"
git config --global user.email [email protected]
git config --global commit.gpgsign false
## git config --global user.signingkey 64CBBC8173D76B3F
## git config --global commit.gpgsign true
- name: Update Latest Release on README
run: |
Expand Down
Loading

0 comments on commit a8b1804

Please sign in to comment.