particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6863 commits 1 branch 0 tags 688 MiB
Commit graph

154 commits

Author SHA1 Message Date
Ondřej Budai
3561202acc github: prevent script injections via PR branch names 
Prior this commit, ${{ github.event.workflow_run.head_branch }} got
expanded in the bash script. A malicious actor could inject
an arbitrary shell script. Since this action has access to a token
with write rights the malicious actor can easily steal this token.

This commit moves the expansion into an env block where such an
injection cannot happen. This is the preferred way according to the
github docs:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
 2024-12-05 18:13:17 +01:00
Florian Schüller
f478f802f2 github/workflows/tests: add dependency for tests 
libbtrfs-dev seems to be required, otherwise the tests fail
 2024-11-19 13:55:38 +01:00
Florian Schüller
00d3f07d08 Makefile: implement make db-tests 
enables the option to run the DB tests locally
that are executed in the github actions
 2024-11-06 15:16:42 +01:00
Achilleas Koutsou
2a6fe9122f github: disable caching for golangci-lint-action 
There seems to be a caching issue with the linter.  It's reporting go
dependency replacements when there are none.
 2024-09-17 23:33:44 +02:00
Florian Schüller
11f707d277 workflows: include splunk_logger sub module in tests 2024-08-28 16:41:07 +02:00
Florian Schüller
0a68fe3005 Makefile: implement helper to process OpenShift templates 
just for manual checks if the template syntax is fine
and align with the github action to use the same code
 2024-08-02 04:01:02 +02:00
Achilleas Koutsou
1cc90c6a0b go.mod: update to go v1.21 
Go 1.21 is included in all currently supported distro versions.
It is required by new updates to some of our dependencies, including
osbuild/images.
 2024-07-04 19:01:07 +02:00
Florian Schüller
c36367d4cc makefile: implement make lint 2024-07-04 17:52:44 +02:00
dependabot[bot]
7ce03144da build(deps): bump golangci/golangci-lint-action from 5 to 6 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-13 15:44:16 +02:00
Tomáš Hozza
fa416e4545 Test: re-enable snapshot URL check (COMPOSER-2263) 
Enumerating snapshots now works after the cleanup of EOL releases.

Fixes https://issues.redhat.com/browse/COMPOSER-2263

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2024-06-04 17:17:19 +02:00
Tomáš Hozza
4267c28ffb Tests: temporarily disable checking of valid snapshot URLs 
rpmrepo snapshot enumeration is timing out, which is effectively
blocking GitLab CI from running. Disable the check for now to unblock
CI.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2024-06-04 13:03:37 +02:00
Tomáš Hozza
8f36b6f26e Explicitly pass rpmlint config when calling it 
New version of rpmlint stopped picking the config automatically.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2024-05-30 19:58:34 +02:00
Tomáš Hozza
666baff944 Update F37 to F40 
Fedora 37 has been EOL for some time.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2024-05-30 19:58:34 +02:00
Alexander Todorov
8dece19342 Submit data to CodeCov only if actor has access to token secrets 2024-05-10 22:08:27 +03:00
Alexander Todorov
966685607b Re-enable codecov but use a GHA to submit the results 
because the bash upload has been deprecated
 2024-05-10 22:08:27 +03:00
dependabot[bot]
90dd99471c build(deps): bump golangci/golangci-lint-action from 4 to 5 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-05-02 08:46:48 +02:00
Sanne Raymaekers
37233b7b62 .github/workflows/tests: disable codecov until further notice 
The script hangs while pinging codecov for a url to upload the results
to.
 2024-04-30 12:59:58 +02:00
Sanne Raymaekers
a87e3069a1 templates/openshift: make the maintenance template generic 
We could deploy this job for both composer and each tenant's workers
that's present in app-intf. Then we can remove the maintenance bits from
the composer template.
 2024-04-29 15:04:52 +02:00
Sanne Raymaekers
5a776c5b79 templates/openshift: split worker from composer maintenance 2024-04-25 17:32:21 +02:00
Alexander Todorov
c534689d57 Add CI step to detect possible problematic usage of trap 
see for example this change:
https://github.com/osbuild/osbuild-composer/pull/3681/commits/13a3ca24ceef05164a77db1c71b929e262098f41
 2024-04-19 13:16:11 +03:00
Achilleas Koutsou
f98169c29a go.mod: update to go v1.20 
Go 1.20 is included in all currently supported distro versions.

Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
 2024-04-11 16:39:21 +02:00
Achilleas Koutsou
de54fc541e github: remove linting of dnf-json 
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
 2024-04-11 16:31:50 +02:00
Simon de Vlieger
b89293ea94 ci: add a PR best practices check 2024-03-07 19:46:11 +01:00
dependabot[bot]
ef07f2b81f build(deps): bump golangci/golangci-lint-action from 3 to 4 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-04 15:01:41 +01:00
dependabot[bot]
1bd19ab75b build(deps): bump stackrox/kube-linter-action from 1.0.4 to 1.0.5 
Bumps [stackrox/kube-linter-action](https://github.com/stackrox/kube-linter-action) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/stackrox/kube-linter-action/releases)
- [Commits](https://github.com/stackrox/kube-linter-action/compare/v1.0.4...v1.0.5)

---
updated-dependencies:
- dependency-name: stackrox/kube-linter-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-04 15:00:30 +01:00
Brian C. Lane
4e504f7905 README: Fix reference to developer guide 2024-02-29 10:56:03 +01:00
Diaa Sami
76e686df10 switch to images/pkg/dnfjson and remove internal copy 
COMPOSER-2068
 2024-02-20 15:55:47 +01:00
dependabot[bot]
232bce95b5 build(deps): bump actions/upload-artifact from 3 to 4 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-06 12:28:59 +01:00
dependabot[bot]
7b5c4eb526 build(deps): bump actions/setup-go from 4 to 5 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-06 12:26:58 +01:00
Tomáš Hozza
625b1578fa Port osbuild/images v0.33.0 with dot-notation to composer 
Update the osbuild/images to the version which introduces "dot notation"
for distro release versions.

 - Replace all uses of distroregistry by distrofactory.
 - Delete local version of reporegistry and use the one from the
   osbuild/images.
 - Weldr: unify `createWeldrAPI()` and `createWeldrAPI2()` into a single
   `createTestWeldrAPI()` function`.
 - store/fixture: rework fixtures to allow overriding the host distro
   name and host architecture name. A cleanup function to restore the
   host distro and arch names is always part of the fixture struct.
 - Delete `distro_mock` package, since it is no longer used.
 - Bump the required version of osbuild to 98, because the OSCAP
   customization is using the 'compress_results' stage option, which is
   not available in older versions of osbuild.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2024-01-26 11:32:34 +01:00
Brian C. Lane
d5e1bc28e9 tests: Run check-runners as part of the tests 2024-01-16 12:29:21 +01:00
dependabot[bot]
5e46230182 build(deps): bump actions/github-script from 6 to 7 
Bumps [actions/github-script](https://github.com/actions/github-script) from 6 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-06 09:11:10 +01:00
Sanne Raymaekers
cf10847d3e .github: update apt metadata before installing deps 2023-11-08 10:39:28 +01:00
Tomáš Hozza
e1434746a2 Test: lint Packit configuration as part of CI 
This will ensure that our Packit config stays valid.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2023-10-31 08:10:30 +01:00
Tomáš Hozza
b58a4b0009 Test: rename 'Lint' -> 'Golang Lint' 
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2023-10-31 08:10:30 +01:00
Brian C. Lane
8ec783a4dd tests: Update to use golangci-lint v1.54.2 2023-10-02 23:59:12 +02:00
dependabot[bot]
9e3602c088 build(deps): bump actions/checkout from 3 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-22 10:19:39 +02:00
Tomáš Hozza
eb8b63f3ca Actions: add workflow for marking and closing stale issues and PRs 
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
 2023-09-07 13:10:48 +02:00
Ondřej Budai
567fb680d4 dependabot: group go package updates 
Imho, this is much saner than having so many PRs for all individual
dependencies. Taken from osbuild/images.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2023-08-24 21:40:26 +02:00
Brian C. Lane
8ff4c0c40a tests: Add a check for valid snapshot urls 
This pulls the list of snapshots from the rpmrepo API, greps the
codebase for all uses of rpmrepo.osbuild.org that look like a snapshot
name, and then checks to make sure they are still valid.
 2023-07-28 11:28:40 +03:00
Ondřej Budai
cac9327b44 update to go 1.19 
UBI and the oldest support Fedora (37) now all have go 1.19, so we are
cleared to switch.

gofmt now reformats comments in certain cases, so that explains the formatting
changes in this commit.
See https://go.dev/doc/go1.19#go-doc

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2023-07-21 19:18:00 +02:00
Ondřej Budai
3acc0d1d2e ci: fix the gitlab trigger 
There were two issues:

- ${{ }} converts the expression to a string and strings are apparently always truthy
  https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif
- There was a typo in pr_data

Therefore, the check didn't work properly.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2023-07-21 12:12:44 +02:00
Alexander Todorov
b8eea609f9 Fix typo in reference to another CI step 2023-07-10 15:27:24 +02:00
Alexander Todorov
7fa81a514f Schedule a nightly CI pipeline against each PR 
- don't report to Slack if SLACK_WEBHOOK_URL is not defined
- report GitHub statuses separately for regular pipeline & nightly
  pipeline
 2023-07-10 13:11:43 +02:00
Tomáš Hozza
fce19f9676
Update create-tag.yml 
Enable scheduled releases again.
 2023-06-30 16:39:25 +02:00
Tomáš Hozza
815f6c4f16
Pause scheduled releases 
We need to hold-off the next release until https://github.com/osbuild/osbuild-composer/pull/3524 is merged
 2023-06-28 09:43:56 +02:00
Alexander Todorov
1757e5473d Sanity check if cloud-cleaner workflow is enabled 
GitHub will automatically disable scheduled actions defined on
repositories which don't receive much activity. In particular such
scheduled jobs will be disabled after 60 days of repo inactivity.

This CI job sanity checks the current status and reports back to
every PR so we can manually re-enable cloud-cleaner if necessary.
 2023-06-27 15:08:42 +03:00
dependabot[bot]
88f863f14b build(deps): bump actions/setup-go from 3 to 4 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-20 10:56:34 +01:00
Antonio Murdaca
e34b88d6e4 .github/workflows: pin golangci-lint to v1.51.0 
The new "latest" aka v1.51.1 started throwing unused errors during runs,
blocking all the other tests, to quickly unblock that until a proper
fix/rewrite is found, pin the version to the previous one.

Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
 2023-02-06 11:04:06 +01:00
dependabot[bot]
70c61d4c24 build(deps): bump ludeeus/action-shellcheck 
Bumps [ludeeus/action-shellcheck](https://github.com/ludeeus/action-shellcheck) from 6d3f514f44620b9d4488e380339edc0d9bbe2fba to 00cae500b08a931fb5698e11e79bfbd38e612a38.
- [Release notes](https://github.com/ludeeus/action-shellcheck/releases)
- [Commits](6d3f514f44...00cae500b0)

---
updated-dependencies:
- dependency-name: ludeeus/action-shellcheck
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 12:26:29 +01:00