diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 54ff10273ff4..ff2bba088fe5 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -48,89 +48,6 @@ jobs: echo "image-id=ghcr.io/powerdns/${{ inputs.runner-docker-image-name || env.DEFAULT_RUNNER_DOCKER_IMAGE }}" >> "$GITHUB_OUTPUT" echo "tag=${{ env.DEFAULT_IMAGE_TAG }}" >> "$GITHUB_OUTPUT" - build-auth: - name: build auth (${{ matrix.builder }}) - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - needs: get-runner-container-image - container: - image: "${{ matrix.container_image }}" - env: - FUZZING_TARGETS: yes - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - UNIT_TESTS: yes - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - strategy: - matrix: - container_image: ["${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"] - builder: [autotools, meson] - exclude: - - container_image: "ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:${{ needs.get-runner-container-image.outputs.tag }}" - builder: meson - fail-fast: false - defaults: - run: - working-directory: ./pdns-${{ env.BUILDER_VERSION }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - name: get timestamp for cache - id: get-stamp - run: | - echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" - shell: bash - working-directory: . - - run: mkdir -p ~/.ccache - working-directory: . - - name: let GitHub cache our ccache data - uses: actions/cache@v4 - with: - path: ~/.ccache - key: auth-ccache-${{ matrix.builder }}-${{ steps.get-stamp.outputs.stamp }} - restore-keys: auth-ccache-${{ matrix.builder }} - - name: set sanitizers - run: echo "SANITIZERS=${{ matrix.builder == 'meson' && 'address,undefined' || 'asan+ubsan' }}" >> "$GITHUB_ENV" - working-directory: . - - run: inv install-auth-build-deps - working-directory: . - - run: inv ci-autoconf ${{ matrix.builder == 'meson' && '--meson' || '' }} - working-directory: . - - run: inv ci-auth-configure ${{ matrix.builder == 'meson' && '--meson' || '' }} -b pdns-${{ env.BUILDER_VERSION }} - working-directory: . - - run: inv ci-auth-build ${{ matrix.builder == 'meson' && '--meson' || '' }} # This runs under pdns-$BUILDER_VERSION/pdns/ for make bear - - run: inv ci-auth-install-remotebackend-test-deps - - if: ${{ matrix.builder == 'meson' }} - run: inv install-auth-test-deps-only -b geoip - - run: inv ci-auth-run-unit-tests ${{ matrix.builder == 'meson' && '--meson' || '' }} - env: - PDNS_BUILD_PATH: ../pdns-${{ env.BUILDER_VERSION }} - - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }} - working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns - - name: Coveralls Parallel auth unit - if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: auth-unit-${{ env.SANITIZERS }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - fail-on-error: false - - run: inv ci-auth-install ${{ matrix.builder == 'meson' && '--meson' || '' }} - - run: ccache -s - - if: ${{ matrix.builder != 'meson' }} - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - if: ${{ matrix.builder != 'meson' }} - name: Store the binaries - uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - retention-days: 1 - build-recursor: name: build recursor if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} @@ -205,314 +122,6 @@ jobs: path: /opt/pdns-recursor retention-days: 1 - build-dnsdist: - name: build dnsdist - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - needs: get-runner-container-image - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - features: [least, full] - exclude: - - sanitizers: tsan - features: least - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - SANITIZERS: ${{ matrix.sanitizers }} - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - UNIT_TESTS: yes - FUZZING_TARGETS: yes - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - defaults: - run: - working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - name: get timestamp for cache - id: get-stamp - run: | - echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT" - shell: bash - working-directory: . - - run: mkdir -p ~/.ccache - working-directory: . - - name: let GitHub cache our ccache data - uses: actions/cache@v4 - with: - path: ~/.ccache - key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }} - restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache- - - run: inv ci-install-rust ${{ env.REPO_HOME }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-autoconf - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure ${{ matrix.features }} - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-make-distdir - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure ${{ matrix.features }} - - run: inv ci-dnsdist-make-bear - - run: inv ci-dnsdist-run-unit-tests - - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel dnsdist unit - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - fail-on-error: false - - run: inv ci-make-install - - run: ccache -s - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Store the binaries - uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar - with: - name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/dnsdist - retention-days: 1 - - test-auth-api: - needs: - - build-auth - - get-runner-container-image - runs-on: ubuntu-22.04 - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - ASAN_OPTIONS: detect_leaks=0 - TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" - AUTH_BACKEND_IP_ADDR: "172.17.0.1" - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - strategy: - matrix: - include: - - backend: gsqlite3 - image: coscale/docker-sleep - - backend: gmysql - image: mysql:5 - - backend: gpgsql - image: postgres:9 - - backend: lmdb - image: coscale/docker-sleep - fail-fast: false - services: - database: - image: ${{ matrix.image }} - env: - POSTGRES_USER: runner - POSTGRES_HOST_AUTH_METHOD: trust - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - ports: - - 3306:3306 - - 5432:5432 - # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. - options: >- - --restart always - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - - run: inv apt-fresh - - run: inv install-clang-runtime - - run: inv install-auth-test-deps -b ${{ matrix.backend }} - - run: inv test-api auth -b ${{ matrix.backend }} - - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' }} - - name: Coveralls Parallel auth API ${{ matrix.backend }} - if: ${{ env.COVERAGE == 'yes' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: auth-api-${{ matrix.backend }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - fail-on-error: false - - test-auth-backend: - needs: - - build-auth - - get-runner-container-image - runs-on: ubuntu-22.04 - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - ASAN_OPTIONS: detect_leaks=0 - LDAPHOST: ldap://ldapserver/ - ODBCINI: /github/home/.odbc.ini - AUTH_BACKEND_IP_ADDR: "172.17.0.1" - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - strategy: - matrix: - include: - - backend: remote - image: coscale/docker-sleep - env: {} - ports: [] - - backend: gmysql - image: mysql:5 - env: - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - ports: - - 3306:3306 - - backend: gmysql - image: mariadb:10 - env: - MYSQL_ALLOW_EMPTY_PASSWORD: 1 - ports: - - 3306:3306 - - backend: gpgsql - image: postgres:9 - env: - POSTGRES_USER: runner - POSTGRES_HOST_AUTH_METHOD: trust - ports: - - 5432:5432 - - backend: gsqlite3 # this also runs regression-tests.nobackend and pdnsutil test-algorithms - image: coscale/docker-sleep - env: {} - ports: [] - - backend: lmdb - image: coscale/docker-sleep - env: {} - ports: [] - - backend: bind - image: coscale/docker-sleep - env: {} - ports: [] - - backend: geoip - image: coscale/docker-sleep - env: {} - ports: [] - - backend: lua2 - image: coscale/docker-sleep - env: {} - ports: [] - - backend: tinydns - image: coscale/docker-sleep - env: {} - ports: [] - - backend: authpy - image: coscale/docker-sleep - env: {} - ports: [] - - backend: godbc_sqlite3 - image: coscale/docker-sleep - env: {} - ports: [] - - backend: godbc_mssql - image: mcr.microsoft.com/mssql/server:2022-CU12-ubuntu-22.04 - env: - ACCEPT_EULA: Y - SA_PASSWORD: 'SAsa12%%-not-a-secret-password' - ports: - - 1433:1433 - - backend: ldap - image: powerdns/ldap-regress:1.2.4-1 - env: - LDAP_LOG_LEVEL: 0 - CONTAINER_LOG_LEVEL: 4 - ports: - - 389:389 - - backend: geoip_mmdb - image: coscale/docker-sleep - env: {} - ports: [] - fail-fast: false - services: - database: - image: ${{ matrix.image }} - env: ${{ matrix.env }} - ports: ${{ matrix.ports }} - # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too. - options: >- - --restart always - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - # FIXME: install recursor for backends that have ALIAS - - run: inv install-clang-runtime - - run: inv install-auth-test-deps -b ${{ matrix.backend }} - - run: inv test-auth-backend -b ${{ matrix.backend }} - - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' }} - - name: Coveralls Parallel auth backend ${{ matrix.backend }} - if: ${{ env.COVERAGE == 'yes' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: auth-backend-${{ matrix.backend }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - fail-on-error: false - - test-ixfrdist: - needs: - - build-auth - - get-runner-container-image - runs-on: ubuntu-22.04 - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - ASAN_OPTIONS: detect_leaks=0 - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: pdns-auth-${{ env.normalized-branch-name }} - path: /opt/pdns-auth - - run: inv install-clang-runtime - - run: inv install-auth-test-deps - - run: inv test-ixfrdist - - run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' }} - - name: Coveralls Parallel ixfrdist - if: ${{ env.COVERAGE == 'yes' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: ixfrdist - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - fail-on-error: false - test-recursor-api: needs: - build-recursor @@ -653,82 +262,9 @@ jobs: allow-empty: true fail-on-error: false - test-dnsdist-regression: - needs: - - build-dnsdist - - get-runner-container-image - runs-on: ubuntu-22.04 - strategy: - matrix: - sanitizers: [ubsan+asan, tsan] - container: - image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}" - env: - UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp" - # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498 - ASAN_OPTIONS: intercept_send=0 - LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-lsan.supp" - TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp" - # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions - SKIP_INCLUDEDIR_TESTS: yes - SANITIZERS: ${{ matrix.sanitizers }} - COVERAGE: yes - options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV" - - name: Fetch the binaries - uses: actions/download-artifact@v4 - with: - name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }} - path: /opt/dnsdist - - run: inv install-clang-runtime - - run: inv install-dnsdist-test-deps $([ "$(. /etc/os-release && echo $VERSION_CODENAME)" = "bullseye" ] && echo "--skipXDP=True") - - run: inv test-dnsdist - - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - - name: Coveralls Parallel dnsdist regression - if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }} - uses: coverallsapp/github-action@v2 - with: - flag-name: dnsdist-regression-full-${{ matrix.sanitizers }} - path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov - parallel: true - allow-empty: true - fail-on-error: false - - swagger-syntax-check: - if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - runs-on: ubuntu-22.04 - # FIXME: https://github.com/PowerDNS/pdns/pull/12880 - # container: - # image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master - # options: --sysctl net.ipv6.conf.all.disable_ipv6=0 - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - ref: ${{ inputs.branch-name }} - - run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade - - run: inv install-swagger-tools - - run: inv swagger-syntax-check - collect: needs: - - build-auth - - build-dnsdist - build-recursor - - swagger-syntax-check - - test-auth-api - - test-auth-backend - - test-dnsdist-regression - - test-ixfrdist - test-recursor-api - test-recursor-regression - test-recursor-bulk diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml index 1d666c01503d..182ca53949d2 100644 --- a/.github/workflows/builder.yml +++ b/.github/workflows/builder.yml @@ -33,9 +33,8 @@ jobs: runs-on: ${{ matrix.runner-os }} strategy: matrix: - product: ['authoritative', 'recursor', 'dnsdist'] + product: ['recursor'] os: - - el-7 - el-8 - centos-9-stream - ubuntu-noble diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d7cdcc81c930..44166620092e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] language: ['cpp'] - product: ['auth', 'rec', 'dnsdist'] + product: ['rec'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection @@ -54,8 +54,6 @@ jobs: REPO_HOME: ${{ github.workspace }} outputs: - clang-tidy-annotations-auth: ${{ steps.clang-tidy-annotations-auth.outputs.failed }} - clang-tidy-annotations-dnsdist: ${{ steps.clang-tidy-annotations-dnsdist.outputs.failed }} clang-tidy-annotations-rec: ${{ steps.clang-tidy-annotations-rec.outputs.failed }} steps: diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 133107b83ee2..e3b2ce194aef 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -10,23 +10,6 @@ permissions: # least privileges, see https://docs.github.com/en/actions/using-wo actions: read jobs: - call-build-image-auth: - uses: PowerDNS/pdns/.github/workflows/build-docker-images.yml@master - if: ${{ vars.SCHEDULED_DOCKER }} - with: - product: auth - ref: ${{ github.ref_name }} - image-name: pdns-auth-master - image-tags: |- - latest - image-description: 'EXPERIMENTAL pdns auth image' - platforms: linux/amd64,linux/arm64/v8 - push: true - secrets: - DOCKERHUB_ORGANIZATION_NAME: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - call-build-image-recursor: uses: PowerDNS/pdns/.github/workflows/build-docker-images.yml@master if: ${{ vars.SCHEDULED_DOCKER }} @@ -44,19 +27,3 @@ jobs: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - call-build-image-dnsdist: - uses: PowerDNS/pdns/.github/workflows/build-docker-images.yml@master - if: ${{ vars.SCHEDULED_DOCKER }} - with: - product: dnsdist - ref: ${{ github.ref_name }} - image-name: dnsdist-master - image-tags: |- - latest - image-description: 'EXPERIMENTAL dnsdist image' - platforms: linux/amd64,linux/arm64/v8 - push: true - secrets: - DOCKERHUB_ORGANIZATION_NAME: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml deleted file mode 100644 index 91823aa0eb9e..000000000000 --- a/.github/workflows/documentation.yml +++ /dev/null @@ -1,338 +0,0 @@ -# This workflow builds and publishes documentation for PowerDNS products. -# It is controlled by the following variables and secrets: - -# Variables: -# - PUBLISH_DOCS_TO_AWS: Set to 'true' to enable publishing to AWS -# - PUBLISH_DOCS_TO_NETLIFY: Set to 'true' to enable publishing to Netlify -# - PUBLISH_DOCS_TO_WEB1: Set to 'true' to enable publishing to Web1 - -# - AWS_REGION: AWS region for S3 and CloudFront -# - AWS_S3_BUCKET_DOCS: S3 bucket name for documentation -# - AWS_CLOUDFRONT_DISTRIBUTION_ID_DNSDIST: CloudFront distribution ID for DNSdist docs -# - AWS_CLOUDFRONT_DISTRIBUTION_ID_DOCS: CloudFront distribution ID for PowerDNS docs - -# - NETLIFY_SITE_ID_DOCS: Netlify site ID for PowerDNS docs -# - NETLIFY_SITE_ID_DNSDIST: Netlify site ID for DNSdist docs - - -# - REC_DOCS_DIR: Directory for Recursor docs on Web1 -# - AUTH_DOCS_DIR: Directory for Authoritative Server docs on Web1 -# - WEB1_HOSTKEY: SSH host key for Web1 -# - DOCS_HOST: Hostname for documentation server - -# Secrets: -# - AWS_ACCESS_KEY_ID: AWS access key ID -# - AWS_SECRET_ACCESS_KEY: AWS secret access key -# - NETLIFY_API_TOKEN: API token for Netlify -# - WEB1_DOCS_SECRET: SSH key for Web1 access - ---- -name: 'Documentation' - -on: - push: - branches: [master] - workflow_dispatch: {} - -permissions: - contents: read - -env: - FORCE_JAVASCRIPT_ACTIONS_TO_NODE20: true - -jobs: - build-docs: - name: Build docs - runs-on: ubuntu-22.04 - env: - SERVICE_IP_ADDR: 127.0.0.1 - BRANCH_NAME: ${{ github.ref_name }} - services: - database: - image: epicwink/proxpi - ports: - - 5000:5000 - options: >- - --restart always - outputs: - pdns_version: ${{ steps.get-version.outputs.pdns_version }} - pip-list-auth: ${{ steps.pip-logs-auth.outputs.list-auth }} - pip-list-rec: ${{ steps.pip-logs-rec.outputs.list-rec }} - pip-list-dnsdist: ${{ steps.pip-logs-dnsdist.outputs.list-dnsdist }} - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - run: pip config set global.index-url http://${{ env.SERVICE_IP_ADDR }}:5000/index/ - - run: pip config set global.trusted-host ${{ env.SERVICE_IP_ADDR }} - - id: proxpi-docker - run: echo "id=$(docker ps | grep "epicwink/proxpi" | awk '{print $1}')" >> "$GITHUB_OUTPUT" - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-doc-deps - - run: inv install-doc-deps-pdf - - - id: get-version - run: | - echo "pdns_version=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - # Build Auth docs - - run: inv ci-docs-build - - run: mv html auth-html-docs - working-directory: ./docs/_build - - run: tar cf auth-html-docs.tar auth-html-docs - working-directory: ./docs/_build - - uses: actions/upload-artifact@v4 - with: - name: authoritative-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./docs/_build/auth-html-docs.tar - - run: inv ci-docs-build-pdf - - uses: actions/upload-artifact@v4 - with: - name: PowerDNS-Authoritative-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./docs/_build/latex/PowerDNS-Authoritative.pdf - - run: docker logs ${{ steps.proxpi-docker.outputs.id }} 2>&1 | grep whl | awk '{print $8}' | cut -d "/" -f 4 | awk -F'-' '{print $1"=="$2}' | sort -u --ignore-case > /tmp/proxpi-auth.log - - id: pip-logs-auth - run: echo "list-auth=$(cat /tmp/proxpi-auth.log | base64 -w0)" >> "$GITHUB_OUTPUT" - - run: sudo sh -c "truncate -s 0 /var/lib/docker/containers/${{ steps.proxpi-docker.outputs.id }}*/${{ steps.proxpi-docker.outputs.id }}*-json.log" - - name: Copy PDF to HTML docs directory - run: | - cp ./docs/_build/latex/PowerDNS-Authoritative.pdf ./docs/_build/auth-html-docs/ - # Build Rec docs - - run: inv ci-metrics-rec-generate - working-directory: ./pdns/recursordist - - run: inv ci-docs-rec-generate - working-directory: ./pdns/recursordist/settings - - run: inv ci-docs-build - working-directory: ./pdns/recursordist - - run: mv html rec-html-docs - working-directory: ./pdns/recursordist/docs/_build - - run: tar cf rec-html-docs.tar rec-html-docs - working-directory: ./pdns/recursordist/docs/_build - - uses: actions/upload-artifact@v4 - with: - name: recursor-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./pdns/recursordist/docs/_build/rec-html-docs.tar - - run: inv ci-docs-build-pdf - working-directory: ./pdns/recursordist - - uses: actions/upload-artifact@v4 - with: - name: PowerDNS-Recursor-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./pdns/recursordist/docs/_build/latex/PowerDNS-Recursor.pdf - - run: docker logs ${{ steps.proxpi-docker.outputs.id }} 2>&1 | grep whl | awk '{print $8}' | cut -d "/" -f 4 | awk -F'-' '{print $1"=="$2}' | sort -u --ignore-case > /tmp/proxpi-rec.log - - id: pip-logs-rec - run: echo "list-rec=$(cat /tmp/proxpi-rec.log | base64 -w0)" >> "$GITHUB_OUTPUT" - - run: sudo sh -c "truncate -s 0 /var/lib/docker/containers/${{ steps.proxpi-docker.outputs.id }}*/${{ steps.proxpi-docker.outputs.id }}*-json.log" - - name: Copy PDF to HTML docs directory - run: | - cp ./pdns/recursordist/docs/_build/latex/PowerDNS-Recursor.pdf ./pdns/recursordist/docs/_build/rec-html-docs/ - - # Build DNSdist docs - - run: inv ci-docs-build - working-directory: ./pdns/dnsdistdist - - run: mv html dnsdist-html-docs - working-directory: ./pdns/dnsdistdist/docs/_build - - run: tar cf dnsdist-html-docs.tar dnsdist-html-docs - working-directory: ./pdns/dnsdistdist/docs/_build - - uses: actions/upload-artifact@v4 - with: - name: dnsdist-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./pdns/dnsdistdist/docs/_build/dnsdist-html-docs.tar - - run: inv ci-docs-build-pdf - working-directory: ./pdns/dnsdistdist - - uses: actions/upload-artifact@v4 - with: - name: dnsdist-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./pdns/dnsdistdist/docs/_build/latex/dnsdist.pdf - - run: docker logs ${{ steps.proxpi-docker.outputs.id }} 2>&1 | grep whl | awk '{print $8}' | cut -d "/" -f 4 | awk -F'-' '{print $1"=="$2}' | sort -u --ignore-case > /tmp/proxpi-dnsdist.log - - id: pip-logs-dnsdist - run: echo "list-dnsdist=$(cat /tmp/proxpi-dnsdist.log | base64 -w0)" >> "$GITHUB_OUTPUT" - - name: Copy PDF to HTML docs directory - run: | - cp ./pdns/dnsdistdist/docs/_build/latex/dnsdist.pdf ./pdns/dnsdistdist/docs/_build/dnsdist-html-docs/ - - # Build website - - name: Build website - run: | - tar cf website.tar website - - uses: actions/upload-artifact@v4 - with: - name: website-${{steps.get-version.outputs.pdns_version}} - path: website.tar - - publish-to-netlify: - name: Publish to Netlify - needs: build-docs - if: ${{ vars.PUBLISH_DOCS_TO_NETLIFY == 'true' && github.ref_name == 'master' }} - runs-on: ubuntu-22.04 - env: - NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_API_TOKEN }} - NETLIFY_SITE_ID_DOCS: ${{ vars.NETLIFY_SITE_ID_DOCS }} - NETLIFY_SITE_ID_DNSDIST: ${{ vars.NETLIFY_SITE_ID_DNSDIST }} - steps: - - name: Check required secrets - run: | - missing_secrets=() - [ -z "$NETLIFY_AUTH_TOKEN" ] && missing_secrets+=("NETLIFY_API_TOKEN") - [ -z "$NETLIFY_SITE_ID_DOCS" ] && missing_secrets+=("NETLIFY_SITE_ID_DOCS") - [ -z "$NETLIFY_SITE_ID_DNSDIST" ] && missing_secrets+=("NETLIFY_SITE_ID_DNSDIST") - if [ ${#missing_secrets[@]} -ne 0 ]; then - echo "Error: The following secrets are missing: ${missing_secrets[*]}" - exit 1 - fi - - name: Install Netlify - run: npm install netlify-cli@17.36.3 -g - - uses: actions/download-artifact@v4 - with: - path: artifacts - - - name: Deploy docs to Netlify - run: | - mkdir -p docs_site/temp - tar -xf artifacts/website-${{needs.build-docs.outputs.pdns_version}}/website.tar -C docs_site/temp - mv docs_site/temp/website/docs.powerdns.com/* docs_site/ - rm -rf docs_site/temp - tar -xf artifacts/authoritative-html-docs-${{needs.build-docs.outputs.pdns_version}}/auth-html-docs.tar -C docs_site - tar -xf artifacts/recursor-html-docs-${{needs.build-docs.outputs.pdns_version}}/rec-html-docs.tar -C docs_site - mv docs_site/auth-html-docs docs_site/authoritative - mv docs_site/rec-html-docs docs_site/recursor - cp artifacts/PowerDNS-Authoritative-${{needs.build-docs.outputs.pdns_version}}.pdf/PowerDNS-Authoritative.pdf docs_site/authoritative/ - cp artifacts/PowerDNS-Recursor-${{needs.build-docs.outputs.pdns_version}}.pdf/PowerDNS-Recursor.pdf docs_site/recursor/ - netlify deploy \ - --dir ./docs_site \ - --site $NETLIFY_SITE_ID_DOCS \ - --auth $NETLIFY_AUTH_TOKEN \ - --prod - - - name: Deploy DNSdist docs to Netlify - run: | - tar -xf artifacts/dnsdist-html-docs-${{needs.build-docs.outputs.pdns_version}}/dnsdist-html-docs.tar - cp artifacts/dnsdist-${{needs.build-docs.outputs.pdns_version}}.pdf/dnsdist.pdf dnsdist-html-docs/ - netlify deploy \ - --dir ./dnsdist-html-docs \ - --site $NETLIFY_SITE_ID_DNSDIST \ - --auth $NETLIFY_AUTH_TOKEN \ - --prod - - publish-to-web1: - name: Publish to Web1 - needs: build-docs - if: ${{ github.ref_name == 'master' && vars.PUBLISH_DOCS_TO_WEB1 == 'true' }} - runs-on: ubuntu-22.04 - steps: - - name: Check required secrets - run: | - missing_secrets=() - [ -z "${{ secrets.WEB1_DOCS_SECRET }}" ] && missing_secrets+=("WEB1_DOCS_SECRET") - [ -z "${{ vars.WEB1_HOSTKEY }}" ] && missing_secrets+=("WEB1_HOSTKEY") - [ -z "${{ vars.DOCS_HOST }}" ] && missing_secrets+=("DOCS_HOST") - [ -z "${{ vars.AUTH_DOCS_DIR }}" ] && missing_secrets+=("AUTH_DOCS_DIR") - [ -z "${{ vars.REC_DOCS_DIR }}" ] && missing_secrets+=("REC_DOCS_DIR") - if [ ${#missing_secrets[@]} -ne 0 ]; then - echo "Error: The following secrets/variables are missing: ${missing_secrets[*]}" - exit 1 - fi - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - uses: actions/download-artifact@v4 - with: - path: artifacts - - id: setup-ssh - run: |- - inv ci-docs-add-ssh --ssh-key="$SSH_KEY" --host-key="$HOST_KEY" - env: - SSH_KEY: ${{secrets.WEB1_DOCS_SECRET}} - HOST_KEY: ${{vars.WEB1_HOSTKEY}} - - name: Publish Auth docs - run: | - mkdir -p ./docs/_build - tar -xf artifacts/authoritative-html-docs-${{needs.build-docs.outputs.pdns_version}}/auth-html-docs.tar -C ./docs/_build/ - cp artifacts/PowerDNS-Authoritative-${{needs.build-docs.outputs.pdns_version}}.pdf/PowerDNS-Authoritative.pdf ./docs/_build/auth-html-docs/ - inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Authoritative.pdf" --username="docs_powerdns_com" --product="auth" --directory="/${AUTH_DOCS_DIR}/" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - AUTH_DOCS_DIR: ${{vars.AUTH_DOCS_DIR}} - - name: Publish Recursor docs - run: | - tar -xf artifacts/recursor-html-docs-${{needs.build-docs.outputs.pdns_version}}/rec-html-docs.tar -C ./docs/_build/ - cp artifacts/PowerDNS-Recursor-${{needs.build-docs.outputs.pdns_version}}.pdf/PowerDNS-Recursor.pdf ./docs/_build/rec-html-docs/ - inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Recursor.pdf" --username="docs_powerdns_com" --product="rec" --directory="/${REC_DOCS_DIR}/" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - REC_DOCS_DIR: ${{vars.REC_DOCS_DIR}} - - name: Publish DNSdist docs - run: | - tar -xf artifacts/dnsdist-html-docs-${{needs.build-docs.outputs.pdns_version}}/dnsdist-html-docs.tar -C ./docs/_build/ - cp artifacts/dnsdist-${{needs.build-docs.outputs.pdns_version}}.pdf/dnsdist.pdf ./docs/_build/dnsdist-html-docs/ - inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="dnsdist.pdf" --username="dnsdist_org" --product="dnsdist" --directory="/${DNSDIST_DOCS_DIR}/" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - - - publish-to-aws: - name: Publish to AWS - needs: build-docs - if: ${{ github.ref_name == 'master' && vars.PUBLISH_DOCS_TO_AWS == 'true' }} - runs-on: ubuntu-22.04 - steps: - - name: Check required secrets - run: | - missing_secrets=() - [ -z "${{ secrets.AWS_ACCESS_KEY_ID }}" ] && missing_secrets+=("AWS_ACCESS_KEY_ID") - [ -z "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ] && missing_secrets+=("AWS_SECRET_ACCESS_KEY") - [ -z "${{ vars.AWS_REGION }}" ] && missing_secrets+=("AWS_REGION") - [ -z "${{ vars.AWS_S3_BUCKET_DOCS }}" ] && missing_secrets+=("AWS_S3_BUCKET_DOCS") - [ -z "${{ vars.AWS_CLOUDFRONT_DISTRIBUTION_ID_DNSDIST }}" ] && missing_secrets+=("AWS_CLOUDFRONT_DISTRIBUTION_ID_DNSDIST") - [ -z "${{ vars.AWS_CLOUDFRONT_DISTRIBUTION_ID_DOCS }}" ] && missing_secrets+=("AWS_CLOUDFRONT_DISTRIBUTION_ID_DOCS") - if [ ${#missing_secrets[@]} -ne 0 ]; then - echo "Error: The following secrets/variables are missing: ${missing_secrets[*]}" - exit 1 - fi - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: '20' - - name: Install AWS SDK v3 - run: npm install @aws-sdk/client-s3 @aws-sdk/client-cloudfront - - name: Download artifacts - uses: actions/download-artifact@v4 - with: - path: artifacts - - name: Publish to AWS - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ vars.AWS_REGION }} - AWS_S3_BUCKET_DOCS: ${{ vars.AWS_S3_BUCKET_DOCS }} - AWS_CLOUDFRONT_DISTRIBUTION_ID_DNSDIST: ${{ vars.AWS_CLOUDFRONT_DISTRIBUTION_ID_DNSDIST }} - AWS_CLOUDFRONT_DISTRIBUTION_ID_DOCS: ${{ vars.AWS_CLOUDFRONT_DISTRIBUTION_ID_DOCS }} - run: | - if [ -n "$AWS_CLOUDFRONT_DISTRIBUTION_ID_DNSDIST" ]; then - tar -xf artifacts/dnsdist-html-docs-${{needs.build-docs.outputs.pdns_version}}/dnsdist-html-docs.tar - cp artifacts/dnsdist-${{needs.build-docs.outputs.pdns_version}}.pdf/dnsdist.pdf dnsdist-html-docs/ - node .github/scripts/publish.js publish dnsdist.org dnsdist-html-docs / - fi - if [ -n "$AWS_CLOUDFRONT_DISTRIBUTION_ID_DOCS" ]; then - tar -xf artifacts/recursor-html-docs-${{needs.build-docs.outputs.pdns_version}}/rec-html-docs.tar - cp artifacts/PowerDNS-Recursor-${{needs.build-docs.outputs.pdns_version}}.pdf/PowerDNS-Recursor.pdf rec-html-docs/ - node .github/scripts/publish.js publish docs.powerdns.com rec-html-docs /recursor - tar -xf artifacts/authoritative-html-docs-${{needs.build-docs.outputs.pdns_version}}/auth-html-docs.tar - cp artifacts/PowerDNS-Authoritative-${{needs.build-docs.outputs.pdns_version}}.pdf/PowerDNS-Authoritative.pdf auth-html-docs/ - node .github/scripts/publish.js publish docs.powerdns.com auth-html-docs /authoritative - tar -xf artifacts/website-${{needs.build-docs.outputs.pdns_version}}/website.tar - node .github/scripts/publish.js publish docs.powerdns.com website/docs.powerdns.com / - fi - - validate-pip-hashes: - name: Validate list of packages and hashes - runs-on: ubuntu-22.04 - needs: build-docs - steps: - - uses: actions/checkout@v4 - - run: for i in `echo "${{ needs.build-docs.outputs.pip-list-auth }}" | base64 -d | sed 's/_/-/' | egrep -v "pip==|setuptools==|wheel==|setuptools-git=="`; do grep -qq -i $i docs/requirements.txt || ( echo "$i not found" && exit 1 ); done - - run: for i in `echo "${{ needs.build-docs.outputs.pip-list-rec }}" | base64 -d | sed 's/_/-/' | egrep -v "pip==|setuptools==|wheel==|setuptools-git=="`; do grep -qq -i $i docs/requirements.txt || ( echo "$i not found" && exit 1 ); done - working-directory: ./pdns/recursordist - - run: for i in `echo "${{ needs.build-docs.outputs.pip-list-dnsdist }}" | base64 -d | sed 's/_/-/' | egrep -v "pip==|setuptools==|wheel==|setuptools-git=="`; do grep -qq -i $i docs/requirements.txt || ( echo "$i not found" && exit 1 ); done - working-directory: ./pdns/dnsdistdist diff --git a/.github/workflows/misc-dailies.yml b/.github/workflows/misc-dailies.yml deleted file mode 100644 index 4f5d6cf5bf88..000000000000 --- a/.github/workflows/misc-dailies.yml +++ /dev/null @@ -1,134 +0,0 @@ -name: "Various daily checks" - -on: - schedule: - - cron: '34 4 * * *' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -env: - CLANG_VERSION: '12' - -jobs: - el7-devtoolset: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - - steps: - - name: Check whether a newer devtoolset exists - run: | - if docker run --rm centos:7 bash -c 'yum install -y centos-release-scl-rh && yum info devtoolset-12-gcc-c++' - then - echo "::warning file=builder-support/dockerfiles/Dockerfile.rpmbuild::A newer devtoolset exists. Please edit builder-support/dockerfiles/Dockerfile.rpmbuild, builder-support/dockerfiles/Dockerfile.rpmbuild, and .github/workflows/dailies.yml" - exit 1 - else - echo "::notice ::No newer devtoolset exists (good)" - exit 0 - fi - - check-debian-autoremovals: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - - name: Check if Debian is about to toss us off a balcony - run: ./build-scripts/check-debian-autoremovals.py - - coverity-auth: - name: coverity scan of the auth - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - uses: PowerDNS/pdns/.github/workflows/coverity.yml@master - with: - product: 'authoritative' - secrets: - COVERITY_TOKEN: ${{ secrets.coverity_auth_token }} - COVERITY_EMAIL: ${{ secrets.coverity_email }} - - coverity-dnsdist: - name: coverity scan of dnsdist - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - uses: PowerDNS/pdns/.github/workflows/coverity.yml@master - with: - product: 'dnsdist' - secrets: - COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }} - COVERITY_EMAIL: ${{ secrets.coverity_email }} - - coverity-rec: - name: coverity scan of the rec - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - uses: PowerDNS/pdns/.github/workflows/coverity.yml@master - with: - product: 'recursor' - secrets: - COVERITY_TOKEN: ${{ secrets.coverity_rec_token }} - COVERITY_EMAIL: ${{ secrets.coverity_email }} - - # The jobs below check that only the pinned version of Python3 packages are installed with pip. Running in a container, a - # pip proxy registers all requests for installing packages with pip.  Then, the downloaded packages and their versions are compared - # with the list used for the installation (i.e. docs/requirements.txt, pdns/recursordist/docs/requirements.txt, etc). If a package - # is missing or a version does not match the one expected, this job fails, which makes the workflow fail. - # - # The pinned version plus hashes are generated using pip-compile using an input file that includes the original list of packages - # (pip-compile --generate-hashes -U requirements.in). "pip-compile" can be installed via pip-tools with Python 3.11, which is the version - # used in the CI. Any other Python version would end up with different versions for packages and could result in workflow failures. - # - # One recurring error thrown by this validation is when a new version of a pinned package is released for a "setup-requires" dependency - # of one of the packages in the list (see https://github.com/PowerDNS/pdns/pull/14596). The package version in “requirements.in” should - # be modified to solve this issue. In some cases, it is enough to generate again the list of packages, making sure to add the -U flag - # to force the upgrade: "pip-compile --generate-hashes -U requirements.in" (this could include upgrading other packages). - - list-pip-requirement-files: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - outputs: - req-files: ${{ steps.get-list-requirements.outputs.files }} - steps: - - uses: actions/checkout@v4 - - name: Get all requirements.txt files and export them as outputs - id: get-list-requirements - run: | - echo "files=$(find . -name 'requirements.txt' | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" - - validate-pip-hashes: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - name: ${{ matrix.requirements-file }} - Validate list of packages and hashes - runs-on: ubuntu-22.04 - needs: list-pip-requirement-files - env: - SERVICE_IP_ADDR: 127.0.0.1 - services: - database: - image: epicwink/proxpi - ports: - - 5000:5000 - options: >- - --restart always - strategy: - fail-fast: false - matrix: - requirements-file: ${{ fromJson(needs.list-pip-requirement-files.outputs.req-files) }} - steps: - - run: echo "${{ matrix.requirements-file }}" - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - # Configure pip index-url set to proxpi - - run: pip config set global.index-url http://${{ env.SERVICE_IP_ADDR }}:5000/index/ - - run: pip config set global.trusted-host ${{ env.SERVICE_IP_ADDR }} - - id: proxpi-docker - run: echo "id=$(docker ps | grep "epicwink/proxpi" | awk '{print $1}')" >> "$GITHUB_OUTPUT" - - run: pip install -r ${{ matrix.requirements-file }} - - name: Get the list of packages requested to the pip proxy - run: | - docker logs ${{ steps.proxpi-docker.outputs.id }} 2>&1 | grep whl | awk '{print $8}' | cut -d "/" -f 4 | awk -F'-' '{print $1"=="$2}' | sort -u --ignore-case | sed 's/_/-/' | egrep -v "pip==|setuptools==|wheel==|setuptools-git==" > /tmp/proxpi.log - cat /tmp/proxpi.log - - name: check only listed packages were installed - run: for i in `cat /tmp/proxpi.log`; do grep -qq -i $i ${{ matrix.requirements-file }} || ( echo "$i not found" && exit 1 ); done diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml deleted file mode 100644 index c250cd1046a1..000000000000 --- a/.github/workflows/spelling.yml +++ /dev/null @@ -1,19 +0,0 @@ -# spelling.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p -name: Workflow should not run! -on: - push: - branches: '' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - placeholder: - name: Should be disabled - runs-on: ubuntu-latest - if: false - steps: - - name: Task - run: | - echo 'Running this task would be bad' - exit 1 diff --git a/.github/workflows/spelling2.yml b/.github/workflows/spelling2.yml deleted file mode 100644 index 055dd173040f..000000000000 --- a/.github/workflows/spelling2.yml +++ /dev/null @@ -1,16 +0,0 @@ -# spelling2.yml is disabled per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq -name: Workflow should not run! -on: - push: - branches: '' - -jobs: - placeholder: - name: Should be disabled - runs-on: ubuntu-latest - if: false - steps: - - name: Task - run: | - echo 'Running this task would be bad' - exit 1 diff --git a/.github/workflows/spelling3.yml b/.github/workflows/spelling3.yml deleted file mode 100644 index 1f0c5fd2b5ef..000000000000 --- a/.github/workflows/spelling3.yml +++ /dev/null @@ -1,85 +0,0 @@ -# spelling.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p -# spelling2.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-p8r9-69g4-jwqq -name: Spell checking - -on: - push: - branches: - - "**" - tags-ignore: - - "**" - pull_request: - branches: - - "**" - types: - - "opened" - - "reopened" - - "synchronize" - -jobs: - spelling: - name: Spell checking - permissions: - # contents-read is needed to checkout in private repositories - contents: read - # pull-requests-read is needed for suppress_push_for_open_pull_request in private repositories - pull-requests: read - # actions-read is needed (possibly only for private repositories) - # to identify the workflow's filename until - # https://github.com/actions/runner/issues/853 is fixed - actions: read - # security-events-write is needed according to the documentation: - # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions - security-events: write - outputs: - followup: ${{ steps.spelling.outputs.followup }} - runs-on: ubuntu-latest - if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }} - concurrency: - group: spelling-${{ github.event.pull_request.number || github.ref }} - # note: If you use only_check_changed_files, you do not want cancel-in-progress - cancel-in-progress: true - steps: - - name: check-spelling - id: spelling - uses: check-spelling/check-spelling@v0.0.24 - with: - config: .github/actions/spell-check - suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && 1 }} - checkout: true - check_file_names: 1 - spell_check_this: powerdns/pdns@master - post_comment: 0 - use_magic_file: 1 - warnings: bad-regex,binary-file,deprecated-feature,ignored-expect-variant,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check,unclosed-block-ignore-begin,unclosed-block-ignore-end - use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }} - extra_dictionaries: | - cspell:software-terms/dict/softwareTerms.txt - cspell:python/src/common/extra.txt - cspell:node/dict/node.txt - cspell:php/dict/php.txt - cspell:python/src/python/python-lib.txt - cspell:python/src/python/python.txt - cspell:fullstack/dict/fullstack.txt - cspell:golang/dict/go.txt - cspell:aws/aws.txt - cspell:k8s/dict/k8s.txt - cspell:cpp/src/stdlib-cpp.txt - cspell:filetypes/filetypes.txt - cspell:typescript/dict/typescript.txt - cspell:html/dict/html.txt - cspell:django/dict/django.txt - cspell:java/src/java.txt - cspell:dotnet/dict/dotnet.txt - cspell:r/src/r.txt - cspell:npm/dict/npm.txt - cspell:lisp/lisp.txt - cspell:cpp/src/lang-jargon.txt - cspell:rust/dict/rust.txt - cspell:cpp/src/lang-keywords.txt - cspell:latex/dict/latex.txt - cspell:cpp/src/stdlib-c.txt - cspell:cpp/src/ecosystem.txt - cspell:lua/dict/lua.txt - cspell:java/src/java-terms.txt - check_extra_dictionaries: ''