Merge branch '3006.x' into file_m_doc

saltstack · May 3, 2023 · 31eb520 · 31eb520
2 parents 55d3258 + 3365a55
commit 31eb520
Show file tree

Hide file tree

Showing 128 changed files with 6,141 additions and 1,835 deletions.
diff --git a/.backportrc.json b/.backportrc.json
@@ -0,0 +1,15 @@
+{
+  "repoOwner": "saltstack",
+  "repoName": "salt",
+  "targetBranchChoices": ["master", "3006.x", "3005.x"],
+  "autoMerge": false,
+  "autoMergeMethod": "rebase",
+  "branchLabelMapping": {
+    "^backport:(.+)$": "$1"
+  },
+  "prTitle": "[BACKPORT] {commitMessages}",
+  "publishStatusCommentOnSuccess": true,
+  "sourcePRLabels": [
+    "backport:complete"
+  ]
+}
diff --git a/.github/actions/setup-actionlint/action.yml b/.github/actions/setup-actionlint/action.yml
@@ -4,7 +4,7 @@ description: Setup actionlint
 inputs:
   version:
     description: The version of actionlint
-    default: 1.6.23
+    default: 1.6.24
   cache-seed:
     required: true
     type: string

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -0,0 +1,48 @@
+name: Backport PR
+run-name: "Backport PR #${{ github.event.number }}"
+
+on:
+  pull_request_target:
+    types:
+      - "labeled"
+      - "closed"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  backport:
+    name: Backport PR
+    runs-on:
+      - ubuntu-latest
+    if: |
+      github.event.pull_request.merged == true
+      && (
+        contains(github.event.pull_request.labels.*.name, 'backport:master') ||
+        contains(github.event.pull_request.labels.*.name, 'backport:3006.x') ||
+        contains(github.event.pull_request.labels.*.name, 'backport:3005.x')
+      )
+      && (
+        (github.event.action == 'labeled' && (
+          contains(github.event.pull_request.labels.*.name, 'backport:master') ||
+          contains(github.event.pull_request.labels.*.name, 'backport:3006.x') ||
+          contains(github.event.pull_request.labels.*.name, 'backport:3005.x')
+        ))
+        || (github.event.action == 'closed')
+      )
+    steps:
+      - name: Backport Action
+        uses: sqren/[email protected]
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          auto_backport_label_prefix: "backport:"
+          add_original_reviewers: true
+
+      - name: Info log
+        if: ${{ success() }}
+        run: jq -C '.' ~/.backport/backport.info.log
+
+      - name: Debug log
+        if: ${{ failure() }}
+        run: jq -C '.' ~/.backport/backport.debug.log
diff --git a/.github/workflows/build-deb-packages.yml b/.github/workflows/build-deb-packages.yml
@@ -22,9 +22,9 @@ jobs:
         arch:
           - x86_64
           - aarch64
-        src:
-          - true
-          - false
+        source:
+          - onedir
+          - src
 
     container:
       image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-11
@@ -79,34 +79,31 @@ jobs:
 
       - name: Build Deb
         working-directory: pkgs/checkout/
-        if: ${{ matrix.src != true}}
         run: |
-          tools pkg build deb --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
-
-      - name: Build Deb
-        working-directory: pkgs/checkout/
-        if: ${{ matrix.src == true}}
-        run: |
-          tools pkg build deb --arch ${{ matrix.arch }}
+          tools pkg build deb ${{
+              matrix.source == 'onedir' &&
+              format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
+              ||
+              format('--arch={0}', matrix.arch)
+          }}
 
       - name: Cleanup
         run: |
           rm -rf pkgs/checkout/
 
-      - name: Upload DEBs
-        uses: actions/upload-artifact@v3
-        if: ${{ matrix.src == false}}
-        with:
-          name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb
-          path: ${{ github.workspace }}/pkgs/*
-          retention-days: 7
-          if-no-files-found: error
+      - name: Set Artifact Name
+        id: set-artifact-name
+        run: |
+          if [ "${{ matrix.source }}" != "src" ]; then
+            echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb" >> "$GITHUB_OUTPUT"
+          else
+            echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb-from-src" >> "$GITHUB_OUTPUT"
+          fi
 
       - name: Upload DEBs
         uses: actions/upload-artifact@v3
-        if: ${{ matrix.src == true}}
         with:
-          name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-deb-from-src
+          name: ${{ steps.set-artifact-name.outputs.artifact-name }}
           path: ${{ github.workspace }}/pkgs/*
           retention-days: 7
           if-no-files-found: error
diff --git a/.github/workflows/build-macos-packages.yml b/.github/workflows/build-macos-packages.yml
@@ -8,6 +8,10 @@ on:
         type: string
         required: true
         description: The Salt version to set prior to building packages.
+      sign-packages:
+        type: boolean
+        default: false
+        description: Sign Packages
       environment:
         type: string
         description: The GitHub Environment where this workflow should run
@@ -31,12 +35,23 @@ jobs:
         shell: bash
         id: check-pkg-sign
         run: |
-          if [ "${{ (secrets.MAC_SIGN_APPLE_ACCT != '' && contains(fromJSON('["nightly", "staging"]'), inputs.environment)) && 'true' || 'false' }}" != "true" ]; then
-            echo "The packages created will NOT be signed"
-            echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
+          if [ "${{ inputs.sign-packages }}" == "true" ]; then
+            if [ "${{ (secrets.MAC_SIGN_APPLE_ACCT != '' && contains(fromJSON('["nightly", "staging"]'), inputs.environment)) && 'true' || 'false' }}" != "true" ]; then
+              MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
+              echo "${MSG}"
+              echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
+              echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
+            else
+              MSG="The packages created WILL be signed."
+              echo "${MSG}"
+              echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
+              echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
+            fi
           else
-            echo "The packages created WILL be signed"
-            echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
+            MSG="The sign-packages input is false. The packages created will NOT be signed."
+            echo "${MSG}"
+            echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
+            echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
           fi
 
       - uses: actions/checkout@v3

diff --git a/.github/workflows/build-rpm-packages.yml b/.github/workflows/build-rpm-packages.yml
@@ -25,9 +25,9 @@ jobs:
         arch:
           - x86_64
           - aarch64
-        src:
-          - true
-          - false
+        source:
+          - onedir
+          - src
 
     container:
       image: ghcr.io/saltstack/salt-ci-containers/packaging:centosstream-9
@@ -67,29 +67,27 @@ jobs:
           tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
 
       - name: Build RPM
-        if: ${{ matrix.src != true}}
         run: |
-          tools pkg build rpm --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
+          tools pkg build rpm ${{
+              matrix.source == 'onedir' &&
+              format('--onedir=salt-{0}-onedir-linux-{1}.tar.xz', inputs.salt-version, matrix.arch)
+              ||
+              format('--arch={0}', matrix.arch)
+          }}
 
-      - name: Build RPM
-        if: ${{ matrix.src == true}}
+      - name: Set Artifact Name
+        id: set-artifact-name
         run: |
-          tools pkg build rpm --arch ${{ matrix.arch }}
-
-      - name: Upload RPMs
-        uses: actions/upload-artifact@v3
-        if: ${{ matrix.src != true}}
-        with:
-          name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm
-          path: ~/rpmbuild/RPMS/${{ matrix.arch }}/*.rpm
-          retention-days: 7
-          if-no-files-found: error
+          if [ "${{ matrix.source }}" != "src" ]; then
+            echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm" >> "$GITHUB_OUTPUT"
+          else
+            echo "artifact-name=salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm-from-src" >> "$GITHUB_OUTPUT"
+          fi
 
       - name: Upload RPMs
         uses: actions/upload-artifact@v3
-        if: ${{ matrix.src == true}}
         with:
-          name: salt-${{ inputs.salt-version }}-${{ matrix.arch }}-rpm-from-src
+          name: ${{ steps.set-artifact-name.outputs.artifact-name }}
           path: ~/rpmbuild/RPMS/${{ matrix.arch }}/*.rpm
           retention-days: 7
           if-no-files-found: error
diff --git a/.github/workflows/build-windows-packages.yml b/.github/workflows/build-windows-packages.yml
@@ -8,6 +8,10 @@ on:
         type: string
         required: true
         description: The Salt version to set prior to building packages
+      sign-packages:
+        type: boolean
+        default: false
+        description: Sign Packages
       environment:
         type: string
         description: The GitHub Environment where this workflow should run
@@ -40,12 +44,23 @@ jobs:
         shell: bash
         id: check-pkg-sign
         run: |
-          if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
-            echo "The packages created will NOT be signed"
-            echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
+          if [ "${{ inputs.sign-packages }}" == "true" ]; then
+            if [ "${{ (secrets.WIN_SIGN_API_KEY != '' && env.SM_HOST != '' && inputs.environment == 'staging') && 'true' || 'false' }}" != "true" ]; then
+              MSG="Secrets for signing packages are not available. The packages created will NOT be signed."
+              echo "${MSG}"
+              echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
+              echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
+            else
+              MSG="The packages created WILL be signed."
+              echo "${MSG}"
+              echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
+              echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
+            fi
           else
-            echo "The packages created WILL be signed"
-            echo "sign-pkgs=true" >> "$GITHUB_OUTPUT"
+            MSG="The sign-packages input is false. The packages created will NOT be signed."
+            echo "${MSG}"
+            echo "${MSG}" >> "${GITHUB_STEP_SUMMARY}"
+            echo "sign-pkgs=false" >> "$GITHUB_OUTPUT"
           fi
 
       - uses: actions/checkout@v3

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -37,6 +37,8 @@ jobs:
       testrun: ${{ steps.define-testrun.outputs.testrun }}
       salt-version: ${{ steps.setup-salt-version.outputs.salt-version }}
       cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }}
+      latest-release: ${{ steps.get-salt-releases.outputs.latest-release }}
+      releases: ${{ steps.get-salt-releases.outputs.releases }}
     steps:
       - uses: actions/checkout@v3
         with:
@@ -204,6 +206,18 @@ jobs:
         run: |
           echo '${{ steps.define-jobs.outputs.jobs }}' | jq -C '.'
 
+      - name: Get Salt Releases
+        id: get-salt-releases
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          tools ci get-releases
+
+      - name: Check Salt Releases
+        run: |
+          echo '${{ steps.get-salt-releases.outputs.latest-release }}' | jq -C '.'
+          echo '${{ steps.get-salt-releases.outputs.releases }}' | jq -C '.'
+
       - name: Define Testrun
         id: define-testrun
         run: |