From 7ab06bcdc998daedf59c444b506b4e9018ff46b9 Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Fri, 10 May 2024 16:24:21 +0200 Subject: [PATCH 1/4] ci: some scheduled workflows should only run on emqx/emqx --- .github/workflows/codeql.yaml | 1 + .github/workflows/green_master.yaml | 7 ++++--- .github/workflows/scorecard.yaml | 3 ++- .github/workflows/stale.yaml | 4 ++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index d0b15b119..5bb2d29f0 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -10,6 +10,7 @@ permissions: jobs: analyze: + if: github.repository == 'emqx/emqx' name: Analyze runs-on: ubuntu-22.04 timeout-minutes: 360 diff --git a/.github/workflows/green_master.yaml b/.github/workflows/green_master.yaml index 7053247e3..50ff087f9 100644 --- a/.github/workflows/green_master.yaml +++ b/.github/workflows/green_master.yaml @@ -30,9 +30,10 @@ jobs: shell: bash env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REPO: ${{ github.repository }} run: | - gh api --method GET -f head_sha=$(git rev-parse HEAD) -f status=completed -f exclude_pull_requests=true /repos/emqx/emqx/actions/runs > runs.json + gh api --method GET -f head_sha=$(git rev-parse HEAD) -f status=completed -f exclude_pull_requests=true /repos/${GITHUB_REPO}/actions/runs > runs.json for id in $(jq -r '.workflow_runs[] | select((."conclusion" == "failure") and (."name" != "Keep master green") and .run_attempt < 3) | .id' runs.json); do - echo "rerun https://github.com/emqx/emqx/actions/runs/$id" - gh api --method POST /repos/emqx/emqx/actions/runs/$id/rerun-failed-jobs || true + echo "rerun https://github.com/${GITHUB_REPO}/actions/runs/$id" + gh api --method POST /repos/${GITHUB_REPO}/actions/runs/$id/rerun-failed-jobs || true done diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index cc65fb76b..e82162b5a 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -16,8 +16,9 @@ permissions: read-all jobs: analysis: + if: github.repository == 'emqx/emqx' name: Scorecard analysis - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: security-events: write id-token: write diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 11afc7415..69f7eb740 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -13,8 +13,8 @@ permissions: jobs: stale: - if: github.repository_owner == 'emqx' - runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }} + if: github.repository == 'emqx/emqx' + runs-on: ubuntu-22.04 permissions: issues: write pull-requests: none From d4450d543badebff0cb1adf848d087b95b86c52b Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Fri, 10 May 2024 17:00:41 +0200 Subject: [PATCH 2/4] ci: ensure unique name for artifacts in scheduled packages workflow --- .github/workflows/build_packages_cron.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_packages_cron.yaml b/.github/workflows/build_packages_cron.yaml index 8573b6e11..9cec4244d 100644 --- a/.github/workflows/build_packages_cron.yaml +++ b/.github/workflows/build_packages_cron.yaml @@ -68,7 +68,7 @@ jobs: - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 if: success() with: - name: ${{ matrix.profile[0] }}-${{ matrix.os }} + name: ${{ matrix.profile[0] }}-${{ matrix.os }}-${{ github.ref_name }} path: _packages/${{ matrix.profile[0] }}/ retention-days: 7 - name: Send notification to Slack From c08c8cef22608a12a0f6c4946409fe105415835e Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Sat, 11 May 2024 10:18:46 +0200 Subject: [PATCH 3/4] ci(docker): login to specific docker registry only when necessary --- .github/workflows/build_and_push_docker_images.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_push_docker_images.yaml b/.github/workflows/build_and_push_docker_images.yaml index dbca3fe38..ec6747c32 100644 --- a/.github/workflows/build_and_push_docker_images.yaml +++ b/.github/workflows/build_and_push_docker_images.yaml @@ -142,14 +142,14 @@ jobs: - name: Login to hub.docker.com uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - if: inputs.publish || github.repository_owner != 'emqx' + if: inputs.publish && contains(matrix.profile[1], 'docker.io') with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Login to AWS ECR uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - if: inputs.publish || github.repository_owner != 'emqx' + if: inputs.publish && contains(matrix.profile[1], 'public.ecr.aws') with: registry: public.ecr.aws username: ${{ secrets.AWS_ACCESS_KEY_ID }} From e92d1f44680ec5ffd4d2e0f00beb06cee160b2c7 Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Sat, 11 May 2024 10:50:40 +0200 Subject: [PATCH 4/4] build(pkg): fix pkg-tests.sh for ubuntu 24.04 --- scripts/pkg-tests.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/pkg-tests.sh b/scripts/pkg-tests.sh index 02d55c986..a88020dd5 100755 --- a/scripts/pkg-tests.sh +++ b/scripts/pkg-tests.sh @@ -79,9 +79,9 @@ emqx_prepare(){ if [ ! -d "${PAHO_MQTT_TESTING_PATH}" ]; then git clone -b develop-4.0 https://github.com/emqx/paho.mqtt.testing.git "${PAHO_MQTT_TESTING_PATH}" fi - # Debian 12 complains if we don't use venv + # Debian 12 and Ubuntu 24.04 complain if we don't use venv case "${SYSTEM:-}" in - debian12) + debian12|ubuntu24.04) apt-get update -y && apt-get install -y virtualenv virtualenv venv # https://www.shellcheck.net/wiki/SC1091