Jan Janssen
dfca5587cf
tree-wide: Drop gnu-efi
...
This drops all mentions of gnu-efi and its manual build machinery. A
future commit will bring bootloader builds back. A new bootloader meson
option is now used to control whether to build sd-boot and its userspace
tooling.
2023-03-10 11:41:03 +01:00
Daan De Meyer
925bb83ea5
mkosi: Drop debug logging
...
The spurious "connection timed out" errors from nspawn should be
fixed now that we're running the latest version.
2023-03-07 15:25:19 +01:00
Daan De Meyer
8d29e401ce
mkosi: Drop kernel command line masking in CI
...
These services should be disabled by default and not need explicit
masking anymore.
2023-03-07 15:25:19 +01:00
Daan De Meyer
523d71076d
mkosi: Update to latest
...
So that we don't enable services by default anymore on Debian.
2023-03-07 15:25:02 +01:00
Daan De Meyer
9cc018fa93
mkosi: Update to latest
...
Latest version builds nspawn from source which hopefully gets rid of
the spurious "Connection timed out" errors we've been seeing in CI.
2023-03-06 19:30:40 +01:00
dependabot[bot]
1016c8ad94
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from 1d131062066fe7b5a83b87319b4464b186adbb1c to d13ff85610c6fb01a2fff0a8187729ebe4a05595.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](1d13106206...d13ff85610
2023-03-01 14:58:47 +00:00
dependabot[bot]
ef1e3104a6
build(deps): bump github/codeql-action from 2.1.29 to 2.2.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...32dc499307
2023-03-01 14:58:18 +00:00
dependabot[bot]
17d4646ed8
build(deps): bump actions/labeler from 4.0.1 to 4.0.2
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](e54e5b338f...5c7539237e
2023-03-01 13:14:53 +00:00
dependabot[bot]
31a14e4d3e
build(deps): bump meson from 1.0.0 to 1.0.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.0.0...1.0.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-01 13:14:26 +00:00
dependabot[bot]
7afcf8b193
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-03-01 13:13:04 +00:00
Daan De Meyer
6c53840958
Merge pull request #26518 from DaanDeMeyer/mkosi-stuff
...
mkosi: Drop build script workarounds
2023-02-21 18:23:06 +01:00
Daan De Meyer
03d319a45f
mkosi: Add more debugging
2023-02-21 13:51:59 +00:00
Daan De Meyer
8d8337da5e
mkosi: Update to latest
2023-02-21 13:01:22 +01:00
Daan De Meyer
7f3e4c9489
mkosi: Enable debug logging in CI
...
"Failed to dissect image: connection timed out" messages have been
appearing sporadically in mkosi CI. Let's enable debug logging to
help figure out why.
2023-02-15 20:02:54 +00:00
Jan Macku
96893d0937
ci(labeler): fix missing emoji in dont-merge label
2023-02-11 20:23:46 +09:00
Jan Macku
f8b7d483f5
ci(labeler): fix missing emoji in quick-review label
2023-02-11 20:23:46 +09:00
Daan De Meyer
c9853672a0
mkosi: Update to latest
...
Let's make sure we're testing unprivileged builds properly. Usage
of SourceFileTransfer= and SourceFileTransferFinal= are removed as
they were dropped by mkosi. SourceFileTransfer=mount is now the
default in mkosi so behavior for the build script is unchanged. We
stop copying sources in the final image until mkosi adds support
for virtiofs.
2023-02-10 18:16:54 +09:00
Jan Macku
9779079b53
ci: Add names to steps in labeler workflow
...
This makes it easier to see what step failed/was skipped in the GitHub
Actions UI. It also makes future debugging easier.
2023-02-08 22:37:10 +09:00
Jan Macku
de95bb2a98
ci: remove if: github.event.issue.pull_request from labeler.yml
...
`github.event.issue.pull_request` is an object, not a boolean.
This is the root cause of why the step that is supposed to remove labels
is always skipped. Having this condition in place is not necessary since
the workflow is run on the `pull_request_target` event.
2023-02-07 16:00:49 +01:00
Jan Macku
d709b92ef1
ci: fix missing quotes in labeler.yml
2023-02-07 15:39:37 +01:00
Zbigniew Jędrzejewski-Szmek
7a17e41dcf
test: drop whitespace after shell redirection operators
...
(The one case that is left unchanged is '< <(subcommand)'.)
This way, the style with no gap was already dominant. This way, the reader
immediately knows that ' < ' is a comparison operator and ' << ' is a shift.
In a few cases, replace custom EOF replacement by just EOF. There is no point
in using someting like "_EOL" unless "EOF" appears in the text.
2023-02-06 09:19:04 +01:00
Jan Macku
4dab1eb952
ci: Fix Development Freeze Automation
...
Due to the limitation of `GITHUB_TOKEN` when running workflows from forks,
it's required to split the `development_freeze` workflow in two.
* First workflow will run on the `pull_request` trigger and save the PR
number in the artifact. This workflow is running with read-only permissions
on `GITHUB_TOKEN`.
* Second workflow will get triggered on `workflow_run`. It will be run
directly in the `systemd/systemd` context and can get permission to be
able to create comments on PR.
GITHUB_TOKEN limitations:
* https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
GitHub Security Labs Article - How to correctly and safely overcome GITHUB_TOKEN limitations:
* https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
2023-02-03 14:03:39 +00:00
Jan Janssen
2de6cc18f9
ci: Test with secure boot enabled under mkosi
...
This gives us some nice test coverage for secure boot enrolling and the
stub secure boot workound. The authenticated EFI variables are already
created by mkosi, all we need to do is request secure boot to be used.
2023-02-01 17:16:03 +01:00
dependabot[bot]
15796f28ea
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from f36983f552a197faf9e36361cc68a297e68bee73 to 500f93a36cc3d5bf1d06848a0a8870bf1424625f.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](f36983f552...500f93a36c
2023-02-01 09:48:30 +00:00
dependabot[bot]
b8565f93e9
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d556feaca3...98814c53be
2023-02-01 09:15:44 +00:00
dependabot[bot]
b0126d1e8e
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.1 to 2.0.4.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](88209aef58...25a1e41826
2023-02-01 09:14:38 +00:00
Daan De Meyer
3d4fa9aaa0
mkosi: Disable auditd when running with nspawn in CI
...
auditd fails to start in CentOS Stream 9 causing CI failures so let's
disable it when running with nspawn in CI.
2023-01-29 17:34:21 +01:00
Daan De Meyer
868c318ba3
mkosi: Add back CentOS Stream 8 to CI
...
It's still useful to test the EFI handover logic in systemd-boot.
We use a mkosi.prepare script to install a newer python and update
the system to use it.
2023-01-29 17:05:23 +01:00
Daan De Meyer
c8943ce884
mkosi: Update and enable ukify in mkosi builds
...
We also add the necessary deps for ukify to the mkosi configs.
CentOS Stream 8 is dropped from CI because its python version is too
old (3.6) to be able to run ukify.
2023-01-27 15:05:04 +01:00
Daan De Meyer
9d2e4ceee5
ci: Update mkosi action to latest commit
...
Let's make sure we're testing with the latest changes in mkosi. This
includes both the switch to systemd-repart and ukify, making sure we
get extra testing coverage for those components.
This also drops options from the centos config that have been removed
in the newer mkosi.
For some reason idmapping runs into some issues so we disable it for
now.
2023-01-15 20:44:53 +01:00
Daan De Meyer
da2a4f6a2e
ci: Fix PR labeling
...
Make sure we only add labels to open pull request and remove labels
from closed pull requests.
2023-01-12 11:42:16 +01:00
Zbigniew Jędrzejewski-Szmek
8112c91e48
github: use 'meson setup'
...
Meson started warning when 'setup' is not used:
WARNING: Running the setup command as `meson [options]` instead of `meson setup [options]` is ambiguous and deprecated.
Also add more quoting in output to make the message clearer.
2023-01-11 16:46:24 +01:00
Daan De Meyer
81315baa68
ci: Remove a bunch of labels when a PR is merged
2023-01-10 14:52:53 +01:00
dependabot[bot]
9826037476
build(deps): bump stefanbuck/github-issue-parser from 2.0.4 to 3.0.1
...
Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser ) from 2.0.4 to 3.0.1.
- [Release notes](https://github.com/stefanbuck/github-issue-parser/releases )
- [Commits](f80b14f788...c1a559d78b
2023-01-06 19:18:30 +00:00
dependabot[bot]
4371496fa9
build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...e38b1902ae
2023-01-06 18:49:21 +00:00
dependabot[bot]
df242320e5
build(deps): bump github/super-linter from 4.9.6 to 4.9.7
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 4.9.6 to 4.9.7.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md )
- [Commits](01d3218744...bb2d833b08
2023-01-06 18:48:30 +00:00
dependabot[bot]
5afe9a300a
build(deps): bump actions/checkout from 3.0.2 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...755da8c3cf115ac066823e79a1e1788f8940201b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:52 +00:00
dependabot[bot]
c129b184c9
build(deps): bump meson from 0.64.1 to 1.0.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.64.1 to 1.0.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.64.1...1.0.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-06 18:47:20 +00:00
Frantisek Sumsal
a32831ae1d
mkosi: work around a file conflict between systemd and systemd-boot
2022-12-15 16:04:28 +01:00
Daan De Meyer
52c602d4c6
ci: Labeler improvements
...
- Mention "/please-review" in the contributing guide
- Remove "needs-rebase" on push
- Don't add "please-review" if a green label is set
- Don't add please-review label to draft PRs
- Add please-review when a PR moves out of draft
2022-12-09 15:37:43 +01:00
Daan De Meyer
8fc78e6845
ci: Add/Drop labels on pull request activity and comment
...
When a pull request is opened/updated, add "please-review" and
remove a few other labels.
When a comment is made with /please-review on a PR. Add the
"please-review" label to the PR.
2022-12-09 04:50:13 +09:00
Lennart Poettering
a579990277
Merge pull request #25180 from keszybz/ukify
...
ukify: add helper to create UKIs
2022-12-08 15:11:18 +01:00
Zbigniew Jędrzejewski-Szmek
1f6da5d902
ci: install pefile
2022-12-07 15:53:47 +01:00
dependabot[bot]
054f47defc
build(deps): bump ninja from 1.10.2.4 to 1.11.1 in /.github/workflows
...
Bumps [ninja](https://github.com/ninja-build/ninja ) from 1.10.2.4 to 1.11.1.
- [Release notes](https://github.com/ninja-build/ninja/releases )
- [Commits](https://github.com/ninja-build/ninja/commits/v1.11.1 )
---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 11:59:45 +00:00
dependabot[bot]
80dd9e2de7
build(deps): bump meson from 0.63.3 to 0.64.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 0.63.3 to 0.64.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.3...0.64.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:28:47 +00:00
dependabot[bot]
58a1485fa9
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 3.1.1 to 3.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md )
- [Commits](1b1b75e42f...f3cd08fcf1
2022-12-01 10:03:09 +00:00
dependabot[bot]
690e7bfe8f
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...83fd05a356d7e2593de66fc9913b3002723633cb )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-01 10:02:00 +00:00
dependabot[bot]
073747028b
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](fe9c43b7d7...88209aef58
2022-12-01 10:01:10 +00:00
Luca Boccassi
c1fb3319ce
GA: do not run codeql on systemd-security
...
Scanning is not available on private repositories
2022-11-30 10:59:03 +00:00
Luca Boccassi
77e6166679
GA: run development_freeze only on main repository
...
No point in running this checker on other forks
2022-11-30 10:59:03 +00:00
