1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
Commit Graph

9 Commits

Author SHA1 Message Date
Daan De Meyer
ba592dc715 mkosi: Replace submodules with our own thing
Unfortunately, git submodules break in all sorts of ways:

- Various github workflows (dependabot, github pages) try to do a shallow
clone of git submodules which does not work at all when the git repository
is hosted on pagure (https://pagure.io/pagure/issue/5453,
https://github.com/dependabot/dependabot-core/issues/9391).
- If the git forge hosting the git repository uses SHA256, then it breaks our
usage of it as a submodule as SHA256 repositories cannot be used as submodules
in SHA1 repositories (src.opensuse.org moved to SHA256 which broke our usage of
opensuse's systemd spec as a submodule).
- git submodules completely break usage of git worktrees.
- ...

Let's avoid all these issues by just doing our own home grown implementation of
git submodules. We lose the automatic dependabot updates this way but since dependabot
fails to run more often that not with submodules we don't really lose anything.
2024-05-30 19:31:32 +02:00
Daan De Meyer
37bd860c22 mkosi: Introduce packaging sources as submodules
By always cloning the latest branch commit, we can't bisect properly
using mkosi as when bisecting wildly different packaging sources will
be used compared to when the commit was merged. By using submodules, we
track individual commits which means when bisecting the same packaging
sources will be used.

We use git submodules as dependabot has support for automatically making
PRs to update git submodules. This commit also includes the necessary
dependabot configuration to enable this.

We make ubuntu/debian use the same submodule instead of adding the debian
packaging sources twice by introducing a new $PKG_SUBDIR environment variable
and using it instead of $DISTRIBUTION.
2024-03-13 12:07:49 +01:00
Evgeny Vereshchagin
e46c743a57 ci: update GHActions once a month
Apparently some actions like CodeQL are released a few times a week so let's
just update them once a month in one fell swoop.
2022-01-29 19:26:14 +00:00
Evgeny Vereshchagin
81f84a2c0b ci: use CFLite to test forks (including systemd-stable)
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
2022-01-29 18:37:17 +00:00
Evgeny Vereshchagin
4997d1b965 ci: pin python dependencies and let Dependabot keep track of them 2021-12-07 09:08:26 +00:00
Evgeny Vereshchagin
0da6973c17 ci: switch to weekly dependabot updates
Apparently some dependencies get updated much more often
than I would have exepected.

It can always be triggered manually at https://github.com/systemd/systemd/network/dependencies
if there are any urgent updates
2021-11-17 12:16:57 +00:00
Evgeny Vereshchagin
b3a1fb795a ci: LGPLv2+ify dependapot config and codeql action 2021-11-14 09:48:22 +00:00
Evgeny Vereshchagin
38ac3ab10a ci: allow Dependabot to open up to 2 PRs
Apparently version updates aren't always disabled on old forks,
which leads to new PRs opened there. To somewhat mitigate the
issue let's limit the number of PRs Dependabot can create.

It was reported in https://github.com/yuwata/systemd/pull/2#issuecomment-967737195
2021-11-11 17:20:30 +00:00
Evgeny Vereshchagin
5570313421 ci: pin labeler
Turns out GHActions where `pull_request_target` is used are capable
of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

labeler doesn't check out the source code or build anything so
it's safe in its current form but to avoid surprises let's just pin
it to the latest version. It's annoying to manage dependencies like this
manually so additionally dependabot.yml is introduced to make it
easier to keep GHActions up to date more or less automatically:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
2021-11-11 10:19:06 +00:00