1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00
Commit Graph

388 Commits

Author SHA1 Message Date
Joyce
b7a279f9ef
ci: Enable Scorecard Github Action and Badge (#25054)
* chore: enable scorecard action

* chore: add badge to the README file

* chore: enable on config file update

* chore: update scorecard to 2.0.4

* chore: run scorecard on PR at main branch

* chore: add condition to publish_result key

* chore: skip upload to code scanning if PR

* chore: only runs scorecard in the main repo

Resolves: #25042
2022-10-19 09:05:39 +00:00
Daan De Meyer
0aa1d40649 mkosi: Switch to Fedora 37
Official release date is close so let's switch mkosi CI to it already.
2022-10-17 16:02:16 +02:00
Daan De Meyer
71205f972b mkosi: Add Centos Stream 8 back to CI
We can build all of systemd's features again on CentOS Stream 8, so
let's add it back to CI.
2022-10-17 08:45:57 +02:00
Luca Boccassi
da60182759
Merge pull request #24933 from keszybz/erradicate-strerror
Erradicate strerror
2022-10-11 21:47:38 +02:00
Zbigniew Jędrzejewski-Szmek
0cf1a4b3a7 Get rid of strerror_safe() 2022-10-11 16:59:00 +02:00
Luca Boccassi
dcf1bf3b6d mkosi: update to latest commit
Require dto fix Debian testing/unstable builds, as the initrd is
versioned
2022-10-10 13:19:41 +02:00
Luca Boccassi
47819da972 Enable PR template for RC phase 2022-10-07 16:37:36 +02:00
dependabot[bot]
8ef866ace4 build(deps): bump ninja from 1.10.2.3 to 1.10.2.4 in /.github/workflows
Bumps [ninja](https://github.com/ninja-build/ninja) from 1.10.2.3 to 1.10.2.4.
- [Release notes](https://github.com/ninja-build/ninja/releases)
- [Commits](https://github.com/ninja-build/ninja/commits)

---
updated-dependencies:
- dependency-name: ninja
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 14:36:48 +02:00
Frantisek Sumsal
f00fe51b9c ci: pin stefanbuck/github-issue-parser to a tagged release
Since [0] got resolved ([1]) we can finally pin the action to a tagged
release (v2.0.4 ATTOW) and let Dependabot to do its job by updating it
to the latest tagged release when it becomes available.

Replaces: #24886

[0] https://github.com/stefanbuck/github-issue-parser/issues/23
[1] https://github.com/stefanbuck/github-issue-parser/pull/39
2022-10-01 14:35:41 +02:00
dependabot[bot]
e316ab5747 build(deps): bump actions/labeler from 4.0.0 to 4.0.1
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](9fd24f1f9d...e54e5b338f)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 13:04:34 +02:00
dependabot[bot]
254c049ccb build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 3.0.1 to 3.1.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/CHANGELOG.md)
- [Commits](a14889568f...1b1b75e42f)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 13:04:15 +02:00
dependabot[bot]
5d4ba4e534 build(deps): bump meson from 0.63.1 to 0.63.2 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.1 to 0.63.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.1...0.63.2)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-01 13:00:45 +02:00
Frantisek Sumsal
9fe61660ba ci: fix a couple of typos 2022-09-14 22:09:19 +02:00
Frantisek Sumsal
5e781e07db ci: enable a couple more possibly useful CodeQL queries 2022-09-14 22:09:19 +02:00
Frantisek Sumsal
d97733908b ci: rename codeql-analysis.yml to codeql.yml
Just to be consistent with other repos under the systemd umbrella.
2022-09-14 19:13:49 +02:00
Frantisek Sumsal
736a1df747 ci: limit scope for the CodeQL scan
Don't run the workflow unnecessarily for non-{cpp,python} related changes.
2022-09-13 21:32:15 +02:00
Frantisek Sumsal
774cf0d8fd ci: drop LGTM stuff and move remaining bits into a new location 2022-09-13 21:32:15 +02:00
Frantisek Sumsal
27d6281158 ci: run CodeQL on push to main/stable branches as well
Since we need results for the base branches as well in order to have
something to compare against.

Follow-up to cbe25d0dcc.
2022-09-13 21:18:44 +02:00
Frantisek Sumsal
cbe25d0dcc ci: run CodeQL on every PR
Since LGTM is no longer enabled for the systemd repo (as it's going to
be discontinued by the EOY), let's run CodeQL on every PR instead to
replace it.
2022-09-14 03:55:16 +09:00
Jan Macku
500ca79f22 issue-templates: Add note about updating labeling policy 2022-09-07 10:51:48 +02:00
Jan Macku
a4965366ec ci(issue-labeler): Update to advanced-issue-labeler@v2
The new version of `advanced-issue-labeler` GitHub Action introduces new
structure of policy that requires adjustments to systemd issue labeling
policy.

Changes introduced in v2.0.0 - https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases/tag/v2.0.0
2022-09-07 10:43:48 +02:00
Jan Macku
3a8352cbf3 ci(issue-labeler): Add missing policy for coredump label 2022-09-06 14:59:00 +00:00
Luca Boccassi
31ed4b9147 mkosi: update to latest commit
Required to fix Debian testing/unstable builds, as resolved is
now in its own package
2022-09-02 19:46:54 +01:00
Yu Watanabe
0a3e413516 github: update differential shellcheck to v3.0.1
v3 supports external sources. Yey!
2022-09-01 17:27:09 +00:00
dependabot[bot]
c19053e657 build(deps): bump meson from 0.63.0 to 0.63.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.63.0 to 0.63.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.63.0...0.63.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 10:31:30 +00:00
dependabot[bot]
d1cc2654fd build(deps): bump github/super-linter from 4.9.5 to 4.9.6
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.5 to 4.9.6.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](2d64ac1c06...01d3218744)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 09:21:53 +00:00
dependabot[bot]
42907767bd build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](b89eb39b97...d12b782ff9)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-01 09:08:19 +00:00
Luca Boccassi
df16869660 shellcheck/labeler: disable on systemd-security 2022-09-01 00:53:46 +09:00
Luca Boccassi
255963ec3a mkosi: disable isc-dhcp-server again
It's still failing in Ubuntu:

● isc-dhcp-server.service  loaded failed failed ISC DHCP IPv4 server
● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server

Just disable them via the kernel command line masking.
2022-08-25 23:02:29 +01:00
Luca Boccassi
5e98346220
Merge pull request #24254 from medhefgo/mold
ci: Add mold to build tests
2022-08-23 19:33:47 +01:00
Daan De Meyer
37d35150cb mkosi: Ensure we build all features/components in mkosi
Explicitly enable all features/components in the mkosi build to
ensure they all get built and we get an error if they can't be built.

We also rework the packages sections of all mkosi configs to reduce
duplication and cover all the dependencies necessary to build/use all
systemd features.

Note that for the final image, since systemd is installed by default
in base images, we rely on that to install the base library dependencies
and we only list extra optional dependencies and tools that aren't already
installed by default into the base image.

We also drop the centos stream 8 mkosi build as dependencies on that
distro are too out-of-date to be able to build all systemd features.
Since centos stream 9 has been out for a while, let's focus on that
and leave it to downstream to keep systemd building on centos stream 8.

Finally, there's a few additions to the mkosi scripts to make sure
services don't start by default on boot.
2022-08-23 15:19:26 +02:00
Zbigniew Jędrzejewski-Szmek
00616643de
Merge pull request #24352 from DaanDeMeyer/mkosi-opensuse
mkosi: Update to latest commit
2022-08-23 11:05:02 +02:00
Jan Janssen
4fb6506deb meson: Downgrade efi-ld warning
The warning isn't that serious and mostly there to inform the user that
lld/mold cannot build efi binaries. It is also better to build test with
fatal meson warnings.
2022-08-23 10:26:02 +02:00
Jan Janssen
ed862b95b2 ci: Add mold to build tests 2022-08-23 10:25:30 +02:00
Jan Macku
3d59b0470a ci: Drop actions/setup-node - unused
In `issue_labeler.yml` is no need for node.js runtime (`actions/setup-node`). It was accidentally added by `copy & paste` from another workflow.
2022-08-22 21:21:08 +09:00
Frantisek Sumsal
d7c1024b6b ci: build with clang-15; drop clang-12 2022-08-20 20:12:03 +02:00
Daan De Meyer
0e961391c1 mkosi: Drop workarounds
None of these should be necessary anymore with recent versions of
mkosi.
2022-08-19 16:50:17 +02:00
Daan De Meyer
2dddae253b mkosi: Update to latest commit
Fixes #1128
2022-08-19 16:49:57 +02:00
Jan Macku
3f3c718e79 ci(lint): add shell linter - Differential ShellCheck
It performs differential ShellCheck scans and report results directly in
pull request.

documentation:
https://github.com/redhat-plumbers-in-action/differential-shellcheck
2022-08-16 13:33:57 +00:00
Daan De Meyer
599884bd9a mkosi: Update to latest commit
Introduces a more reliable mirror for Arch which should reduce the
number of mkosi Arch CI failures due to unreliable mirror selection.
2022-08-16 08:59:15 +09:00
Jan Janssen
8ea086c894 Use correct label for boot related issues 2022-08-14 05:35:55 +09:00
Frantisek Sumsal
34a2f39b37 ci: lint the Coverity script
as we now use our own custom script for it.
2022-08-11 10:57:25 +02:00
Frantisek Sumsal
176086a2ec ci: simplify the Coverity script a bit
Also, address https://github.com/systemd/systemd/pull/24252#issuecomment-1208747320
by using a pre-defined e-mail address stored in the GH Action secrets.
2022-08-11 10:57:25 +02:00
Frantisek Sumsal
578355684d ci: set a timeout for each mkosi stage
Work around #24202 so we don't wait ~6 hours for a stuck QEMU job.
2022-08-05 12:12:13 +00:00
Luca Boccassi
c1178baacd docs: add disabled PR template for code freeze
To be enabled on rc1, and disabled again after the final release.
Gives contributors a clear warning that new features/APIs will be
postponed.
2022-08-04 11:10:28 +02:00
Daan De Meyer
a268e7f402 mkosi: Update to latest
Fixed centos stream 8 builds that were hitting a nonexisting mirror
url
2022-08-02 20:19:21 +01:00
Daan De Meyer
859614439a mkosi: Update to latest commit
With this update, Arch Linux keyring updates will be automatically
pulled in instead of having to update to a new mkosi commit every
time the keyring gets outdated.
2022-08-02 12:58:31 +02:00
dependabot[bot]
bc4b9a7117 build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.62.2 to 0.63.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.62.2...0.63.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 14:06:32 +00:00
dependabot[bot]
c3ebbcf7cb build(deps): bump github/codeql-action from 2.1.15 to 2.1.17
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3f62b754e2...0c670bbf04)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 11:17:18 +00:00
dependabot[bot]
cc7f5ac478 build(deps): bump github/super-linter from 4.9.4 to 4.9.5
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.4 to 4.9.5.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](a320804d31...2d64ac1c06)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 11:10:08 +00:00
dependabot[bot]
fdf38c0f1f build(deps): bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](eeb10cff27...2fddd8803e)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-01 10:06:54 +00:00
Daan De Meyer
a41940ed0e mkosi: Update to latest commit
Fixes an issue with Arch builds failing by updating the archlinux
keyring package.
2022-07-26 21:13:40 +00:00
Daan De Meyer
2d62579570 mkosi: Build against Fedora rawhide as well 2022-07-26 23:42:45 +09:00
Daan De Meyer
73897d4f3c Add systemd-hwdb to bug/RFE templates 2022-07-15 08:05:41 +09:00
Daan De Meyer
8ce1a3033f Add coredump daemons to bug/RFE template component options 2022-07-13 12:31:01 +01:00
Frantisek Sumsal
d46e7c7cfd ci: limit which env variables we pass through sudo
to work around #23987.
2022-07-13 10:56:37 +00:00
Luca Boccassi
3a883d36eb mkosi: update to latest main
Fix build failure on SUSE Tumbleweed due to config changes
2022-07-11 13:29:28 +01:00
Daan De Meyer
13f4f0fd81 mkosi: Update to latest release
This fixes the mkosi github action to unbreak the mkosi CI
2022-07-06 15:57:12 +02:00
dependabot[bot]
71562f5174 build(deps): bump meson from 0.62.0 to 0.62.2 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.62.0 to 0.62.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.62.0...0.62.2)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 14:36:52 +03:00
dependabot[bot]
573fb26ca2 build(deps): bump github/codeql-action from 2.1.6 to 2.1.15
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.6 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](28eead2408...3f62b754e2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 14:34:01 +03:00
Jan Macku
f0390fa034 github: add more components to RFE issue template
Follow-up to: #23838
2022-06-28 02:18:42 +09:00
Yu Watanabe
aec2f54b30 github: add more components to issue template 2022-06-27 16:58:59 +09:00
Daan De Meyer
c024a6ac96 mkosi: Pull in fix that solves action mirror issue 2022-06-24 16:00:18 +03:00
Evgeny Vereshchagin
f3bd663faf ci: set top-level permissions as well
It should turn on the "restricted" mode by default regardless of
whether the global setting is on or not. New jobs in this action
should have to overwrite it explicitly to gain write access in any
way.

It should also make the action consistent with the other actions
writing various stuff like 'labeler' and 'codeql'.
2022-06-24 20:08:30 +09:00
Evgeny Vereshchagin
1a2620e8bd ci: remove links to "codeless contribution" actions
They refer to actions with script injections running with full
access to repositories.
2022-06-23 20:43:57 +00:00
Jan Macku
6cacdb3985 github: Issue forms - fix GA SHA1 ref
Fix `SHA1` reference for github action `stefanbuck/github-issue-parser` to
point to correct commit.

Follow-up to: #23811
2022-06-23 17:58:25 +03:00
Jan Macku
632372bcbc github: Issue forms templates follow-up
- Use `SHA1` for actions versioning
- Fix typo: `github-issue-praser` -> `github-issue-parser`
- Define exact permissions

Follow-up to: #23693
2022-06-23 17:22:47 +03:00
Jan Macku
6b16539879 github: Update issue templates to issue forms
Issue forms templates allow us to add automation in place.
This patch replaces old markdown issue templates with new issue forms.
It also adds workflow to automatically mark issues by component label
based on reported data.

This change could help with initial triaging of issues.
2022-06-23 09:47:42 +02:00
Daan De Meyer
f304d03884 mkosi: Update CI to mkosi 13 2022-06-22 01:30:39 +01:00
Evgeny Vereshchagin
4f62dc3e92 cifuzz: build fuzzers on i386 as well
It's a follow-up to https://github.com/systemd/systemd/pull/23550.
2022-06-08 21:32:38 +00:00
Evgeny Vereshchagin
36cb69fc43 ci: build systemd with clang with -Dmode=release --optimization=2
This is what's most likely used to build systemd with clang in
practice so let's test it as well.

Preparation for reverting 0bd292567a
(which replaced bogus buffer overflow found with _FORTIFY_SOURCE=3
with actual segfaults).
2022-06-05 16:26:54 +00:00
dependabot[bot]
2f9e3d5f50 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](82c141cc51...3cea537223)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-01 15:32:03 +03:00
dependabot[bot]
db361cdabd build(deps): bump github/super-linter from 4.9.3 to 4.9.4
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.3 to 4.9.4.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](431ee7836e...a320804d31)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-01 11:09:45 +00:00
Frantisek Sumsal
9e03f48d21 ci: reenable validation of GH Actions files 2022-05-25 04:49:05 +09:00
Frantisek Sumsal
40bc68cf21
Merge pull request #23475 from nabijaczleweli/certified-lint.1-moment
Actually run shellcheck on CI
2022-05-23 19:16:22 +00:00
Evgeny Vereshchagin
af72115412 ci: bump gcc in the "build test" workflow
gcc-12 has been released
2022-05-23 14:30:48 +00:00
наб
32c99bc86e
Don't ignore kernel-install for shellcheck 2022-05-23 12:52:52 +02:00
Frantisek Sumsal
6c0259e502 ci: temporarily disable validation of GH Action files
since the current version of super-linter doesn't recognize
ubuntu-22.04 as a valid runner specification. This should
be fixed once https://github.com/github/super-linter/pull/2897
is merged, which includes
09a60b0f57
2022-05-21 23:28:18 +02:00
Frantisek Sumsal
50b2b52004 ci: prefer the distro llvm version if available 2022-05-21 20:23:48 +02:00
Frantisek Sumsal
aa1bf7e61d ci: bump GH Actions to Ubuntu Jammy where applicable 2022-05-21 20:23:48 +02:00
наб
b32217e8d0
Don't not lint kernel-install 2022-05-14 15:21:34 +02:00
Yu Watanabe
e2c99d3b5c CI: use Fedora 36 2022-05-13 02:46:13 +09:00
dependabot[bot]
9c96c89bb3 build(deps): bump github/super-linter from 4.9.1 to 4.9.2
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.1 to 4.9.2.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](3792fe5373...ae4e373c56)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-03 05:51:41 +03:00
dependabot[bot]
5f994fffb9 build(deps): bump actions/checkout from 3.0.0 to 3.0.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a12a3943b4...2541b1294d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-03 05:50:11 +03:00
Evgeny Vereshchagin
2d14ec9b8a ci: actually turn on fatal-meson-warnings in the "build" workflow
It's a follow-up to https://github.com/systemd/systemd/pull/23211
2022-04-29 13:58:27 +09:00
Evgeny Vereshchagin
67b9732f1b ci: bring fatal-meson-warnings back
It's a follow-up to https://github.com/systemd/systemd/pull/23204

v2: replaced xargs with exec as suggested by Jan Janssen
2022-04-28 21:21:59 +03:00
Luca Boccassi
0a5e638cc7 meson: add install_tag to sd-boot, libsystemd and libudev
Allows to 'meson install --tags systemd-boot --no-rebuild' to install only the EFI
binaries, skipping the rest, for a very quick build:

$ ninja src/boot/efi/linuxx64.efi.stub
[21/21] Generating src/boot/efi/linuxx64.efi.stub with a custom command
$ ninja src/boot/efi/systemd-bootx64.efi
[10/10] Generating src/boot/efi/systemd-bootx64.efi with a custom command
$ DESTDIR=/tmp/foo meson install --tags systemd-boot --no-rebuild
Installing src/boot/efi/systemd-bootx64.efi to /tmp/foo/usr/lib/systemd/boot/efi

Requires Meson 0.60 to be used, prints a warning for unknown keyword
in earlier versions, but there's no failure

https://mesonbuild.com/Installing.html#installation-tags
2022-04-27 22:24:53 +01:00
Evgeny Vereshchagin
c84fc00b37 ci: unpin CFLite
The idea was to catch CFLite regressions but since the action itself
pulls the latest docker images it can't be pinned properly and issues
like https://github.com/google/clusterfuzzlite/issues/91 are going to
pop up anyway. Let's unpin it by analogy with CIFuzz and hope it doesn't
break very often.
2022-04-26 09:13:57 +00:00
Daan De Meyer
041456246c mkosi: Update to latest commit
We recently added caching for the dependencies we build from source
in mkosi's github action which speeds up builds by +-10 minutes. Let's
update to the latest commit so we benefit from this in systemd's mkosi
CI as well.
2022-04-22 09:09:13 +09:00
Jan Janssen
7fc60c071f ci: Add ia32 EFI multilib test
This makes sure that building ia32 EFI binaries on x86_64 works.
We force gnu-efi support to ensure it's not skipped by accident
and provide the lib32 dir manually, because clang does not support
'--print-multi-os-directory', which is used to auto-detect it.
2022-04-07 18:45:21 +02:00
dependabot[bot]
64c843d12d build(deps): bump meson from 0.61.2 to 0.62.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.61.2 to 0.62.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.61.2...0.62.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 21:41:37 +00:00
dependabot[bot]
b6ab9d7ade build(deps): bump actions/labeler from 3.1.0 to 4
Bumps [actions/labeler](https://github.com/actions/labeler) from 3.1.0 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](3d612d72e6...9fd24f1f9d)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 21:41:06 +00:00
dependabot[bot]
a2b107c86c build(deps): bump actions/checkout from 2.4.0 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](ec3a7ce113...a12a3943b4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 21:40:52 +00:00
dependabot[bot]
a1a1e0b79f build(deps): bump github/codeql-action from 1.1.3 to 2.1.6
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.1.3 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](75f07e7ab2...28eead2408)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 21:39:20 +00:00
dependabot[bot]
5f82d58bb0 build(deps): bump github/super-linter from 4.8.5 to 4.9.1
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.5 to 4.9.1.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](b8641364ca...3792fe5373)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-01 21:37:14 +00:00
Frantisek Sumsal
5efefcdcff ci: drop clang 11 & add clang 14 2022-03-30 21:11:57 +09:00
Frantisek Sumsal
3a2f1d19d4 ci: make the concurrency group identifier unique once again
Otherwise we end up randomly cancelling once of the two centos_epel
jobs.

Follow-up to da637c8fca.
2022-03-07 19:42:14 +00:00
Daan De Meyer
da637c8fca mkosi: Add CentOS Stream 9
The blocker causing Stream 9 builds to fail was fixed
(https://bugzilla.redhat.com/show_bug.cgi?id=2056276) so we can add
CentOS Stream 9 builds as well now.
2022-03-07 14:30:49 +00:00
Frantisek Sumsal
55c09511e1 test: check systemd RPM macros
Make sure our RPM macros work as intended. Based on the original PR
(#16464) by Mikhail Novosyolov.

Co-authored-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
2022-03-06 13:07:20 +09:00
dependabot[bot]
82e4b0305b build(deps): bump meson from 0.60.3 to 0.61.2 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.60.3 to 0.61.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.60.3...0.61.2)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 11:57:21 +00:00
dependabot[bot]
fd4747d924 build(deps): bump github/codeql-action from 1.0.29 to 1.1.3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.29 to 1.1.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](384cfc42b2...75f07e7ab2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 11:56:44 +00:00
dependabot[bot]
8b94bcbd04 build(deps): bump actions/labeler from 3.0.2 to 3.1.0
Bumps [actions/labeler](https://github.com/actions/labeler) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](69da01b8e0...3d612d72e6)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 11:56:24 +00:00
Daan De Meyer
24a0df5c3c mkosi: Add centos_epel config
Now that mkosi has centos-stream 9 support, let's add a config in
the repo so that the mkosi CI tests that configuration as well.

Centos doesn't support btrfs so we use xfs instead. For some reason,
building --hostonly-initrd centos images breaks the qemu boot so I
disabled that option for centos.

We update the mkosi commit hash to 0dd39c20a4
which adds the PowerTools repo to CentOS Stream 8 which is required
to make all the necessary packages required to build systemd on
CentOS Stream 8 available.
2022-02-25 16:17:29 +00:00
Daan De Meyer
6b2ab8fc5c mkosi: Remove Arch nspawn workaround
This has been fixed so the workaround can be removed.
2022-02-25 14:54:03 +00:00
Frantisek Sumsal
80ff956704
Merge pull request #22591 from evverx/no-deps
ci: build systemd without optional dependencies
2022-02-23 09:27:41 +00:00
Frantisek Sumsal
b491d74064 ci: fix clang-13 installation
For some reason Ubuntu Focal repositories now have `llvm-13` virtual
package which can't be installed, but successfully fools our check,
resulting in no clang/llvm being installed...

```
$ apt show llvm-13
Package: llvm-13
State: not a real package (virtual)
N: Can't select candidate version from package llvm-13 as it has no candidate
N: Can't select versions from package 'llvm-13' as it is purely virtual
N: No packages found

$ apt install --dry-run llvm-13
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package llvm-13 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'llvm-13' has no installation candidate
```
2022-02-22 17:57:25 +01:00
Evgeny Vereshchagin
ca57d11652 ci: build systemd without optional dependencies
to catch issues like https://github.com/systemd/systemd/pull/22585#issuecomment-1047640155
2022-02-22 15:46:15 +00:00
Luca Boccassi
21838f36a6 mkosi CI: mask isc-dhcp-server units
The packages are installed to provide the dhcpd binary, used by
test/test-network/systemd-networkd-tests.py, but we don't need the units
to run, and in fact in some cases the image fails to boot because of
them:

Spawning container image on /home/runner/work/systemd/systemd/image.raw.
Press ^] three times within 1s to kill container.
● isc-dhcp-server.service  loaded failed failed ISC DHCP IPv4 server
● isc-dhcp-server6.service loaded failed failed ISC DHCP IPv6 server
Container image failed with error code 1.
Error: Process completed with exit code 1.

Mask the units with an --extra-tree.
2022-02-19 14:01:17 +00:00
Frantisek Sumsal
23a830e46e ci: explicitly disable multi-status for Super-Linter
to, hopefully, get rid of the following error:

```
 2022-02-13 13:32:12 [ERROR]   Failed to get [GITHUB_TOKEN]!
 2022-02-13 13:32:12 [ERROR]   []
 2022-02-13 13:32:12 [ERROR]   Please set a [GITHUB_TOKEN] from the main workflow environment to take advantage of multiple status reports!
```
2022-02-13 14:59:08 +01:00
Frantisek Sumsal
f94b33803f ci: use the 'slim' version of Super-Linter
The 'slim' version drops certain storage-heavy linters[0] which we don't
use anyway, so let's make the job a bit faster by downloading and using
a smaller image.

[0] https://github.com/github/super-linter#slim-image
2022-02-13 14:54:51 +01:00
Evgeny Vereshchagin
d6b99a4a48 ci: run all fuzz targets on CIFuzz
CIFuzz has been kind of broken for a couple months because
coverage reports downloaded from OSS-Fuzz contain absolute
paths while paths to files changed in PRs are relative and they
don't match. It makes it kind of hard for CIFuzz to figure out
what it should run so it runs either all fuzz targets or just new
fuzz targets. Until that issue is fixed let's just always predictably run
all fuzz targets.
2022-02-11 13:21:24 +00:00
Evgeny Vereshchagin
a5e6986ac0 ci: remove MULTI_STATUS from superlinter
Judging by
ERROR! Failed to call GitHub Status API!

it doesn't seem to work. Even if it did it would just clutter the status
checks I think so let's just remove MULTI_STATUS along with
GITHUB_TOKEN.
2022-02-09 13:04:06 +00:00
Evgeny Vereshchagin
10139b4e3c ci: validate actions and fix actionlint warnings
some actions like Coverity and CFLite aren't run on every PR so to make
sure they are more or less fine when they are changed it makes sense to
at least check them with superlinter/actionlint: https://github.com/rhysd/actionlint

The following warnings were fixed along the way:
```
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2086:info:6:14: Double quote to prevent globbing and word splitting [shellcheck]
   |
55 |       run: |
   |       ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2046⚠️6:40: Quote this to prevent word splitting [shellcheck]
   |
55 |       run: |
   |       ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2006:style:6:40: Use $(...) notation instead of legacy backticked `...` [shellcheck]
   |
55 |       run: |
   |       ^~~~
```
```
.github/workflows/coverity.yml:31:9: shellcheck reported issue in this script: SC2086:info:1:93: Double quote to prevent globbing and word splitting [shellcheck]
   |
31 |         run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
   |         ^~~~
```
2022-02-09 17:32:41 +09:00
Evgeny Vereshchagin
d38363b96b ci: no longer upload the latest builds on commits
The idea behind this action is to make it possible to compare the
latest fuzz targets with PRs to figure out whether bugs are really
reproducible in PRs only. Since forks (including systemd-stable) are
usually based on the upstream repository where almost all the bugs
are fixed before releases are cut it should be safe to assume that
if CFLite finds bugs in PRs they are most likely introduced in those
PRs.

It should probably be brought back once https://github.com/google/clusterfuzzlite/issues/84
is fixed.
2022-01-30 10:17:25 +00:00
Evgeny Vereshchagin
e46c743a57 ci: update GHActions once a month
Apparently some actions like CodeQL are released a few times a week so let's
just update them once a month in one fell swoop.
2022-01-29 19:26:14 +00:00
Evgeny Vereshchagin
81f84a2c0b ci: use CFLite to test forks (including systemd-stable)
It's like CIFuzz but unlike CIFuzz it's compatible with forks and
it should make it possible to run the fuzzers to make sure that
patches backported to them are backported correctly without introducing
new bugs and regressions.
2022-01-29 18:37:17 +00:00
dependabot[bot]
da9be066cb build(deps): bump github/codeql-action from 1.0.27 to 1.0.29
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.27 to 1.0.29.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cd783c8a29...384cfc42b2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-24 11:18:48 +03:00
Frantisek Sumsal
ab9760b846 github: point to "tags" instead of "releases" in systemd-stable
since we don't do releases there.

Mentioned in https://github.com/systemd/systemd/issues/22230#issue-1111991271.
2022-01-24 06:53:43 +09:00
Evgeny Vereshchagin
881b152660 ci: point mkosi to commit where "testing" is fixed
https://github.com/systemd/mkosi/pull/886
2022-01-18 10:30:33 +00:00
Evgeny Vereshchagin
cd7b60a7ed
Merge pull request #22142 from evverx/libxkbcommon-dev
ci: get Coverity and CodeQL to analyze the "libxkbcommon" part
2022-01-18 00:15:56 +03:00
dependabot[bot]
a68b244399 build(deps): bump github/codeql-action from 1.0.26 to 1.0.27
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.26 to 1.0.27.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](5f53256358...cd783c8a29)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-17 09:12:55 +03:00
Evgeny Vereshchagin
992d7f341f ci: trigger CodeQL on PRs when its dependencies change 2022-01-17 01:59:55 +00:00
Evgeny Vereshchagin
54ed8884d3 ci: get Coverity and CodeQL to analyze the "libxkbcommon" part
By analogy with https://github.com/systemd/systemd/pull/22138, to get
the static analyzers to analyze that part of code that package should
be installed there as well.
2022-01-16 15:33:07 +00:00
Evgeny Vereshchagin
e8f93a60a2 ci: install libbpf-dev in the unit_tests workflow
Those dependencies are also used by Coverity and Codeql so
it should be installed there to get them to analyze that code.

Judging by https://github.com/systemd/systemd/pull/22137 it seems
to be working.
2022-01-16 13:13:34 +00:00
Evgeny Vereshchagin
9e360c6bf1 ci: switch to requirements.txt in the unit tests workflow 2022-01-14 10:29:23 +00:00
Evgeny Vereshchagin
007721e939 ci: turn meson warnings into errors 2022-01-14 01:53:37 +03:00
Evgeny Vereshchagin
4e1ab496ae {build|unit}-test: show meson-log.txt when meson fails
to make it easier to figure out why it fails.

For example in https://github.com/systemd/systemd/runs/4799774735?check_suite_focus=true
it failed with
```

meson.build:1003:8: ERROR: Command "/usr/bin/clang -print-targets" failed with status 1.

A full log can be found at /home/runner/work/systemd/systemd/build/meson-logs/meson-log.txt
Error: Process completed with exit code 1.
```
and it wasn't clear what exactly happened there.
2022-01-13 20:27:25 +09:00
Luca Boccassi
c9b1efdf14
Merge pull request #21990 from keszybz/indentation-and-comments
Indentation and comments
2022-01-04 00:18:10 +00:00
Zbigniew Jędrzejewski-Szmek
b36c5e9587 various: fix three spelling issues found by fossies 2022-01-03 21:16:06 +01:00
Frantisek Sumsal
3fd864aea7 ci: bump mkosi to v12 with libsolv workaround
Replaces: https://github.com/systemd/systemd/pull/21574
Related:
    * https://github.com/systemd/mkosi/issues/861
    * https://github.com/systemd/mkosi/pull/878
2022-01-03 15:56:22 +03:00
Jan Janssen
bbbf1c3d32 ci: Test efi binaries for section table gaps 2022-01-02 20:05:58 +01:00
dependabot[bot]
b774de1883 build(deps): bump meson from 0.60.2 to 0.60.3 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 0.60.2 to 0.60.3.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/0.60.2...0.60.3)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-01 17:40:39 +03:00
dependabot[bot]
987202b2c1 build(deps): bump github/super-linter from 4.8.4 to 4.8.5
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.4 to 4.8.5.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](563be7dc55...b8641364ca)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-27 12:33:34 +03:00
Evgeny Vereshchagin
bfa6bd1be0 ci: replace apt-key with signed-by
to limit the scope of the key to apt.llvm.org only.

This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/
2021-12-26 15:38:42 +00:00
Frantisek Sumsal
298cff6171 ci: test build with supported cryptolibs to some degree
Let's assign a specific -Dcryptolib= value to each job to have at least
some coverage for all supported cryptolibs without unnecessarily
multiplying the test matrix.

Should provide coverage for #21880.
2021-12-24 16:24:16 +01:00
Frantisek Sumsal
7b55f29797 ci: drop build test with -O2, since it's covered by -O3 tests 2021-12-24 16:24:16 +01:00
dependabot[bot]
219c1dc780 build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](da838ae959...82c141cc51)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-20 13:14:23 +03:00
dependabot[bot]
fdae4504c7 build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.2.4 to 2.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](27121b0bdf...da838ae959)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-13 14:45:19 +03:00
Luca Boccassi
a0630d46a5
Merge pull request #21749 from nabijaczleweli/bashpsko
Shebang bash via env
2021-12-13 11:11:39 +00:00
dependabot[bot]
1805759ea0 build(deps): bump github/codeql-action from 1.0.25 to 1.0.26
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.25 to 1.0.26.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](546b30f35a...5f53256358)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-13 13:18:55 +03:00
наб
f1e6f93372
Change all fixed-path bash shebangs to /u/b/env bash outside test/ 2021-12-12 21:13:50 +01:00
Jan Janssen
aa22e69856 ci: Build test with different linkers 2021-12-11 11:03:29 +01:00
Frantisek Sumsal
f7e3951d41 ci: run mkosi in a wrapper
So we can mitigate (to some degree) the reoccurring "dissect timeout"
issue:

```
Run sudo python3 -m mkosi boot systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console
Failed to dissect image '/home/runner/work/systemd/systemd/image.raw': Connection timed out
Error: Process completed with exit code 1.
```
2021-12-10 10:25:45 +01:00
Frantisek Sumsal
24acd4064e ci: check for failed services after boot
This should, hopefully, catch issues like systemd/systemd#21671
automagically.
2021-12-10 10:25:43 +01:00
Frantisek Sumsal
efea45f19c ci: ignore FIXME alerts in the CodeQL Action
We already track them in LGTM and it unnecessarily clutters the Security
page.
2021-12-08 12:42:28 +00:00
Frantisek Sumsal
72af88f231 github: mention the systemd-devel ML in the new issue tab 2021-12-07 16:28:56 +01:00
Frantisek Sumsal
a3f0533ffc ci: pack-ify our custom CodeQL queries and enable them in Actions
Unlike LGTM, the CodeQL Action requires the custom queries to have their
own qlpack.yml file, so let's provide one.
2021-12-07 14:57:09 +01:00
Frantisek Sumsal
a6319961c9 ci: run the CodeQL action also when its configuration changes
Just to make sure we didn't break anything.
2021-12-07 14:45:06 +01:00
Frantisek Sumsal
64f625a212 ci: sync the list of CodeQL queries with LGTM 2021-12-07 14:45:04 +01:00
Evgeny Vereshchagin
4997d1b965 ci: pin python dependencies and let Dependabot keep track of them 2021-12-07 09:08:26 +00:00