summaryrefslogtreecommitdiff
path: root/.github
Commit message (Collapse)AuthorAgeFilesLines
...
* ci: pack-ify our custom CodeQL queries and enable them in ActionsFrantisek Sumsal2021-12-071-1/+4
| | | | | Unlike LGTM, the CodeQL Action requires the custom queries to have their own qlpack.yml file, so let's provide one.
* ci: run the CodeQL action also when its configuration changesFrantisek Sumsal2021-12-071-1/+4
| | | | Just to make sure we didn't break anything.
* ci: sync the list of CodeQL queries with LGTMFrantisek Sumsal2021-12-073-0/+43
|
* ci: pin python dependencies and let Dependabot keep track of themEvgeny Vereshchagin2021-12-073-3/+26
|
* build(deps): bump github/codeql-action from 1.0.24 to 1.0.25dependabot[bot]2021-12-071-3/+3
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.24 to 1.0.25. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e095058bfa09de8070f94e98f5dc059531bc6235...546b30f35ae5a3db0e0be1843008c2224f71c3b0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* ci: consider `cryptolib` in the group identifierFrantisek Sumsal2021-12-031-1/+1
| | | | | | | otherwise we end up with more than one job with the same identifier in one run, causing some of them to get cancelled unexpectedly. A quick follow-up to 85bd394df57fe45c2873605e2c1d1d79e83e853d.
* ci: install libbpfFrantisek Sumsal2021-12-031-1/+2
|
* ci: expand the test framework to cover opensslZbigniew Jędrzejewski-Szmek2021-12-022-1/+11
|
* build(deps): bump github/codeql-action from 1.0.23 to 1.0.24dependabot[bot]2021-11-251-3/+3
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.23 to 1.0.24. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/a627e9fa504113bfa8e90a9b429b157a38b1cdbd...e095058bfa09de8070f94e98f5dc059531bc6235) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* build(deps): bump github/codeql-action from 1.0.22 to 1.0.23dependabot[bot]2021-11-181-3/+3
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.22 to 1.0.23. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5581e08a65fc3811c3ac78939dd59e7a8adbf003...a627e9fa504113bfa8e90a9b429b157a38b1cdbd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* ci: switch to weekly dependabot updatesEvgeny Vereshchagin2021-11-171-1/+1
| | | | | | | | Apparently some dependencies get updated much more often than I would have exepected. It can always be triggered manually at https://github.com/systemd/systemd/network/dependencies if there are any urgent updates
* build(deps): bump github/super-linter from 4.8.3 to 4.8.4dependabot[bot]2021-11-171-1/+1
| | | | | | | | | | | | | | | Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.3 to 4.8.4. - [Release notes](https://github.com/github/super-linter/releases) - [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md) - [Commits](https://github.com/github/super-linter/compare/7d5dc989c55aaba9d3b7194a7496cdfaa4866af3...563be7dc5568017515b9e700329e9c6d3862f2b7) --- updated-dependencies: - dependency-name: github/super-linter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* ci: run codeql on PRs from DependabotEvgeny Vereshchagin2021-11-171-0/+3
| | | | | To make sure PRs like https://github.com/systemd/systemd/pull/21409 don't break anything.
* ci: pin mkosi to SHAs as wellEvgeny Vereshchagin2021-11-151-1/+1
|
* build(deps): bump github/super-linter from 4.8.1 to 4.8.3dependabot[bot]2021-11-151-1/+1
| | | | | | | | | | | | | | | Bumps [github/super-linter](https://github.com/github/super-linter) from 4.8.1 to 4.8.3. - [Release notes](https://github.com/github/super-linter/releases) - [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md) - [Commits](https://github.com/github/super-linter/compare/fd9c4286d3de3fdd9258a395570cae287f13f974...7d5dc989c55aaba9d3b7194a7496cdfaa4866af3) --- updated-dependencies: - dependency-name: github/super-linter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* ci: tighten codeql and labeler even moreEvgeny Vereshchagin2021-11-142-2/+5
| | | | | | | | by moving the read permissions to the top level and granting additional permissions to the specific jobs. It should help to prevent new jobs that could be added there eventually from having write access to resources they most likely would never need.
* ci: LGPLv2+ify dependapot config and codeql actionEvgeny Vereshchagin2021-11-142-0/+6
|
* ci: pin the codeql action to SHAsEvgeny Vereshchagin2021-11-141-3/+3
| | | | | | | It's a follow-up to https://github.com/systemd/systemd/pull/21316. Judging by https://github.com/evverx/systemd/pull/36, Dependabot supports their release cycle
* ci: mimic the "restricted" modeEvgeny Vereshchagin2021-11-146-6/+12
| | | | | | | | | | Judging by https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token it should be enough to grant the "read contents" permission to most of our actions. The "read metadata" permission is set impliciclty somewhere and can't be set via the "permissions" setting: ``` The workflow is not valid. .github/workflows/linter.yml (Line: 14, Col: 3): Unexpected value 'metadata' ```
* ci: tighten several GHActions a bit moreEvgeny Vereshchagin2021-11-137-0/+17
| | | | with https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions
* build(deps): bump actions/checkout from 2 to 2.4.0dependabot[bot]2021-11-136-6/+6
| | | | | | | | | | | | | | | Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...ec3a7ce113134d7a93b817d10a8272cb61118579) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* Merge pull request #21342 from evverx/dependabot-errorFrantisek Sumsal2021-11-132-1/+2
|\ | | | | ci: try to fix a Dependabot error
| * ci: allow Dependabot to open up to 2 PRsEvgeny Vereshchagin2021-11-111-0/+1
| | | | | | | | | | | | | | | | Apparently version updates aren't always disabled on old forks, which leads to new PRs opened there. To somewhat mitigate the issue let's limit the number of PRs Dependabot can create. It was reported in https://github.com/yuwata/systemd/pull/2#issuecomment-967737195
| * try to fix a Dependabot errorEvgeny Vereshchagin2021-11-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` updater | ERROR <job_232492775> Error processing actions/checkout (RuntimeError) updater | ERROR <job_232492775> No files changed! updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/vendor/ruby/2.7.0/gems/dependabot-github_actions-0.166.0/lib/dependabot/github_actions/file_updater.rb:28:in `updated_dependency_files' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:676:in `generate_dependency_files_for' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:274:in `check_and_create_pull_request' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:82:in `check_and_create_pr_with_error_handling' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `block in run' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `each' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:56:in `run' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/update_files_job.rb:17:in `perform_job' updater | ERROR <job_232492775> /home/dependabot/dependabot-updater/lib/dependabot/base_job.rb:28:in `run' updater | ERROR <job_232492775> bin/update_files.rb:21:in `<main>` ```
* | ci: run the unit_tests and mkosi jobs on stable branches as wellFrantisek Sumsal2021-11-133-0/+4
|/ | | | | | To provide more coverage for the systemd-stable repo. See: https://github.com/systemd/systemd-stable/issues/24
* ci: pin some workflows to SHAsEvgeny Vereshchagin2021-11-113-3/+3
| | | | | | | | to let Dependabot keep track of them using SHAs codeql-actions doesn't point to SHAs because it isn't clear whether Dependabot supports their release cycle mentioned at https://github.com/github/codeql-action/issues/307
* ci: pin labelerEvgeny Vereshchagin2021-11-112-1/+7
| | | | | | | | | | | | Turns out GHActions where `pull_request_target` is used are capable of pwning repositories: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ labeler doesn't check out the source code or build anything so it's safe in its current form but to avoid surprises let's just pin it to the latest version. It's annoying to manage dependencies like this manually so additionally dependabot.yml is introduced to make it easier to keep GHActions up to date more or less automatically: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
* ci: run codeql-analysis dailyEvgeny Vereshchagin2021-11-121-0/+42
| | | | | | | https://github.com/github/codeql-action Apparently to judge from a couple of warnings I haven't seen before it's a bit different from LGTM.
* ci: take CIFuzz's matrix into considerationFrantisek Sumsal2021-11-101-1/+1
| | | | | | Otherwise the jobs will try to cancel each other out. Follow-up to 3884837610168e6fb69fc2d5709f6c017a30beb9.
* ci: cancel previous jobs on ref updateFrantisek Sumsal2021-11-105-0/+15
| | | | | | | Let's save the environment (and reduce the number of jobs in GH Actions queues) by cancelling old jobs on a ref update (force push). See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency
* ci: fix indentationFrantisek Sumsal2021-11-101-29/+29
|
* Revert "CI: run GCC unit test job on push to main"Frantisek Sumsal2021-11-101-7/+0
| | | | | | This reverts commit c1036042f5aa3369d771776fb6d57fac2543d80d. Follow-up to 0ad536c16a940b4557322f3f811db73c4b374898.
* Revert "CI: disable opensuse mkosi CI"Michal Koutný2021-11-091-2/+1
| | | | | | | | | | | | | This reverts commit ab6df5208396b7069d5c12aa9c21b8ecdb689de1. The image build failed during kernel RPM installation (bug in %post scriptlet). This has been fixed in the package suse-module-tools 16.0.13 [1]. The fix is in openSUSE Tumbleweed repos so the tests can be enabled again. [1] https://github.com/openSUSE/suse-module-tools/pull/53 Fixes: #21019
* CI: disable code coverage in GH ActionLuca Boccassi2021-10-212-15/+0
| | | | | | | It is now ran on the nightly CentOS build, so that it can cover integration tests too, and not just unit tests. It's nightly as it considerably increases the integration test runtime, so it's not appropriate for all PRs.
* CI: disable opensuse mkosi CIDaan De Meyer2021-10-191-1/+2
| | | | | | Until https://github.com/systemd/systemd/issues/21019 is fixed, there's no point in running the opensuse CI job so let's disable it for now.
* ci: use the system llvm-11 package on FocalFrantisek Sumsal2021-10-121-5/+11
| | | | | | ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 provided by the apt.llvm.org repositories. Let's use the system llvm package if available in such cases to avoid that.
* ci: use LGPLv2+ for all our ci configurationZbigniew Jędrzejewski-Szmek2021-10-0110-0/+11
|
* github: use the same headers on yaml filesZbigniew Jędrzejewski-Szmek2021-10-013-4/+9
| | | | | Also adjust the mention of location of mkosi files, follow-up for d55ad7fe96eb1edf438a7a41a465723bd29d4b10.
* licensing: say that our github docs are LGPLv2.1+Zbigniew Jędrzejewski-Szmek2021-10-012-2/+2
| | | | This mirros what 0aff7b7584 did for docs/.
* ci: introduce Super-Linter for shell scriptsFrantisek Sumsal2021-09-301-0/+38
| | | | See: https://github.com/marketplace/actions/super-linter
* ci: shellcheck-ify CI scriptsFrantisek Sumsal2021-09-292-2/+4
|
* Revert "CI: run unit tests in a network namespace"Yu Watanabe2021-09-291-5/+2
| | | | This reverts commit 8b036b223a40fac9e53189db05d3798ec11eb475.
* CI: run GCC unit test job on push to mainLuca Boccassi2021-09-291-0/+7
| | | | Allows to get coverage data on coveralls.io
* CI: do manpages build only on the clang unit test runLuca Boccassi2021-09-271-1/+3
| | | | It's slow and unaffected by compiler/flags, so no point in repeating it
* CI: add code coverage reports via lcov and coveralls.ioLuca Boccassi2021-09-272-2/+17
|
* CI: run unit tests in a network namespaceLuca Boccassi2021-09-271-2/+5
| | | | | | It seems some of the tests break network connectivity on the host, as the code coverage upload fails to establish a connection. Run them in a network namespace with 'unshare -n'.
* mkosi: Fix CIDaan De Meyer2021-09-211-6/+6
| | | | | | | | | | \#20629 moved the mkosi configs to mkosi.default.d/ so we were building for the host distro (Ubuntu) in each CI configuration. To fix it, we write the distro we want to test to a mkosi.default file and mkosi will apply the other necessary configs automatically from mkosi.default.d/<distro> This commit also removes unnecessary CLI options that are already handled by the config files.
* ci: build with clang-13Frantisek Sumsal2021-09-141-1/+1
| | | | Also, drop clang-10 builds to conserve resources.
* ci: Add openSUSE Tumbleweed among tested distrosMichal Koutný2021-08-041-0/+1
|
* ci: Detect shell prompt with higher specificityMichal Koutný2021-08-041-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | The current pattern '#' triggers on the openSUSE kernel version that is printed early during boot when no actual prompt is ready > [ 0.000000] Linux version 5.12.10-1-default (geeko@buildhost) (gcc (SUSE Linux) 11.1.1 20210510 [revision 23855a176609fe8dda6abaf2b21846b4517966eb], GNU ld (GNU Binutils; openSUSE Tumbleweed) 2.36.1.20210326-4) #1 SMP Fri Jun 11 05:05:06 UTC 2021 (b92eaf7) Instead wait for pattern that: a) should have fewer false positives, b) still be with working on distro shells: openSUSE (red color) ^[[1m^[[31mimage:~ #^[[m^O arch [root@image ~]# debian root@image:~# ubuntu root@image:~# fedora [root@image ~]#
View Lorry Controller Status