From ce145f57d9021a2798ba36d02d8f4a5dccc665a6 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Thu, 29 Feb 2024 13:16:38 +0100 Subject: [PATCH] remove unneeded jobs for rel/auth-4.9.x branch --- .../build-and-test-all-releases-dispatch.yml | 68 ------ .github/workflows/build-packages.yml | 214 ------------------ .github/workflows/build-tags.yml | 46 ---- .github/workflows/builder-dispatch.yml | 54 ----- .../workflows/builder-releases-dispatch.yml | 68 ------ .github/workflows/builder.yml | 56 ----- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/documentation.yml | 114 ---------- .github/workflows/misc-dailies.yml | 128 ----------- .github/workflows/secpoll.yml | 32 --- 11 files changed, 2 insertions(+), 782 deletions(-) delete mode 100644 .github/workflows/build-and-test-all-releases-dispatch.yml delete mode 100644 .github/workflows/build-packages.yml delete mode 100644 .github/workflows/build-tags.yml delete mode 100644 .github/workflows/builder-dispatch.yml delete mode 100644 .github/workflows/builder-releases-dispatch.yml delete mode 100644 .github/workflows/builder.yml delete mode 100644 .github/workflows/documentation.yml delete mode 100644 .github/workflows/misc-dailies.yml delete mode 100644 .github/workflows/secpoll.yml diff --git a/.github/workflows/build-and-test-all-releases-dispatch.yml b/.github/workflows/build-and-test-all-releases-dispatch.yml deleted file mode 100644 index 7becc6011acb..000000000000 --- a/.github/workflows/build-and-test-all-releases-dispatch.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -name: Trigger workflow build-and-test-all for different releases - -on: - workflow_dispatch: - schedule: - - cron: '0 22 * * 4' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - actions: read - contents: read - -jobs: - call-build-and-test-all-auth-48: - name: Call build-and-test-all rel/auth-4.8.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/auth-4.8.x - with: - branch-name: rel/auth-4.8.x - - call-build-and-test-all-auth-47: - name: Call build-and-test-all rel/auth-4.7.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/auth-4.7.x - with: - branch-name: rel/auth-4.7.x - - call-build-and-test-all-auth-46: - name: Call build-and-test-all rel/auth-4.6.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/auth-4.6.x - with: - branch-name: rel/auth-4.6.x - - call-build-and-test-all-rec-50: - name: Call build-and-test-all rel/rec-5.0.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/rec-5.0.x - with: - branch-name: rel/rec-5.0.x - - call-build-and-test-all-rec-49: - name: Call build-and-test-all rel/rec-4.9.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/rec-4.9.x - with: - branch-name: rel/rec-4.9.x - - call-build-and-test-all-rec-48: - name: Call build-and-test-all rel/rec-4.8.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/rec-4.8.x - with: - branch-name: rel/rec-4.8.x - - call-build-and-test-all-dnsdist-18: - name: Call build-and-test-all rel/dnsdist-1.8.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/dnsdist-1.8.x - with: - branch-name: rel/dnsdist-1.8.x - - call-build-and-test-all-dnsdist-17: - name: Call build-and-test-all rel/dnsdist-1.7.x - if: ${{ vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }} - uses: PowerDNS/pdns/.github/workflows/build-and-test-all.yml@rel/dnsdist-1.7.x - with: - branch-name: rel/dnsdist-1.7.x diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml deleted file mode 100644 index 13ab3a36b379..000000000000 --- a/.github/workflows/build-packages.yml +++ /dev/null @@ -1,214 +0,0 @@ ---- -name: Build packages - -on: - workflow_call: - inputs: - product: - required: true - description: Product to build - type: string - os: - required: false - description: OSes to build for, space separated - type: string - # please remember to update the pkghashes below when you - # update this list, as well as the one in builder-dispatch.yml - default: >- - el-7 - el-8 - el-9 - debian-buster - debian-bullseye - debian-bookworm - ubuntu-focal - ubuntu-jammy - ref: - description: git ref to checkout - type: string - default: master - required: false - is_release: - description: is this a release build? - type: string - required: false - default: 'NO' - secrets: - DOWNLOADS_AUTOBUILT_SECRET: - required: true - DOWNLOADS_AUTOBUILT_RSYNCTARGET: - required: true - DOWNLOADS_AUTOBUILT_HOSTKEY: - required: true - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - prepare: - name: generate OS list - runs-on: ubuntu-20.04 - outputs: - oslist: ${{ steps.get-oslist.outputs.oslist }} - steps: - # instead of jo, we could use jq here, which avoids running apt, and thus would be faster. - # but, as this whole workflow needs at least 30 minutes to run, I prefer spending a few seconds here - # so that the command remains readable, because jo is simpler to use. - - run: sudo apt-get update && sudo apt-get -y install jo - - id: get-oslist - run: echo "oslist=$(jo -a ${{ inputs.os }})" >> "$GITHUB_OUTPUT" - build: - needs: prepare - name: build ${{ inputs.product }} (${{ inputs.ref }}) for ${{ matrix.os }} - # on a ubuntu-20.04 VM - runs-on: ubuntu-20.04 - strategy: - matrix: - os: ${{fromJson(needs.prepare.outputs.oslist)}} - fail-fast: false - outputs: - version: ${{ steps.getversion.outputs.version }} - pkghashes-el-7: ${{ steps.pkghashes.outputs.pkghashes-el-7 }} - pkghashes-el-8: ${{ steps.pkghashes.outputs.pkghashes-el-8 }} - pkghashes-el-9: ${{ steps.pkghashes.outputs.pkghashes-el-9 }} - pkghashes-debian-buster: ${{ steps.pkghashes.outputs.pkghashes-debian-buster }} - pkghashes-debian-bullseye: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye }} - pkghashes-debian-bookworm: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm }} - pkghashes-ubuntu-focal: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-focal }} - pkghashes-ubuntu-jammy: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-jammy }} - srchashes: ${{ steps.srchashes.outputs.srchashes }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # for correct version numbers - submodules: recursive - ref: ${{ inputs.ref }} - # this builds packages and runs our unit tests (make check) - - run: IS_RELEASE=${{ inputs.is_release}} builder/build.sh -v -m ${{ inputs.product }} ${{ matrix.os }} - - name: Get version number - run: | - echo "version=$(readlink builder/tmp/latest)" >> $GITHUB_OUTPUT - id: getversion - - name: Upload packages as GH artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ inputs.product }}-${{ matrix.os }}-${{ steps.getversion.outputs.version }} - path: built_pkgs/ - retention-days: 7 - - name: Normalize package name - id: normalize-name - run: | - if [ "x${{ inputs.product }}" = "xauthoritative" ]; then - echo "normalized-package-name=pdns" >> $GITHUB_OUTPUT - elif [ "x${{ inputs.product }}" = "xrecursor" ]; then - echo "normalized-package-name=pdns-recursor" >> $GITHUB_OUTPUT - else - echo "normalized-package-name=${{ inputs.product }}" >> $GITHUB_OUTPUT - fi - - - name: Extract packages from the tarball - # so we get provenance for individual packages (and the JSON package manifests from the builder) - id: extract - run: | - mkdir -m 700 -p ./packages/ - tar xvf ./built_pkgs/*/*/${{ steps.normalize-name.outputs.normalized-package-name }}-${{ steps.getversion.outputs.version }}-${{ matrix.os }}.tar.bz2 -C ./packages/ --transform='s/.*\///' - - name: Generate package hashes for provenance - shell: bash - id: pkghashes - run: | - echo "pkghashes-${{ matrix.os }}=$(sha256sum ./packages/*.rpm ./packages/*.deb ./packages/*.json | base64 -w0)" >> $GITHUB_OUTPUT - - name: Generate source hash for provenance - shell: bash - id: srchashes - run: | - echo "srchashes=$(sha256sum ./built_pkgs/*/*/${{ steps.normalize-name.outputs.normalized-package-name }}-${{ steps.getversion.outputs.version }}.tar.bz2 ./packages/*.json | base64 -w0)" >> $GITHUB_OUTPUT - - name: Upload packages to downloads.powerdns.com - env: - SSHKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} - if: - "${{ env.SSHKEY != '' }}" - run: | - mkdir -m 700 -p ~/.ssh - echo "$SSHKEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "$HOSTKEY" > ~/.ssh/known_hosts - rsync -4rlptD built_pkgs/* "$RSYNCTARGET" - - check-hashes: - needs: build - name: Check if hashes were created for all requested targets - runs-on: ubuntu-20.04 - steps: - - name: Get list of outputs from build jobs - run: echo '${{ toJSON(needs.build.outputs) }}' | jq 'keys[]' | grep -v version | tee /tmp/build-outputs.txt - - name: Get list of OS inputs - run: for i in ${{ inputs.os }}; do echo "\"pkghashes-$i\""; done | sort | tee /tmp/os-inputs.txt; echo "\"srchashes\"" | tee -a /tmp/os-inputs.txt - - name: Fail if there is a hash missing - run: if ! diff -q /tmp/build-outputs.txt /tmp/os-inputs.txt; then exit 1; fi - - provenance-pkgs: - needs: [prepare, build] - name: Generate provenance for ${{ inputs.product }} (${{ inputs.ref }}) for ${{ matrix.os }} - strategy: - matrix: - os: ${{fromJson(needs.prepare.outputs.oslist)}} - permissions: - actions: read # To read the workflow path. - id-token: write # To sign the provenance. - contents: write # To be able to upload assets as release artifacts - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 - with: - base64-subjects: "${{ needs.build.outputs[format('pkghashes-{0}', matrix.os)] }}" - upload-assets: false - provenance-name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-${{ matrix.os}}.intoto.jsonl" - - provenance-src: - needs: build - name: Generate provenance for ${{ inputs.product }} (${{ inputs.ref }}) source tarball - permissions: - actions: read # To read the workflow path. - id-token: write # To sign the provenance. - contents: write # To be able to upload assets as release artifacts - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 - with: - base64-subjects: "${{ needs.build.outputs.srchashes }}" - upload-assets: false - provenance-name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-src.intoto.jsonl" - - upload-provenance: - needs: [prepare, build, provenance-src, provenance-pkgs] - name: Upload the provenance artifacts to downloads.powerdns.com - runs-on: ubuntu-20.04 - strategy: - matrix: - os: ${{fromJson(needs.prepare.outputs.oslist)}} - steps: - - name: Download source tarball provenance for ${{ inputs.product }} (${{ inputs.ref }}) - id: download-src-provenance - uses: actions/download-artifact@v3 # we need v3, see https://github.com/slsa-framework/slsa-github-generator/pull/3067/files - with: - name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-src.intoto.jsonl" - - name: Download provenance for ${{ inputs.product }} (${{ inputs.ref }}) for ${{ matrix.os }} - id: download-provenance - uses: actions/download-artifact@v3 # we need v3, see https://github.com/slsa-framework/slsa-github-generator/pull/3067/files - with: - name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-${{ matrix.os}}.intoto.jsonl" - - name: Upload provenance artifacts to downloads.powerdns.com - id: upload-provenance - env: - SSHKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} - PRODUCT: ${{ inputs.product }} - VERSION: ${{ needs.build.outputs.version }} - if: - "${{ env.SSHKEY != '' }}" - shell: bash - run: | - mkdir -m 700 -p ~/.ssh - echo "$SSHKEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "$HOSTKEY" > ~/.ssh/known_hosts - rsync -4rlptD ${{steps.download-src-provenance.outputs.download-path}}/*.jsonl ${{steps.download-provenance.outputs.download-path}}/*.jsonl "${RSYNCTARGET}/${PRODUCT}/${VERSION}/" diff --git a/.github/workflows/build-tags.yml b/.github/workflows/build-tags.yml deleted file mode 100644 index 6431ec9d5ff9..000000000000 --- a/.github/workflows/build-tags.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -name: Build packages for tags - -on: - push: - tags: - - 'auth-*' - - 'dnsdist-*' - - 'rec-*' - -jobs: - call-build-packages-auth: - uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master - if: startsWith(github.ref_name, 'auth') - with: - is_release: 'YES' - product: 'authoritative' - ref: ${{ github.ref_name }} - secrets: - DOWNLOADS_AUTOBUILT_SECRET: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - DOWNLOADS_AUTOBUILT_RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - DOWNLOADS_AUTOBUILT_HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} - - call-build-packages-dnsdist: - uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master - if: startsWith(github.ref_name, 'dnsdist') - with: - is_release: 'YES' - product: 'dnsdist' - ref: ${{ github.ref_name }} - secrets: - DOWNLOADS_AUTOBUILT_SECRET: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - DOWNLOADS_AUTOBUILT_RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - DOWNLOADS_AUTOBUILT_HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} - - call-build-packages-rec: - uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master - if: startsWith(github.ref_name, 'rec') - with: - is_release: 'YES' - product: 'recursor' - ref: ${{ github.ref_name }} - secrets: - DOWNLOADS_AUTOBUILT_SECRET: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - DOWNLOADS_AUTOBUILT_RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - DOWNLOADS_AUTOBUILT_HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} diff --git a/.github/workflows/builder-dispatch.yml b/.github/workflows/builder-dispatch.yml deleted file mode 100644 index 0e680324b41c..000000000000 --- a/.github/workflows/builder-dispatch.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -name: Trigger specific package build - -on: - workflow_dispatch: - inputs: - product: - description: Product to build - type: choice - options: - - authoritative - - recursor - - dnsdist - os: - description: OSes to build for, space separated - type: string - # please remember to update build-packages.yml as well - default: >- - el-7 - el-8 - el-9 - debian-buster - debian-bullseye - debian-bookworm - ubuntu-focal - ubuntu-jammy - ref: - description: git ref to checkout - type: string - default: master - is_release: - description: is this a release build? - type: choice - options: - - 'NO' - - 'YES' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - actions: read - contents: write # To be able to upload assets as release artifacts - id-token: write # To sign the provenance in the build packages reusable workflow. - -jobs: - call-build-packages: - uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master - with: - product: ${{ github.event.inputs.product }} - os: ${{ github.event.inputs.os }} - ref: ${{ github.event.inputs.ref }} - is_release: ${{ github.event.inputs.is_release }} - secrets: - DOWNLOADS_AUTOBUILT_SECRET: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - DOWNLOADS_AUTOBUILT_RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - DOWNLOADS_AUTOBUILT_HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} diff --git a/.github/workflows/builder-releases-dispatch.yml b/.github/workflows/builder-releases-dispatch.yml deleted file mode 100644 index 2e967561765f..000000000000 --- a/.github/workflows/builder-releases-dispatch.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -name: Trigger workflow builder for different releases - -on: - workflow_dispatch: - schedule: - - cron: '0 2 * * *' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - actions: read - contents: read - -jobs: - call-builder-auth-48: - name: Call builder rel/auth-4.8.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/auth-4.8.x - with: - branch-name: rel/auth-4.8.x - - call-builder-auth-47: - name: Call builder rel/auth-4.7.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/auth-4.7.x - with: - branch-name: rel/auth-4.7.x - - call-builder-auth-46: - name: Call builder rel/auth-4.6.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/auth-4.6.x - with: - branch-name: rel/auth-4.6.x - - call-builder-rec-50: - name: Call builder rel/rec-5.0.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/rec-5.0.x - with: - branch-name: rel/rec-5.0.x - - call-builder-rec-49: - name: Call builder rel/rec-4.9.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/rec-4.9.x - with: - branch-name: rel/rec-4.9.x - - call-builder-rec-48: - name: Call builder rel/rec-4.8.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/rec-4.8.x - with: - branch-name: rel/rec-4.8.x - - call-builder-dnsdist-18: - name: Call builder rel/dnsdist-1.8.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/dnsdist-1.8.x - with: - branch-name: rel/dnsdist-1.8.x - - call-builder-dnsdist-17: - name: Call builder rel/dnsdist-1.7.x - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/dnsdist-1.7.x - with: - branch-name: rel/dnsdist-1.7.x diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml deleted file mode 100644 index 759229824548..000000000000 --- a/.github/workflows/builder.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -name: 'Test package building for specific distributions' - -on: - workflow_call: - inputs: - branch-name: - description: 'Checkout to a specific branch' - required: true - default: '' - type: string - schedule: - - cron: '0 1 * * *' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - build: - name: build.sh - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - # on a ubuntu-20.04 VM - runs-on: ubuntu-20.04 - strategy: - matrix: - product: ['authoritative', 'recursor', 'dnsdist'] - os: - - centos-7 - - el-8 - - centos-8-stream - - centos-9-stream - - ubuntu-lunar - - ubuntu-mantic - - ubuntu-noble - - debian-bookworm - - debian-trixie - - amazon-2023 - fail-fast: false - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # for correct version numbers - submodules: recursive - ref: ${{ inputs.branch-name }} - # this builds packages and runs our unit test (make check) - - run: builder/build.sh -v -m ${{ matrix.product }} ${{ matrix.os }} - - name: Get version number - run: | - echo "version=$(readlink builder/tmp/latest)" >> $GITHUB_OUTPUT - id: getversion - - name: Upload packages - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.product }}-${{ matrix.os }}-${{ steps.getversion.outputs.version }} - path: built_pkgs/ - retention-days: 7 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 168f1c23389d..05e1e6e26818 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] language: ['cpp'] - product: ['auth', 'rec', 'dnsdist'] + product: ['auth'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6493b8529ffd..8ee78336f307 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - product: ['auth', 'recursor', 'dnsdist'] + product: ['auth'] steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml deleted file mode 100644 index cb6828ec59f5..000000000000 --- a/.github/workflows/documentation.yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -name: 'Documentation' - -on: - push: - branches: [master] - pull_request: - branches: [master] - -permissions: - contents: read - -jobs: - build-upload-docs: - name: Build and upload docs - runs-on: ubuntu-22.04 - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade # this runs apt update - - run: inv install-doc-deps - - run: inv install-doc-deps-pdf - - - id: get-version - run: | - echo "pdns_version=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - - id: setup-ssh - run: |- - inv ci-docs-add-ssh --ssh-key="$SSH_KEY" --host-key="$HOST_KEY" - echo "have_ssh_key=yes" >> $GITHUB_OUTPUT - env: - SSH_KEY: ${{secrets.WEB1_DOCS_SECRET}} - HOST_KEY: ${{vars.WEB1_HOSTKEY}} - if: ${{github.ref_name == 'master' && env.SSH_KEY != ''}} - - # Auth - - run: inv ci-docs-build - - run: mv html auth-html-docs - working-directory: ./docs/_build - - run: tar cf auth-html-docs.tar auth-html-docs - working-directory: ./docs/_build - - uses: actions/upload-artifact@v4 - with: - name: authoritative-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./docs/_build/auth-html-docs.tar - - run: bzip2 auth-html-docs.tar - if: ${{github.ref_name == 'master'}} - working-directory: ./docs/_build - - run: inv ci-docs-build-pdf - - uses: actions/upload-artifact@v4 - with: - name: PowerDNS-Authoritative-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./docs/_build/latex/PowerDNS-Authoritative.pdf - - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Authoritative.pdf" --username="docs_powerdns_com" --product="auth" --directory="/${AUTH_DOCS_DIR}/" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - AUTH_DOCS_DIR: ${{vars.AUTH_DOCS_DIR}} - if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}} - - # Rec - - run: inv ci-docs-rec-generate - working-directory: ./pdns/recursordist/settings - - run: inv ci-docs-build - working-directory: ./pdns/recursordist - - run: mv html rec-html-docs - working-directory: ./pdns/recursordist/docs/_build - - run: tar cf rec-html-docs.tar rec-html-docs - working-directory: ./pdns/recursordist/docs/_build - - uses: actions/upload-artifact@v4 - with: - name: recursor-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./pdns/recursordist/docs/_build/rec-html-docs.tar - - run: bzip2 rec-html-docs.tar - if: ${{github.ref_name == 'master'}} - working-directory: ./pdns/recursordist/docs/_build - - run: inv ci-docs-build-pdf - working-directory: ./pdns/recursordist - - uses: actions/upload-artifact@v4 - with: - name: PowerDNS-Recursor-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./pdns/recursordist/docs/_build/latex/PowerDNS-Recursor.pdf - - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="PowerDNS-Recursor.pdf" --username="docs_powerdns_com" --product="rec" --directory="/${REC_DOCS_DIR}/" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - REC_DOCS_DIR: ${{vars.REC_DOCS_DIR}} - if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}} - working-directory: ./pdns/recursordist - - # DNSdist - - run: inv ci-docs-build - working-directory: ./pdns/dnsdistdist - - run: mv html dnsdist-html-docs - working-directory: ./pdns/dnsdistdist/docs/_build - - run: tar cf dnsdist-html-docs.tar dnsdist-html-docs - working-directory: ./pdns/dnsdistdist/docs/_build - - uses: actions/upload-artifact@v4 - with: - name: dnsdist-html-docs-${{steps.get-version.outputs.pdns_version}} - path: ./pdns/dnsdistdist/docs/_build/dnsdist-html-docs.tar - - run: bzip2 dnsdist-html-docs.tar - if: ${{github.ref_name == 'master'}} - working-directory: ./pdns/dnsdistdist/docs/_build - - run: inv ci-docs-build-pdf - working-directory: ./pdns/dnsdistdist - - uses: actions/upload-artifact@v4 - with: - name: dnsdist-${{steps.get-version.outputs.pdns_version}}.pdf - path: ./pdns/dnsdistdist/docs/_build/latex/dnsdist.pdf - - run: inv ci-docs-upload-master --docs-host="${DOCS_HOST}" --pdf="dnsdist.pdf" --username="dnsdist_org" --product="dnsdist" - env: - DOCS_HOST: ${{vars.DOCS_HOST}} - if: ${{github.ref_name == 'master' && steps.setup-ssh.outputs.have_ssh_key != ''}} - working-directory: ./pdns/dnsdistdist diff --git a/.github/workflows/misc-dailies.yml b/.github/workflows/misc-dailies.yml deleted file mode 100644 index ea31204d8ee2..000000000000 --- a/.github/workflows/misc-dailies.yml +++ /dev/null @@ -1,128 +0,0 @@ -name: "Various daily checks" - -on: - schedule: - - cron: '34 4 * * *' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -env: - CLANG_VERSION: '12' - -jobs: - el7-devtoolset: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - - steps: - - name: Check whether a newer devtoolset exists - run: | - if docker run --rm centos:7 bash -c 'yum install -y centos-release-scl-rh && yum info devtoolset-12-gcc-c++' - then - echo "::warning file=builder-support/dockerfiles/Dockerfile.rpmbuild::A newer devtoolset exists. Please edit builder-support/dockerfiles/Dockerfile.rpmbuild, builder-support/dockerfiles/Dockerfile.rpmbuild, and .github/workflows/dailies.yml" - exit 1 - else - echo "::notice ::No newer devtoolset exists (good)" - exit 0 - fi - - check-debian-autoremovals: - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - - name: Check if Debian is about to toss us off a balcony - run: ./build-scripts/check-debian-autoremovals.py - - coverity-auth: - name: coverity scan of the auth - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_auth_token }} - FUZZING_TARGETS: no - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-auth-build-deps - - run: inv install-coverity-tools PowerDNS - - run: inv coverity-clang-configure - - run: inv ci-autoconf - - run: inv ci-auth-configure - - run: inv coverity-make - - run: inv coverity-tarball auth.tar.bz2 - - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2 - - coverity-dnsdist: - name: coverity scan of dnsdist - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }} - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-dnsdist-build-deps --skipXDP - - run: inv install-coverity-tools dnsdist - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure full - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-make - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-tarball dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - coverity-rec: - name: coverity scan of the rec - if: ${{ vars.SCHEDULED_MISC_DAILIES }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.coverity_rec_token }} - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-rec-build-deps - - run: inv install-coverity-tools 'PowerDNS+Recursor' - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/recursordist/ - - run: inv ci-rec-configure - working-directory: ./pdns/recursordist/ - - run: inv coverity-make - working-directory: ./pdns/recursordist/ - - run: inv coverity-tarball recursor.tar.bz2 - working-directory: ./pdns/recursordist/ - - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2 - working-directory: ./pdns/recursordist/ diff --git a/.github/workflows/secpoll.yml b/.github/workflows/secpoll.yml deleted file mode 100644 index 57278d764973..000000000000 --- a/.github/workflows/secpoll.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: 'Verify secpoll zone syntax' - -on: - push: - pull_request: - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - build: - name: check secpoll zone - # on a ubuntu-20.04 VM - runs-on: ubuntu-20.04 - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - - run: sh docs/secpoll-check.sh docs/secpoll.zone - - run: echo 'deb [arch=amd64] http://repo.powerdns.com/ubuntu focal-auth-master main' | sudo tee /etc/apt/sources.list.d/pdns.list - - run: "echo -ne 'Package: pdns-*\nPin: origin repo.powerdns.com\nPin-Priority: 600\n' | sudo tee /etc/apt/preferences.d/pdns" - - run: sudo curl https://repo.powerdns.com/CBC8B383-pub.asc -o /etc/apt/trusted.gpg.d/CBC8B383-pub.asc - - run: sudo apt-get update - - run: sudo systemctl mask pdns - - run: sudo apt-get install -y pdns-server pdns-backend-sqlite3 - - run: "echo -ne 'launch=gsqlite3\ngsqlite3-database=/var/lib/powerdns/pdns.sqlite3\n' | sudo tee /etc/powerdns/pdns.conf" - - run: sudo sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql - - run: sudo pdnsutil load-zone secpoll.powerdns.com docs/secpoll.zone - - run: sudo pdnsutil check-zone secpoll.powerdns.com