From: Otto Moerbeek Date: Tue, 22 Jul 2025 12:08:48 +0000 (+0200) Subject: Remove some more workflows X-Git-Tag: rec-5.3.0-beta1^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F15889%2Fhead;p=thirdparty%2Fpdns.git Remove some more workflows Signed-off-by: Otto Moerbeek --- diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml deleted file mode 100644 index 80e1c62f2..000000000 --- a/.github/workflows/build-docker-images.yml +++ /dev/null @@ -1,189 +0,0 @@ ---- -name: Build push and test docker images - -on: - workflow_call: - inputs: - product: - required: true - description: Product to build - type: string - ref: - description: git ref to checkout - type: string - default: master - required: false - image-name: - description: repository name for the requested image - type: string - required: true - image-tags: - description: tag for the requested image - type: string - required: true - image-description: - description: short description for the image repository - type: string - required: true - platforms: - description: target platform(s) - type: string - default: linux/arm64/v8,linux/amd64 - required: false - build-args: - description: build-time variables - type: string - default: '' - required: false - push: - description: push image to DockerHub - type: boolean - required: true - secrets: - DOCKERHUB_ORGANIZATION_NAME: - required: true - DOCKERHUB_USERNAME: - required: true - DOCKERHUB_TOKEN: - required: true - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - validate-push-image: - name: Check only images built from tags and master are pushed - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - submodules: recursive - ref: ${{ inputs.ref }} - persist-credentials: false - - name: validate reference only if image will be pushed - if: ${{ inputs.push }} - env: - REF: ${{ inputs.ref }} - run: | - [[ "${REF}" == "master" ]] || git describe --tags --exact-match - - build: - name: build docker image for a product - runs-on: ubuntu-24.04 - needs: validate-push-image - outputs: - image-digest: ${{ steps.build-image.outputs.digest }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - submodules: recursive - ref: ${{ inputs.ref }} - persist-credentials: false - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: linux/arm64/v8 - - name: Set up Docker Buildx for multi-platform builds - uses: docker/setup-buildx-action@v3 - with: - platforms: ${{ inputs.platforms }} - - name: Login to Docker Hub - if: ${{ inputs.push }} - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Docker image metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME || 'powerdns' }}/${{ inputs.image-name }} - tags: ${{ inputs.image-tags }} - - name: Build and load powerdns product images - id: build-image - uses: docker/build-push-action@v6 - with: - context: . - file: Dockerfile-${{ inputs.product }} - platforms: ${{ inputs.platforms }} - push: ${{ inputs.push }} - sbom: true - tags: ${{ steps.meta.outputs.tags }} - build-args: ${{ inputs.build-args }} - - name: Update repo description - if: ${{ inputs.push }} - uses: peter-evans/dockerhub-description@v4 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - repository: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${{ inputs.image-name }} - short-description: ${{ inputs.image-description }} - - prepare-test-runner-os-list: - name: generate runner list - if: ${{ inputs.push }} - needs: build - runs-on: ubuntu-24.04 - outputs: - runnerlist: ${{ steps.get-runnerlist.outputs.runnerlist }} - skiptests: ${{ steps.get-runnerlist.outputs.skiptests }} - steps: - - run: sudo apt-get update && sudo apt-get -y install jo - - id: get-runnerlist - run: | - runner_os=() - [[ -n "${{ contains(inputs.platforms, 'amd64') && 'ubuntu-24.04' || '' }}" ]] && runner_os+=('ubuntu-24.04') - [[ -n "${{ vars.ARM64_USE_UBICLOUD == '1' && contains(inputs.platforms, 'arm64') || '' }}" ]] && runner_os+=('ubicloud-standard-2-arm') - echo "runnerlist=$(jo -a ${runner_os[@]})" >> "$GITHUB_OUTPUT" - # Skip tests if no runner is suitable for running them. Set a default runner to avoid CI failure - if [[ -z "${runner_os[@]}" ]]; then - echo "runnerlist=$(jo -a ubuntu-24.04)" >> "$GITHUB_OUTPUT" - echo "skiptests=1" >> "$GITHUB_OUTPUT" - fi - - test-uploaded-images: - name: test uploaded images - if: ${{ inputs.push && ! needs.prepare-test-runner-os-list.outputs.skiptests }} - needs: [build, prepare-test-runner-os-list] - runs-on: ${{ matrix.runner-os }} - strategy: - matrix: - runner-os: ${{ fromJson(needs.prepare-test-runner-os-list.outputs.runnerlist )}} - fail-fast: false - env: - INPUT_IMAGE_NAME: ${{ inputs.image-name }} - INPUT_IMAGE_TAGS: ${{ inputs.image-tags }} - INPUT_PLATFORMS: ${{ inputs.platforms }} - steps: - - name: Check running image - run: | - image_name="${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${INPUT_IMAGE_NAME}" - for tag in `echo "${INPUT_IMAGE_TAGS}" | tr '\n' ' '`; do - echo 'Testing: '${image_name}':'${tag}; - # pdns-auth image returns a 134 exit code - docker run ${image_name}:${tag} --version || [ "$?" == "134" ] - done - - name: Check image digest matches - env: - EXPECTED_DIGEST: ${{ needs.build.outputs.image-digest }} - run: | - image_name="${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${INPUT_IMAGE_NAME}" - for tag in `echo "${INPUT_IMAGE_TAGS}" | tr '\n' ' '`; do - image_digest=$(docker inspect --format='{{index .RepoDigests 0}}' ${image_name}:${tag} | cut -d '@' -f 2) - [[ "${EXPECTED_DIGEST}" == "${image_digest}" ]] || \ - ( echo "Image digest does not match => output_digest: "${EXPECTED_DIGEST}" - image_digest: "${image_digest} && exit 1 ) - done - - name: Check SBOM and Provenance - run: | - image_name="${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${INPUT_IMAGE_NAME}" - for tag in `echo "${INPUT_IMAGE_TAGS}" | tr '\n' ' '`; do - if $(echo "${INPUT_PLATFORMS}" | grep -qq ','); then - docker buildx imagetools inspect ${image_name}:${tag} --format "{{json .Provenance}}" | jq -e '."linux/'$(dpkg --print-architecture)'" | has("SLSA")' - docker buildx imagetools inspect ${image_name}:${tag} --format "{{json .SBOM}}" | jq -e '."linux/'$(dpkg --print-architecture)'" | has("SPDX")' - else - docker buildx imagetools inspect ${image_name}:${tag} --format "{{json .Provenance}}" | jq -e 'has("SLSA")' - docker buildx imagetools inspect ${image_name}:${tag} --format "{{json .SBOM}}" | jq -e 'has("SPDX")' - fi - done diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml deleted file mode 100644 index 46b463725..000000000 --- a/.github/workflows/build-packages.yml +++ /dev/null @@ -1,293 +0,0 @@ ---- -name: Build packages - -on: - workflow_call: - inputs: - product: - required: true - description: Product to build - type: string - os: - required: false - description: OSes to build for, space separated - type: string - # please remember to update the pkghashes below when you - # update this list, as well as the one in builder-dispatch.yml - default: >- - el-8 - el-9 - el-10 - debian-bullseye - debian-bookworm - debian-trixie - ubuntu-focal - ubuntu-jammy - ubuntu-noble - ref: - description: git ref to checkout - type: string - default: master - required: false - is_release: - description: is this a release build? - type: string - required: false - default: 'NO' - secrets: - DOWNLOADS_AUTOBUILT_SECRET: - required: true - DOWNLOADS_AUTOBUILT_RSYNCTARGET: - required: true - DOWNLOADS_AUTOBUILT_HOSTKEY: - required: true - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - prepare: - name: generate OS runner and arch list - runs-on: ubuntu-24.04 - outputs: - oslist: ${{ steps.get-oslist.outputs.oslist }} - runnerlist: ${{ steps.get-runnerlist.outputs.runnerlist }} - archlist: ${{ steps.get-archlist.outputs.archlist }} - steps: - # instead of jo, we could use jq here, which avoids running apt, and thus would be faster. - # but, as this whole workflow needs at least 30 minutes to run, I prefer spending a few seconds here - # so that the command remains readable, because jo is simpler to use. - - run: sudo apt-get update && sudo apt-get -y install jo - - uses: actions/checkout@v4 - with: - fetch-depth: 1 - submodules: recursive - ref: ${{ inputs.ref }} - persist-credentials: false - - id: get-oslist - env: - OS: ${{ inputs.os }} - REF: ${{ inputs.ref }} - run: | - available_targets=$(ls builder-support/dockerfiles/Dockerfile.target.* ) - for i in $(echo "${OS}"); do - if echo $available_targets | grep -qq $i; then - targets+=($i) - else - if [[ "${REF}" == "master" ]]; then - echo "::error title=Dockerfile not found for ${i}::OS ${i} not available as target in ${REF}" && exit 1 - else - echo "::warning title=Packages will not be generated for ${i}::OS ${i} not available as target in ${REF}" - fi - fi - done - echo "oslist=$(jo -a ${targets[*]})" >> "$GITHUB_OUTPUT" - - id: get-runnerlist - run: echo "runnerlist=$(jo -a ubuntu-24.04 ${{ vars.ARM64_USE_UBICLOUD == '1' && 'ubicloud-standard-2-arm' || '' }})" >> "$GITHUB_OUTPUT" - - id: get-archlist - run: echo "archlist=$(jo -a x86_64 ${{ vars.ARM64_USE_UBICLOUD == '1' && 'aarch64' || '' }})" >> "$GITHUB_OUTPUT" - - build: - needs: prepare - name: for ${{ matrix.os }} ${{ inputs.product }} (${{ inputs.ref }}) on ${{ matrix.runner-os }} - runs-on: ${{ matrix.runner-os }} - strategy: - matrix: - os: ${{fromJson(needs.prepare.outputs.oslist)}} - runner-os: ${{ fromJson(needs.prepare.outputs.runnerlist )}} - fail-fast: false - outputs: - product-name: ${{ steps.normalize-name.outputs.normalized-package-name }} - version: ${{ steps.getversion.outputs.version }} - pkghashes-el-8-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-8-x86_64 }} - pkghashes-el-8-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-8-aarch64 }} - pkghashes-el-9-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-9-x86_64 }} - pkghashes-el-9-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-9-aarch64 }} - pkghashes-el-10-x86_64: ${{ steps.pkghashes.outputs.pkghashes-el-10-x86_64 }} - pkghashes-el-10-aarch64: ${{ steps.pkghashes.outputs.pkghashes-el-10-aarch64 }} - pkghashes-debian-bullseye-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-x86_64 }} - pkghashes-debian-bullseye-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-bullseye-aarch64 }} - pkghashes-debian-bookworm-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm-x86_64 }} - pkghashes-debian-bookworm-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-bookworm-aarch64 }} - pkghashes-debian-trixie-x86_64: ${{ steps.pkghashes.outputs.pkghashes-debian-trixie-x86_64 }} - pkghashes-debian-trixie-aarch64: ${{ steps.pkghashes.outputs.pkghashes-debian-trixie-aarch64 }} - pkghashes-ubuntu-focal-x86_64: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-focal-x86_64 }} - pkghashes-ubuntu-focal-aarch64: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-focal-aarch64 }} - pkghashes-ubuntu-jammy-x86_64: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-jammy-x86_64 }} - pkghashes-ubuntu-jammy-aarch64: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-jammy-aarch64 }} - pkghashes-ubuntu-noble-x86_64: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-noble-x86_64 }} - pkghashes-ubuntu-noble-aarch64: ${{ steps.pkghashes.outputs.pkghashes-ubuntu-noble-aarch64 }} - srchashes: ${{ steps.srchashes.outputs.srchashes }} - env: - IS_RELEASE: ${{ inputs.is_release}} - PRODUCT: ${{ inputs.product }} - OS: ${{ matrix.os }} - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # for correct version numbers - submodules: recursive - ref: ${{ inputs.ref }} - persist-credentials: false - # this builds packages and runs our unit tests (make check) - - run: IS_RELEASE=${IS_RELEASE} builder/build.sh -v -m ${PRODUCT} ${OS} - - name: Get version number - run: | - echo "version=$(readlink builder/tmp/latest)" >> $GITHUB_OUTPUT - id: getversion - - name: Get target architecture - run: | - echo "target-arch=$(uname -m)" >> $GITHUB_OUTPUT - id: getarch - - name: Normalize package name - id: normalize-name - run: | - if [ "x${PRODUCT}" = "xauthoritative" ]; then - echo "normalized-package-name=pdns" >> $GITHUB_OUTPUT - elif [ "x${PRODUCT}" = "xrecursor" ]; then - echo "normalized-package-name=pdns-recursor" >> $GITHUB_OUTPUT - else - echo "normalized-package-name=${PRODUCT}" >> $GITHUB_OUTPUT - fi - - name: Include architecture in the packages compressed file name - env: - TARGET_ARCH: ${{ steps.getarch.outputs.target-arch }} - run: for f in $(ls ./built_pkgs/*/*/*-${OS}.tar.bz2 | sed 's/\.tar.bz2$//'); do mv $f.tar.bz2 $f-${TARGET_ARCH}.tar.bz2; done - - name: Upload packages as GH artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ inputs.product }}-${{ matrix.os }}-${{ steps.getversion.outputs.version }}-${{ steps.getarch.outputs.target-arch }} - path: built_pkgs/ - retention-days: 7 - - name: Extract packages from the tarball - # so we get provenance for individual packages (and the JSON package manifests from the builder) - id: extract - env: - TARGET_ARCH: ${{ steps.getarch.outputs.target-arch }} - PACKAGE_NAME: ${{ steps.normalize-name.outputs.normalized-package-name }} - VERSION: ${{ steps.getversion.outputs.version }} - run: | - mkdir -m 700 -p ./packages/ - tar xvf ./built_pkgs/*/*/${PACKAGE_NAME}-${VERSION}-${OS}-${TARGET_ARCH}.tar.bz2 -C ./packages/ --transform='s/.*\///' - - name: Generate package hashes for provenance - shell: bash - id: pkghashes - env: - TARGET_ARCH: ${{ steps.getarch.outputs.target-arch }} - run: | - echo "pkghashes-${OS}-${TARGET_ARCH}=$(shopt -s nullglob; sha256sum ./packages/*.rpm ./packages/*.deb ./packages/*.json | base64 -w0)" >> $GITHUB_OUTPUT - - name: Generate source hash for provenance - shell: bash - id: srchashes - env: - PACKAGE_NAME: ${{ steps.normalize-name.outputs.normalized-package-name }} - VERSION: ${{ steps.getversion.outputs.version }} - run: | - echo "srchashes=$(sha256sum ./built_pkgs/*/*/${PACKAGE_NAME}-${VERSION}.tar.* | base64 -w0)" >> $GITHUB_OUTPUT - - name: Upload packages to downloads.powerdns.com - env: - SSHKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} - if: - "${{ env.SSHKEY != '' }}" - run: | - mkdir -m 700 -p ~/.ssh - echo "$SSHKEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "$HOSTKEY" > ~/.ssh/known_hosts - rsync -4rlptD built_pkgs/* "$RSYNCTARGET" - - check-hashes: - needs: [prepare, build] - name: Check if hashes were created for all requested targets - runs-on: ubuntu-24.04 - env: - OUTPUTS: ${{ toJSON(needs.build.outputs) }} - OSLIST: ${{ needs.prepare.outputs.oslist }} - steps: - - name: Get list of outputs from build jobs - run: echo "${OUTPUTS}" | jq 'keys[]' | grep -vE 'version|product-name' | tee /tmp/build-outputs.txt - - name: Get list of OS inputs - run: | - for os in $(echo "${OSLIST}" | jq -r '.[]'); do - for architecture in x86_64 ${{ vars.ARM64_USE_UBICLOUD == '1' && 'aarch64' || '' }}; do - echo "\"pkghashes-$os-$architecture\"" | tee -a /tmp/os-inputs.txt - done - done - sort -o /tmp/os-inputs.txt /tmp/os-inputs.txt - echo "\"srchashes\"" | tee -a /tmp/os-inputs.txt - - name: Fail if there is a hash missing - run: if ! diff -q /tmp/build-outputs.txt /tmp/os-inputs.txt; then exit 1; fi - - provenance-pkgs: - needs: [prepare, build] - name: Generate provenance for ${{ inputs.product }} (${{ inputs.ref }}) for ${{ matrix.os }} - strategy: - matrix: - os: ${{fromJson(needs.prepare.outputs.oslist)}} - architecture: ${{ fromJson(needs.prepare.outputs.archlist )}} - permissions: - actions: read # To read the workflow path. - id-token: write # To sign the provenance. - contents: write # To be able to upload assets as release artifacts - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 - with: - base64-subjects: "${{ needs.build.outputs[format('pkghashes-{0}-{1}', matrix.os, matrix.architecture)] }}" - upload-assets: false - provenance-name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-${{ matrix.os }}-${{ matrix.architecture }}.intoto.jsonl" - private-repository: true - - provenance-src: - needs: build - name: Generate provenance for ${{ inputs.product }} (${{ inputs.ref }}) source tarball - permissions: - actions: read # To read the workflow path. - id-token: write # To sign the provenance. - contents: write # To be able to upload assets as release artifacts - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 - with: - base64-subjects: "${{ needs.build.outputs.srchashes }}" - upload-assets: false - provenance-name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-src.intoto.jsonl" - private-repository: true - - upload-provenance: - needs: [prepare, build, provenance-src, provenance-pkgs] - name: Upload the provenance artifacts to downloads.powerdns.com - runs-on: ubuntu-24.04 - strategy: - matrix: - os: ${{fromJson(needs.prepare.outputs.oslist)}} - architecture: ${{ fromJson(needs.prepare.outputs.archlist )}} - steps: - - name: Download source tarball provenance for ${{ inputs.product }} (${{ inputs.ref }}) - id: download-src-provenance - uses: actions/download-artifact@v4 # be careful, this needs to match what https://github.com/slsa-framework/slsa-github-generator is using - with: - name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-src.intoto.jsonl" - - name: Download provenance for ${{ inputs.product }} (${{ inputs.ref }}) for ${{ matrix.os }} - id: download-provenance - uses: actions/download-artifact@v4 # be careful, this needs to match what https://github.com/slsa-framework/slsa-github-generator is using - with: - name: "${{ inputs.product }}-${{ needs.build.outputs.version }}-${{ matrix.os }}-${{ matrix.architecture }}.intoto.jsonl" - - name: Upload provenance artifacts to downloads.powerdns.com - id: upload-provenance - env: - SSHKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} - PRODUCT: ${{ needs.build.outputs.product-name }} - VERSION: ${{ needs.build.outputs.version }} - DOWNLOAD_PATH: ${{ steps.download-provenance.outputs.download-path }} - if: - "${{ env.SSHKEY != '' }}" - shell: bash - run: | - mkdir -m 700 -p ~/.ssh - echo "$SSHKEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo "$HOSTKEY" > ~/.ssh/known_hosts - mkdir -m 755 -p "slsa/${PRODUCT}/${VERSION}/" - mv "${DOWNLOAD_PATH}"/*.jsonl "slsa/${PRODUCT}/${VERSION}" - rsync -4rlptD slsa/* "$RSYNCTARGET" diff --git a/.github/workflows/builder-dispatch.yml b/.github/workflows/builder-dispatch.yml deleted file mode 100644 index 576939a85..000000000 --- a/.github/workflows/builder-dispatch.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -name: Trigger specific package build - -on: - workflow_dispatch: - inputs: - product: - description: Product to build - type: choice - options: - - authoritative - - recursor - - dnsdist - os: - description: OSes to build for, space separated - type: string - # please remember to update build-packages.yml as well - default: >- - el-8 - el-9 - el-10 - debian-bullseye - debian-bookworm - debian-trixie - ubuntu-jammy - ubuntu-noble - ref: - description: git ref to checkout - type: string - default: master - is_release: - description: is this a release build? - type: choice - options: - - 'NO' - - 'YES' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - actions: read - contents: write # To be able to upload assets as release artifacts - id-token: write # To sign the provenance in the build packages reusable workflow. - -jobs: - call-build-packages: - uses: PowerDNS/pdns/.github/workflows/build-packages.yml@master - with: - product: ${{ github.event.inputs.product }} - os: ${{ github.event.inputs.os }} - ref: ${{ github.event.inputs.ref }} - is_release: ${{ github.event.inputs.is_release }} - secrets: - DOWNLOADS_AUTOBUILT_SECRET: ${{ secrets.DOWNLOADS_AUTOBUILT_SECRET }} - DOWNLOADS_AUTOBUILT_RSYNCTARGET: ${{ secrets.DOWNLOADS_AUTOBUILT_RSYNCTARGET }} - DOWNLOADS_AUTOBUILT_HOSTKEY: ${{ secrets.DOWNLOADS_AUTOBUILT_HOSTKEY }} diff --git a/.github/workflows/builder-releases-dispatch.yml b/.github/workflows/builder-releases-dispatch.yml deleted file mode 100644 index 54b057e0e..000000000 --- a/.github/workflows/builder-releases-dispatch.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -name: Trigger workflow builder for different releases - -on: - workflow_dispatch: - schedule: - - cron: '0 2 * * *' - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - actions: read - contents: read - -jobs: - call-builder-auth-49: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/auth-4.9.x - with: - branch-name: rel/auth-4.9.x - - call-builder-auth-48: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/auth-4.8.x - with: - branch-name: rel/auth-4.8.x - - call-builder-auth-47: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/auth-4.7.x - with: - branch-name: rel/auth-4.7.x - - call-builder-rec-52: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/rec-5.2.x - with: - branch-name: rel/rec-5.2.x - - call-builder-rec-51: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/rec-5.1.x - with: - branch-name: rel/rec-5.1.x - - call-builder-rec-50: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/rec-5.0.x - with: - branch-name: rel/rec-5.0.x - - call-builder-dnsdist-19: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/dnsdist-1.9.x - with: - branch-name: rel/dnsdist-1.9.x - - call-builder-dnsdist-18: - if: ${{ vars.SCHEDULED_JOBS_BUILDER }} - uses: PowerDNS/pdns/.github/workflows/builder.yml@rel/dnsdist-1.8.x - with: - branch-name: rel/dnsdist-1.8.x diff --git a/.github/workflows/coverity-dispatch.yml b/.github/workflows/coverity-dispatch.yml deleted file mode 100644 index 2b4f1166f..000000000 --- a/.github/workflows/coverity-dispatch.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -name: Trigger specific coverity scan - -on: - workflow_dispatch: - inputs: - product: - description: Product to build - type: choice - options: - - authoritative - - recursor - - dnsdist - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -jobs: - coverity-auth: - name: coverity scan of the auth - if: ${{ github.event.inputs.product == 'authoritative' }} - uses: PowerDNS/pdns/.github/workflows/coverity.yml@master - with: - product: ${{ github.event.inputs.product }} - secrets: - COVERITY_TOKEN: ${{ secrets.coverity_auth_token }} - COVERITY_EMAIL: ${{ secrets.coverity_email }} - - coverity-dnsdist: - name: coverity scan of dnsdist - if: ${{ github.event.inputs.product == 'dnsdist' }} - uses: PowerDNS/pdns/.github/workflows/coverity.yml@master - with: - product: ${{ github.event.inputs.product }} - secrets: - COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }} - COVERITY_EMAIL: ${{ secrets.coverity_email }} - - coverity-rec: - name: coverity scan of the rec - if: ${{ github.event.inputs.product == 'recursor' }} - uses: PowerDNS/pdns/.github/workflows/coverity.yml@master - with: - product: ${{ github.event.inputs.product }} - secrets: - COVERITY_TOKEN: ${{ secrets.coverity_rec_token }} - COVERITY_EMAIL: ${{ secrets.coverity_email }} diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml deleted file mode 100644 index 2cc99954c..000000000 --- a/.github/workflows/coverity.yml +++ /dev/null @@ -1,130 +0,0 @@ ---- -name: Coverity scan - -on: - workflow_call: - inputs: - product: - required: true - description: Product to build - type: string - secrets: - COVERITY_TOKEN: - required: true - COVERITY_EMAIL: - required: true - -permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions - contents: read - -env: - CLANG_VERSION: '12' - -jobs: - coverity-auth: - name: coverity scan of the auth - if: ${{ inputs.product == 'authoritative' }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }} - FUZZING_TARGETS: no - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - persist-credentials: false - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-auth-build-deps - - run: inv install-coverity-tools PowerDNS - - run: inv coverity-clang-configure - - run: inv ci-autoconf - - run: inv ci-auth-configure - - run: inv coverity-make - - run: inv coverity-tarball auth.tar.bz2 - - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} PowerDNS auth.tar.bz2 - - coverity-dnsdist: - name: coverity scan of dnsdist - if: ${{ inputs.product == 'dnsdist' }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }} - SANITIZERS: - UNIT_TESTS: no - REPO_HOME: ${{ github.workspace }} - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - persist-credentials: false - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - # installing the python3-package does not work because of actions/setup-python which installs a different version in /opt/hostedtoolcache/Python - - name: Install python yaml - run: | - pip install pyyaml - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-lld-linker-if-needed - - run: inv install-dnsdist-build-deps --skipXDP - - run: inv install-coverity-tools dnsdist - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-install-rust $REPO_HOME - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-build-and-install-quiche $REPO_HOME - working-directory: ./pdns/dnsdistdist/ - - run: inv ci-dnsdist-configure full autotools build-dir - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-make - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-tarball dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} dnsdist dnsdist.tar.bz2 - working-directory: ./pdns/dnsdistdist/ - - coverity-rec: - name: coverity scan of the rec - if: ${{ inputs.product == 'recursor' }} - runs-on: ubuntu-22.04 - env: - COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }} - SANITIZERS: - UNIT_TESTS: no - steps: - - uses: PowerDNS/pdns/set-ubuntu-mirror@meta - - uses: actions/checkout@v4 - with: - fetch-depth: 5 - submodules: recursive - persist-credentials: false - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade - - run: inv install-clang - - run: inv install-rec-build-deps - - run: inv install-coverity-tools 'PowerDNS+Recursor' - - run: inv coverity-clang-configure - - run: inv ci-autoconf - working-directory: ./pdns/recursordist/ - - run: inv ci-rec-configure full - working-directory: ./pdns/recursordist/ - - run: inv coverity-make - working-directory: ./pdns/recursordist/ - - run: inv coverity-tarball recursor.tar.bz2 - working-directory: ./pdns/recursordist/ - - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} 'PowerDNS+Recursor' recursor.tar.bz2 - working-directory: ./pdns/recursordist/