Merge pull request #22 from stackhpc/2025.3.1-sync

2025.3.1 sync

Author: MoteHue

.git-crypt/keys/default/0/7F26652AE6CF34774EC7B3E3A0C3CCFE2538367E.gpg

@@ -36,7 +36,7 @@ jobs:
           sudo apt install -y python3-venv python3-dev build-essential unzip git-crypt
 
       - name: Checkout the config repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Deploy Azimuth
         shell: bash

.github-deploy-prod.yml.sample

@@ -26,7 +26,7 @@ jobs:
           sudo apt install -y python3-venv python3-dev build-essential unzip git-crypt
 
       - name: Checkout the config repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Deploy Azimuth
         shell: bash

.github-deploy-staging.yml.sample

@@ -3,9 +3,14 @@
 # newer tag is found in the upstream repository then a pull request is created to the downstream repo
 # in order to merge in the changes from the new upstream release.
 
-# To use this workflow in a downstream azimuth-config repository simply copy it into .github/workflows
-# and give it an appropriate name, e.g.
-# cp .github-upgrade-check.yml.sample .github/workflows/upgrade-check.yml
+# To use this workflow in a downstream azimuth-config repository, first copy it into .github/workflows
+# and give it an appropriate name, e.g. `cp .github-upgrade-check.yml.sample .github/workflows/upgrade-check.yml`
+# then create a fine-grained GitHub access token for the target repository with the permissions specified here:
+# https://github.com/peter-evans/create-pull-request?tab=readme-ov-file#token
+# (i.e. contents: write, pull-requests: write AND workflows: write).
+# GitHub actions can be funny about using tokens with no expiry date in workflows so make sure the token
+# has an expiry date. After creating the token, copy the generated secret string and set it as a GitHub
+# actions secret named WORKFLOW_TOKEN in the repository's settings page.
 
 name: Check for upstream updates
 on:
@@ -58,11 +63,12 @@ jobs:
 
       - name: Create Pull Request
         if: ${{ steps.release_tag.outputs.value }}
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v7
         with:
           base: main
           branch: ${{ steps.branch_name.outputs.value }}
           title: "Upgrade Azimuth to ${{ steps.release_tag.outputs.value }}"
           body: This PR was automatically generated by GitHub Actions.
           commit-message: "Upgrade Azimuth to ${{ steps.release_tag.outputs.value }}"
           delete-branch: true
+          token: ${{ secrets.WORKFLOW_TOKEN }}

.github-upgrade-check.yml.sample

@@ -44,7 +44,7 @@ runs:
   using: composite
   steps:
     - name: Checkout azimuth-config repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         repository: ${{ inputs.repository }}
         ref: ${{ inputs.ref }}
@@ -89,10 +89,10 @@ runs:
           this_variable_is_never_used: ever
           ${{ inputs.extra-vars }}
 
-    - name: Ensure Python 3.9
-      uses: actions/setup-python@v4
+    - name: Ensure Python 3.10
+      uses: actions/setup-python@v5
       with:
-        python-version: "3.9"
+        python-version: "3.10"
         check-latest: true
 
     - name: Set up Python virtual environment

.github/actions/setup/action.yml

@@ -30,6 +30,28 @@ runs:
         source ./bin/activate "$AZIMUTH_CONFIG_ENVIRONMENT" "$AZIMUTH_ENVIRONMENT"
         ansible-playbook azimuth_cloud.azimuth_ops.generate_tests -e @extra-vars.yml
 
+    - name: Downgrade installed firefox browser version
+      shell: bash
+      # Based on https://support.mozilla.org/en-US/kb/install-firefox-linux
+      run: |
+        set -e
+        # Import Mozilla repo key
+        sudo install -d -m 0755 /etc/apt/keyrings
+        wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
+        # Check fingerprint
+        if [[ $(gpg -n -q --import --import-options import-show /etc/apt/keyrings/packages.mozilla.org.asc | grep 35BAA0B33E9EB396F59CA838C0BA5CE6DC6315A3) ]]; then
+          echo "Fingerprint matches"
+        else
+          echo "Mozilla repo fingerprint doesn't match expected"
+          exit 1
+        fi
+        # Add repo to sources
+        echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
+        # Install Firefox extended support release
+        sudo apt update
+        sudo apt remove firefox # Uninstall default version (1.136.0)
+        sudo apt install -y firefox-esr # Install older version (1.128)
+
     - name: Run test suite
       shell: bash
       run: |
@@ -39,7 +61,7 @@ runs:
         ./bin/run-tests
 
     - name: Upload test report artifacts
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: ${{ inputs.test-report-artifact-name }}
         path: |
@@ -67,7 +89,7 @@ runs:
       if: ${{ always() }}
 
     - name: Upload debug bundle
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: ${{ inputs.debug-bundle-artifact-name }}
         path: debug-bundle.tar.gz

.github/actions/test/action.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Generate and update release notes
         uses: ./.github/actions/release-notes

.github/workflows/publish-release.yml

@@ -26,7 +26,7 @@ jobs:
     steps:
       # We need to check out the code under test first in order to use local actions
       - name: Checkout code under test
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Azimuth environment
         uses: ./.github/actions/setup
@@ -103,7 +103,7 @@ jobs:
         if: ${{ !cancelled() }}
 
       - name: Upload pre-restore debug bundle
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-pre-restore-debug-bundle
           path: debug-bundle.tar.gz
@@ -157,7 +157,7 @@ jobs:
         if: ${{ always() }}
 
       - name: Upload test report artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-restore-test-reports
           path: reports/*
@@ -172,7 +172,7 @@ jobs:
         if: ${{ always() }}
 
       - name: Upload debug bundle
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: azimuth-restore-debug-bundle
           path: debug-bundle.tar.gz

.github/workflows/test-backup-restore.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       # We need to check out the code under test first in order to use local actions
       - name: Checkout code under test
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Azimuth environment
         uses: ./.github/actions/setup

.github/workflows/test-ha.yml

@@ -63,7 +63,7 @@ jobs:
     steps:
       # We need to check out the code under test first in order to use local actions
       - name: Checkout code under test
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Azimuth environment
         uses: ./.github/actions/setup