diff --git a/.github/backup/add-pr-labels.yml b/.github/backup/add-pr-labels.yml new file mode 100644 index 0000000000..a0c076064d --- /dev/null +++ b/.github/backup/add-pr-labels.yml @@ -0,0 +1,16 @@ +--- +name: Add pull request labels + +on: + pull_request_target: + branches: + - current + +permissions: + pull-requests: write + contents: read + +jobs: + add-pr-label: + uses: vyos/.github/.github/workflows/add-pr-labels.yml@current + secrets: inherit diff --git a/.github/backup/add-rebase-label.yml b/.github/backup/add-rebase-label.yml new file mode 100644 index 0000000000..9041303af9 --- /dev/null +++ b/.github/backup/add-rebase-label.yml @@ -0,0 +1,14 @@ +name: Add rebase label + +on: + pull_request_target: + types: [synchronize, opened, reopened, labeled, unlabeled] + +permissions: + pull-requests: write + contents: read + +jobs: + add-rebase-label: + uses: vyos/.github/.github/workflows/add-rebase-label.yml@current + secrets: inherit diff --git a/.github/backup/assign-reviewers_wf.txt b/.github/backup/assign-reviewers_wf.txt new file mode 100644 index 0000000000..3b2c77371d --- /dev/null +++ b/.github/backup/assign-reviewers_wf.txt @@ -0,0 +1,19 @@ +name: "Assign Reviewers" +on: + pull_request: + types: [opened, reopened, ready_for_review, locked] + branches: + - current + +permissions: + pull-requests: write + +jobs: + assign-reviewers: + runs-on: ubuntu-latest + steps: + - name: "Assign Reviwers Team" + uses: rowi1de/auto-assign-review-teams@v1.1.3 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + teams: "${{ github.repository_owner }}/reviewers" diff --git a/.github/backup/auto-author-assign.yml b/.github/backup/auto-author-assign.yml new file mode 100644 index 0000000000..61612cce3f --- /dev/null +++ b/.github/backup/auto-author-assign.yml @@ -0,0 +1,14 @@ +name: "PR Triage" +on: + pull_request_target: + types: [opened, reopened, ready_for_review, locked] + + +permissions: + pull-requests: write + contents: read + +jobs: + assign-author: + uses: vyos/.github/.github/workflows/assign-author.yml@current + secrets: inherit diff --git a/.github/backup/check-pr-conflicts.yml b/.github/backup/check-pr-conflicts.yml new file mode 100644 index 0000000000..f09e664153 --- /dev/null +++ b/.github/backup/check-pr-conflicts.yml @@ -0,0 +1,14 @@ + +name: "PR Conflicts checker" +on: + pull_request_target: + types: [synchronize] + +permissions: + pull-requests: write + contents: read + +jobs: + check-pr-conflict-call: + uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@current + secrets: inherit diff --git a/.github/backup/check-pr-message.yml b/.github/backup/check-pr-message.yml new file mode 100644 index 0000000000..bad8242d8a --- /dev/null +++ b/.github/backup/check-pr-message.yml @@ -0,0 +1,17 @@ +--- +name: Check pull request message format + +on: + pull_request_target: + branches: + - current + types: [opened, synchronize, edited] + +permissions: + pull-requests: write + contents: read + +jobs: + check-pr-title: + uses: vyos/.github/.github/workflows/check-pr-message.yml@T6846-pr-title-workflow-creds + secrets: inherit diff --git a/.github/backup/check-stale.yml b/.github/backup/check-stale.yml new file mode 100644 index 0000000000..2adbee2f67 --- /dev/null +++ b/.github/backup/check-stale.yml @@ -0,0 +1,13 @@ +name: "Issue and PR stale management" +on: + schedule: + - cron: "0 0 * * *" + +permissions: + pull-requests: write + contents: read + +jobs: + stale: + uses: vyos/.github/.github/workflows/check-stale.yml@current + secrets: inherit diff --git a/.github/backup/check-unused-imports.yml b/.github/backup/check-unused-imports.yml new file mode 100644 index 0000000000..e9cb550745 --- /dev/null +++ b/.github/backup/check-unused-imports.yml @@ -0,0 +1,14 @@ +name: Check for unused imports using Pylint +on: + pull_request_target: + branches: + - current + +permissions: + pull-requests: write + contents: read + +jobs: + check-unused-imports: + uses: vyos/.github/.github/workflows/check-unused-imports.yml@T6862-make-unused-import-check-parameterized + secrets: inherit diff --git a/.github/backup/cleanup-mirror-pr-branch.yml b/.github/backup/cleanup-mirror-pr-branch.yml new file mode 100644 index 0000000000..d970c48d92 --- /dev/null +++ b/.github/backup/cleanup-mirror-pr-branch.yml @@ -0,0 +1,35 @@ +name: Cleanup pr mirror branch + +on: + pull_request: + types: [closed] + branches: + - current + workflow_dispatch: + inputs: + branch: + description: 'Branch to delete' + required: true + +permissions: + contents: write + +jobs: + delete_branch: + if: ${{ (github.event_name == 'workflow_dispatch' || startsWith(github.event.pull_request.head.ref, 'mirror/current/')) && github.repository_owner != 'vyos' }} + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Delete branch + run: | + branch=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.event.pull_request.head.ref }} + if [[ $branch != mirror/current/* ]]; then + echo "Branch name to clean must start with 'mirror/current/'" + exit 1 + fi + repo=${{ github.repository }} + git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} + git push origin --delete $branch diff --git a/.github/backup/codeowners.txt b/.github/backup/codeowners.txt new file mode 100644 index 0000000000..cf2ba0ac1e --- /dev/null +++ b/.github/backup/codeowners.txt @@ -0,0 +1 @@ +* @vyos/reviewers diff --git a/.github/backup/codeql.yml b/.github/backup/codeql.yml new file mode 100644 index 0000000000..143029c14b --- /dev/null +++ b/.github/backup/codeql.yml @@ -0,0 +1,30 @@ +name: "Perform CodeQL Analysis" + +on: + push: + branches: [ "current" ] + paths: + - '**' + - '!.github/**' + - '!**/*.md' + pull_request: + # The branches below must be a subset of the branches above + branches: [ "current" ] + paths: + - '**' + - '!.github/**' + - '!**/*.md' + schedule: + - cron: '22 10 * * 0' + +permissions: + actions: read + contents: read + security-events: write + +jobs: + codeql-analysis-call: + uses: vyos/.github/.github/workflows/codeql-analysis.yml@current + secrets: inherit + with: + languages: "['python']" diff --git a/.github/backup/label-backport.yml b/.github/backup/label-backport.yml new file mode 100644 index 0000000000..efbd4388f7 --- /dev/null +++ b/.github/backup/label-backport.yml @@ -0,0 +1,12 @@ +name: Mergifyio backport + +on: [issue_comment] + +permissions: + pull-requests: write + contents: read + +jobs: + mergifyio-backport: + uses: vyos/.github/.github/workflows/label-backport.yml@current + secrets: inherit diff --git a/.github/workflows/lint-with-ruff.yml b/.github/backup/lint-with-ruff.yml similarity index 100% rename from .github/workflows/lint-with-ruff.yml rename to .github/backup/lint-with-ruff.yml diff --git a/.github/backup/mirror-pr-and-sync-current-old.txt b/.github/backup/mirror-pr-and-sync-current-old.txt new file mode 100644 index 0000000000..2845cb010a --- /dev/null +++ b/.github/backup/mirror-pr-and-sync-current-old.txt @@ -0,0 +1,25 @@ +name: Create Mirror PR and Repo Sync (Current) Backup +on: + pull_request_target: + types: + - closed + branches: + - current + +permissions: + pull-requests: write + contents: write +concurrency: + group: mirror-pr-and-sync-current + cancel-in-progress: false +jobs: + mirror-pr-current: + name: Mirror PR (Current) + uses: ./.github/workflows/mirror-pr-current.yml + secrets: inherit + + repo-sync-current: + name: Repo Sync (Current) + uses: ./.github/workflows/repo-sync-current.yml + needs: [mirror-pr-current] + secrets: inherit diff --git a/.github/backup/mirror-pr-and-sync-current.txt b/.github/backup/mirror-pr-and-sync-current.txt new file mode 100644 index 0000000000..4d78fe9fc6 --- /dev/null +++ b/.github/backup/mirror-pr-and-sync-current.txt @@ -0,0 +1,113 @@ +name: Create Mirror PR and Repo Sync (Current) +on: + pull_request_target: + types: + - closed + branches: + - current + workflow_call: + workflow_dispatch: + inputs: + pr_title: + description: 'Title of the PR' + required: false + pr_number: + description: 'Number of the PR' + required: false + +env: + GH_TOKEN: ${{ secrets.PAT }} + +concurrency: + group: mirror-pr-repo-sync + cancel-in-progress: false +jobs: + mirror-pr-repo-sync: + runs-on: ubuntu-latest + permissions: + pull-requests: write + contents: write + + steps: + - name: Bullfrog Secure Runner + uses: bullfrogsec/bullfrog@v0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@v4 + + - name: Set vars + run: | + source_repo="${{ github.repository }}" + echo "source_repo=${source_repo}" >> $GITHUB_ENV + target_repo=$(echo $source_repo | sed 's/^[^\/]*\//vyos-networks\//') + echo "target_repo=${target_repo}" >> $GITHUB_ENV + pr_source_branch=$(git branch --show-current) + echo "pr_source_branch=${pr_source_branch}" >> $GITHUB_ENV + echo "pr_target_branch=${pr_source_branch}" >> $GITHUB_ENV + pr_number=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.pr_number || github.event.pull_request.number }} + echo "pr_number=${pr_number}" >> $GITHUB_ENV + pr_title="${{ github.event_name == 'workflow_dispatch' && github.event.inputs.pr_title || github.event.pull_request.title }}" + echo "pr_title=${pr_title}" >> $GITHUB_ENV + echo "pr_merge_branch=mirror/current/$pr_number" >> $GITHUB_ENV + + - name: Get PR commit + run: | + mkdir -p /tmp/public + cd /tmp/public + git config --global user.email "action@github.com" + git config --global user.name "GitHub Action" + git init + git remote add origin https://github.com/${source_repo}.git + git fetch + git checkout -b $pr_source_branch + pr_info=$(gh pr view $pr_number --json commits,mergeCommit) + last_commit=$(echo $pr_info | jq -r '.commits[-1].oid') + merge_commit=$(echo $pr_info | jq -r '.mergeCommit.oid') + merge_commit_message=$(git log -1 --pretty=%B $merge_commit) + echo "merge_commit=${merge_commit}" >> $GITHUB_ENV + if [[ "$merge_commit_message" == "Merge pull request #${pr_number} from"* ]]; then + echo "last_commit=${last_commit}" >> $GITHUB_ENV + else + echo "last_commit=${merge_commit}" >> $GITHUB_ENV + fi + + - name: Get PR body + run: | + cd /tmp/public + pr_body=$(gh pr view $pr_number --json body -q .body) + echo "pr_body<> $GITHUB_ENV + echo "$pr_body" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + + - name: Create temp remote branch + run: | + cd /tmp/public + git checkout -b $pr_merge_branch $last_commit + + - name: Push merge branch to target repo + run: | + cd /tmp/public + git remote add target https://x-access-token:${{ secrets.PAT }}@github.com/${target_repo}.git + git push target $pr_merge_branch + + - name: Create remote PR + run: | + run_url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + title="${pr_title} (mirror ${pr_number})" + echo "**Note**: This pull request is mirrored from PR [$pr_number](https://github.com/${source_repo}/pull/${pr_number}) using [workflow run](${run_url})." > pr_body.txt + echo "" >> pr_body.txt + echo "${pr_body}" >> pr_body.txt + gh pr create --repo ${target_repo} --head $pr_merge_branch --base $pr_target_branch --title "${title}" --body "$(cat pr_body.txt)" + + - name: Trigger repo sync + shell: bash + run: | + echo "Triggering sync workflow for ${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REPO }}" + echo "Triggering sync workflow with PAT ${{ secrets.PAT }}" + curl -X POST \ + -H "Accept: application/vnd.github.everest-preview+json" \ + -H "Authorization: Bearer ${{ secrets.PAT }}" \ + https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REPO }}/actions/workflows/repo-sync-current.yml/dispatches \ + -d '{"ref":"git-actions", "inputs": {"source_repo": "${{ env.source_repo }}", "source_commit_sha": "${{ env.merge_commit }}", "destination_branch": "${{ env.pr_target_branch }}"}}' diff --git a/.github/backup/package-smoketest.yml b/.github/backup/package-smoketest.yml new file mode 100644 index 0000000000..91c968c822 --- /dev/null +++ b/.github/backup/package-smoketest.yml @@ -0,0 +1,252 @@ +name: VyOS ISO integration Test + +on: + pull_request_target: + branches: + - current + paths: + - '**' + - '!.github/**' + - '!**/*.md' + +permissions: + pull-requests: write + contents: read + +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments + BUILD_BY: autobuild@vyos.net + DEBIAN_MIRROR: http://deb.debian.org/debian/ + VYOS_MIRROR: https://packages.vyos.net/repositories/current/ + +jobs: + build_iso: + runs-on: ubuntu-24.04 + timeout-minutes: 45 + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + build_version: ${{ steps.version.outputs.build_version }} + steps: + - name: Clone vyos-build source code + uses: actions/checkout@v4 + with: + repository: vyos/vyos-build + - name: Clone vyos-1x source code + uses: actions/checkout@v4 + with: + path: packages/vyos-1x + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + - name: Build vyos-1x package + run: | + cd packages/vyos-1x; dpkg-buildpackage -uc -us -tc -b + - name: Generate ISO version string + id: version + run: | + echo "build_version=1.5-integration-$(date -u +%Y%m%d%H%M)" >> $GITHUB_OUTPUT + - name: Build custom ISO image + shell: bash + run: | + sudo --preserve-env ./build-vyos-image \ + --architecture amd64 \ + --build-by $BUILD_BY \ + --build-type release \ + --custom-package vyos-1x-smoketest \ + --debian-mirror $DEBIAN_MIRROR \ + --version ${{ steps.version.outputs.build_version }} \ + --vyos-mirror $VYOS_MIRROR \ + generic + - uses: actions/upload-artifact@v4 + with: + name: vyos-${{ steps.version.outputs.build_version }} + path: build/live-image-amd64.hybrid.iso + + test_smoketest_cli: + needs: build_iso + runs-on: ubuntu-24.04 + timeout-minutes: 180 + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} + steps: + # We need the test script from vyos-build repo + - name: Clone vyos-build source code + uses: actions/checkout@v4 + with: + repository: vyos/vyos-build + - uses: actions/download-artifact@v4 + with: + name: vyos-${{ needs.build_iso.outputs.build_version }} + path: build + - name: VyOS CLI smoketests (no interfaces) + id: test + shell: bash + run: | + set -e + sudo make test-no-interfaces + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi + + test_interfaces_cli: + needs: build_iso + runs-on: ubuntu-24.04 + timeout-minutes: 180 + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} + steps: + # We need the test script from vyos-build repo + - name: Clone vyos-build source code + uses: actions/checkout@v4 + with: + repository: vyos/vyos-build + - uses: actions/download-artifact@v4 + with: + name: vyos-${{ needs.build_iso.outputs.build_version }} + path: build + - name: VyOS CLI smoketests (interfaces only) + id: test + shell: bash + run: | + set -e + sudo make test-interfaces + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi + + test_config_load: + needs: build_iso + runs-on: ubuntu-24.04 + timeout-minutes: 90 + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} + steps: + # We need the test script from vyos-build repo + - name: Clone vyos-build source code + uses: actions/checkout@v4 + with: + repository: vyos/vyos-build + - uses: actions/download-artifact@v4 + with: + name: vyos-${{ needs.build_iso.outputs.build_version }} + path: build + - name: VyOS config load tests + id: test + shell: bash + run: | + set -e + sudo make testc + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi + + test_raid1_install: + needs: build_iso + runs-on: ubuntu-24.04 + timeout-minutes: 20 + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} + steps: + # We need the test script from vyos-build repo + - name: Clone vyos-build source code + uses: actions/checkout@v4 + with: + repository: vyos/vyos-build + - uses: actions/download-artifact@v4 + with: + name: vyos-${{ needs.build_iso.outputs.build_version }} + path: build + - name: VyOS RAID1 installation tests + id: test + shell: bash + run: | + set -e + sudo make testraid + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi + + test_encrypted_config_tpm: + needs: build_iso + runs-on: ubuntu-24.04 + timeout-minutes: 30 + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + outputs: + exit_code: ${{ steps.test.outputs.exit_code }} + steps: + # We need the test script from vyos-build repo + - name: Clone vyos-build source code + uses: actions/checkout@v4 + with: + repository: vyos/vyos-build + - uses: actions/download-artifact@v4 + with: + name: vyos-${{ needs.build_iso.outputs.build_version }} + path: build + - name: VyOS TPM encryption tests + id: test + shell: bash + run: | + set -e + sudo make testtpm + if [[ $? == 0 ]]; then + echo "exit_code=success" >> $GITHUB_OUTPUT + else + echo "exit_code=fail" >> $GITHUB_OUTPUT + fi + + result: + needs: + - test_smoketest_cli + - test_interfaces_cli + - test_config_load + - test_raid1_install + - test_encrypted_config_tpm + runs-on: ubuntu-24.04 + timeout-minutes: 5 + if: always() + steps: + - name: Add PR comment + if: always() + uses: mshick/add-pr-comment@v2 + with: + message: | + CI integration ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && needs.test_interfaces_cli.outputs.exit_code == 'success' && needs.test_config_load.outputs.exit_code == 'success' && needs.test_raid1_install.outputs.exit_code == 'success' && '๐Ÿ‘ passed!' || 'โŒ failed!' }} + + ### Details + + [CI logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) + + * CLI Smoketests (no interfaces) ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && '๐Ÿ‘ passed' || 'โŒ failed' }} + * CLI Smoketests (interfaces only) ${{ needs.test_interfaces_cli.outputs.exit_code == 'success' && '๐Ÿ‘ passed' || 'โŒ failed' }} + * Config tests ${{ needs.test_config_load.outputs.exit_code == 'success' && '๐Ÿ‘ passed' || 'โŒ failed' }} + * RAID1 tests ${{ needs.test_raid1_install.outputs.exit_code == 'success' && '๐Ÿ‘ passed' || 'โŒ failed' }} + * TPM tests ${{ needs.test_encrypted_config_tpm.outputs.exit_code == 'success' && '๐Ÿ‘ passed' || 'โŒ failed' }} + + message-id: "SMOKETEST_RESULTS" + allow-repeats: false + refresh-message-position: true diff --git a/.github/backup/repo-sync-current.txt b/.github/backup/repo-sync-current.txt new file mode 100644 index 0000000000..932ed848b3 --- /dev/null +++ b/.github/backup/repo-sync-current.txt @@ -0,0 +1,28 @@ +name: Repo-sync (Current) + +on: + workflow_call: + workflow_dispatch: + +concurrency: + group: mirror-pr-and-sync-current + cancel-in-progress: false +jobs: + trigger-repo-sync: + runs-on: ubuntu-latest + steps: + - name: Bullfrog Secure Runner + uses: bullfrogsec/bullfrog@v0 + with: + egress-policy: audit + + - name: Trigger sync workflow + shell: bash + run: | + echo "Triggering sync workflow for ${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REPO }}" + echo "Triggering sync workflow with PAT ${{ secrets.PAT }}" + curl -X POST \ + -H "Accept: application/vnd.github.everest-preview+json" \ + -H "Authorization: Bearer ${{ secrets.PAT }}" \ + https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REPO }}/actions/workflows/repo-sync-current.yml/dispatches \ + -d '{"ref":"git-actions"}' diff --git a/.github/backup/sonarcloud.yml b/.github/backup/sonarcloud.yml new file mode 100644 index 0000000000..a8eaca7778 --- /dev/null +++ b/.github/backup/sonarcloud.yml @@ -0,0 +1,28 @@ +name: Sonar Checks +on: + push: + branches: + - current + paths: + - '**' + - '!.github/**' + - '!**/*.md' + pull_request_target: + types: [opened, synchronize, reopened] + paths: + - '**' + - '!.github/**' + - '!**/*.md' +jobs: + sonar-cloud: + name: SonarCloud + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/backup/trigger-mirror-pr-sync.yml b/.github/backup/trigger-mirror-pr-sync.yml new file mode 100644 index 0000000000..b260aa0757 --- /dev/null +++ b/.github/backup/trigger-mirror-pr-sync.yml @@ -0,0 +1,38 @@ +name: Trigger Mirror PR and Repo Sync (Current) +on: + pull_request_target: + types: + - closed + branches: + - current + +env: + GH_TOKEN: ${{ secrets.PAT }} + +concurrency: + group: trigger-mirror-pr-sync + cancel-in-progress: false +jobs: + trigger-mirror-pr-sync: + if: ${{ github.repository_owner == 'vyos' }} + runs-on: ubuntu-latest + permissions: + pull-requests: write + contents: write + + steps: + - name: Bullfrog Secure Runner + uses: bullfrogsec/bullfrog@v0 + with: + egress-policy: audit + + - name: Trigger repo sync + shell: bash + run: | + echo "Triggering sync workflow for ${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REPO }}" + echo "Triggering sync workflow with PAT ${{ secrets.PAT }}" + curl -X POST \ + -H "Accept: application/vnd.github.everest-preview+json" \ + -H "Authorization: Bearer ${{ secrets.PAT }}" \ + https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REPO }}/actions/workflows/mirror-pr-and-sync.yml/dispatches \ + -d '{"ref":"git-actions", "inputs": {"pr_number": "${{ github.event.pull_request.number }}", "sync_branch": "current"}}' diff --git a/.github/workflows/trigger-pr.yml b/.github/backup/trigger-pr.txt similarity index 62% rename from .github/workflows/trigger-pr.yml rename to .github/backup/trigger-pr.txt index f88458a812..6d7fb7bca9 100644 --- a/.github/workflows/trigger-pr.yml +++ b/.github/backup/trigger-pr.txt @@ -5,14 +5,14 @@ on: types: - closed branches: - - circinus + - current jobs: trigger-PR: - uses: vyos/.github/.github/workflows/trigger-pr.yml@current + uses: vyos/.github/.github/workflows/trigger-pr.yml@T6798-pr-mirror-check with: - source_branch: 'circinus' - target_branch: 'circinus' + source_branch: 'current' + target_branch: 'current' secrets: REMOTE_REPO: ${{ secrets.REMOTE_REPO }} REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} diff --git a/.github/backup/trigger-rebuild-repo-package.yml b/.github/backup/trigger-rebuild-repo-package.yml new file mode 100644 index 0000000000..37ec832743 --- /dev/null +++ b/.github/backup/trigger-rebuild-repo-package.yml @@ -0,0 +1,32 @@ +name: Trigger to build a deb package from repo + +on: + pull_request_target: + types: + - closed + branches: + - current + workflow_dispatch: + +jobs: + get_repo_name: + runs-on: ubuntu-latest + outputs: + PACKAGE_NAME: ${{ steps.package_name.outputs.PACKAGE_NAME }} + steps: + - name: Set variables + id: package_name + run: | + echo "PACKAGE_NAME=$(basename ${{ github.repository }})" >> $GITHUB_OUTPUT + + trigger-build: + needs: get_repo_name + uses: vyos/.github/.github/workflows/trigger-rebuild-repo-package.yml@current + with: + branch: ${{ github.ref_name }} + package_name: ${{ needs.get_repo_name.outputs.PACKAGE_NAME }} + secrets: + REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} + REMOTE_REUSE_REPO: ${{ secrets.REMOTE_REUSE_REPO }} + GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} + PAT: ${{ secrets.PAT }} diff --git a/.github/workflows/add-pr-labels.yml b/.github/workflows/add-pr-labels.yml index a0c076064d..e323653879 100644 --- a/.github/workflows/add-pr-labels.yml +++ b/.github/workflows/add-pr-labels.yml @@ -5,12 +5,23 @@ on: pull_request_target: branches: - current + - circinus + - sagitta permissions: pull-requests: write contents: read jobs: - add-pr-label: + add-pr-label-current: + if: ${{ github.event.pull_request.base.ref == 'current' }} uses: vyos/.github/.github/workflows/add-pr-labels.yml@current secrets: inherit + add-pr-label-circinus: + if: ${{ github.event.pull_request.base.ref == 'circinus' }} + uses: vyos/.github/.github/workflows/add-pr-labels.yml@circinus + secrets: inherit + add-pr-label-sagitta: + if: ${{ github.event.pull_request.base.ref == 'sagitta' }} + uses: vyos/.github/.github/workflows/add-pr-labels.yml@sagitta + secrets: inherit diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml index 61612cce3f..0e4c7a614b 100644 --- a/.github/workflows/auto-author-assign.yml +++ b/.github/workflows/auto-author-assign.yml @@ -10,5 +10,5 @@ permissions: jobs: assign-author: - uses: vyos/.github/.github/workflows/assign-author.yml@current + uses: vyos/.github/.github/workflows/assign-author.yml@T7457-bullfrog-failure secrets: inherit diff --git a/.github/workflows/check-pr-conflicts.yml b/.github/workflows/check-pr-conflicts.yml index f09e664153..c9798a735f 100644 --- a/.github/workflows/check-pr-conflicts.yml +++ b/.github/workflows/check-pr-conflicts.yml @@ -1,14 +1,24 @@ +name: Check open pull request conflicts -name: "PR Conflicts checker" on: + schedule: + # Run every hour to check for PR conflicts + - cron: '0 * * * *' pull_request_target: - types: [synchronize] - -permissions: - pull-requests: write - contents: read + types: [synchronize, closed] + workflow_dispatch: # Allow manual triggering jobs: - check-pr-conflict-call: - uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@current + check-pr-conflicts-call: + if: | + github.event_name == 'schedule' || + github.event_name == 'workflow_dispatch' || + (github.event_name == 'pull_request_target' && github.event.action == 'synchronize') || + (github.event_name == 'pull_request_target' && github.event.action == 'closed' && github.event.pull_request.merged == true) + uses: vyos/.github/.github/workflows/check-pr-merge-conflict.yml@T7981-conflict-check-scheduled-workflow-py-script + permissions: + contents: read + pull-requests: write secrets: inherit + with: + action-ref: 'T7981-conflict-check-scheduled-workflow-py-script' diff --git a/.github/workflows/cleanup-mirror-pr-branch.yml b/.github/workflows/cleanup-mirror-pr-branch.yml new file mode 100644 index 0000000000..f72c6d53dd --- /dev/null +++ b/.github/workflows/cleanup-mirror-pr-branch.yml @@ -0,0 +1,16 @@ +name: Cleanup pr mirror branch + +on: + pull_request: + types: [closed] + branches: + - current + +permissions: + contents: write + +jobs: + call-delete-branch: + if: github.repository_owner != 'vyos' + uses: vyos/.github/.github/workflows/cleanup-mirror-pr-branch.yml@T7613-pr-mirror-branch-cleanup-from-src-repo + secrets: inherit diff --git a/.github/workflows/darker-ruff-lint.yml b/.github/workflows/darker-ruff-lint.yml new file mode 100644 index 0000000000..9d7330ced8 --- /dev/null +++ b/.github/workflows/darker-ruff-lint.yml @@ -0,0 +1,14 @@ +name: Python Lint (Darker + Ruff) +on: + pull_request_target: + branches: + - current + +permissions: + pull-requests: write + contents: read + +jobs: + darker-ruff-lint: + uses: vyos/.github/.github/workflows/lint-with-darker-ruff.yml@T7777-ruff-lint-black-fix + secrets: inherit diff --git a/.github/workflows/lint-doc.yml b/.github/workflows/lint-doc.yml new file mode 100644 index 0000000000..ee0e7ae1fa --- /dev/null +++ b/.github/workflows/lint-doc.yml @@ -0,0 +1,9 @@ + +name: Lint Doc +on: + pull_request: + +jobs: + lint-doc: + uses: vyos/.github/.github/workflows/lint-doc.yml@T7362-doc-lint-branch-ref-fix + secrets: inherit diff --git a/.github/workflows/mirror-pr-and-sync.yml b/.github/workflows/mirror-pr-and-sync.yml new file mode 100644 index 0000000000..e702cb8815 --- /dev/null +++ b/.github/workflows/mirror-pr-and-sync.yml @@ -0,0 +1,23 @@ +name: Create Mirror PR and Repo Sync +on: + workflow_dispatch: + inputs: + sync_branch: + description: 'branch to sync' + required: true + type: string + +permissions: + pull-requests: write + contents: write + +jobs: + call-mirror-pr-and-sync: + if: github.repository_owner != 'vyos' + uses: VyOS-Networks/vyos-reusable-workflows/.github/workflows/mirror-pr-and-sync.yml@T7613-pr-mirror-checkout-issue + with: + sync_branch: ${{ inputs.sync_branch }} + secrets: + PAT: ${{ secrets.PAT }} + REMOTE_OWNER: ${{ secrets.PAT }} + REMOTE_REPO: ${{ secrets.PAT }} diff --git a/.github/workflows/package-smoketest.yml b/.github/workflows/package-smoketest.yml index 91c968c822..d352bd3cb2 100644 --- a/.github/workflows/package-smoketest.yml +++ b/.github/workflows/package-smoketest.yml @@ -17,6 +17,7 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments BUILD_BY: autobuild@vyos.net DEBIAN_MIRROR: http://deb.debian.org/debian/ + DEBIAN_SECURITY_MIRROR: http://deb.debian.org/debian-security VYOS_MIRROR: https://packages.vyos.net/repositories/current/ jobs: @@ -56,6 +57,7 @@ jobs: --build-type release \ --custom-package vyos-1x-smoketest \ --debian-mirror $DEBIAN_MIRROR \ + --debian-security-mirror $DEBIAN_SECURITY_MIRROR \ --version ${{ steps.version.outputs.build_version }} \ --vyos-mirror $VYOS_MIRROR \ generic diff --git a/.github/workflows/pr-mirror-repo-sync.yml b/.github/workflows/pr-mirror-repo-sync.yml new file mode 100644 index 0000000000..9c1a61e4bd --- /dev/null +++ b/.github/workflows/pr-mirror-repo-sync.yml @@ -0,0 +1,35 @@ +name: PR Mirror and Repo Sync + +on: + pull_request_target: + types: [closed] + branches: [current] + workflow_dispatch: + inputs: + sync_branch: + description: 'Branch to mirror' + required: true + default: 'current' + type: choice + options: + - current + +permissions: + pull-requests: write + contents: write + issues: write + +jobs: + call-trigger-mirror-pr-repo-sync: + if: | + github.repository_owner == 'vyos' && + ( + github.event_name == 'workflow_dispatch' || + (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true) + ) + uses: vyos/.github/.github/workflows/pr-mirror-repo-sync.yml@T7877-pr-mirror-summary-fix + with: + sync_branch: ${{ github.event.inputs.sync_branch || 'current' }} + secrets: + PAT: ${{ secrets.PAT }} + REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml deleted file mode 100644 index 752cf947a4..0000000000 --- a/.github/workflows/repo-sync.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Repo-sync - -on: - pull_request_target: - types: - - closed - branches: - - current - - equuleus - workflow_dispatch: - -jobs: - trigger-sync: - uses: vyos/.github/.github/workflows/trigger-repo-sync.yml@current - secrets: - REMOTE_REPO: ${{ secrets.REMOTE_REPO }} - REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} - PAT: ${{ secrets.PAT }} diff --git a/.mergify.yml b/.mergify.yml new file mode 100644 index 0000000000..f978c80c65 --- /dev/null +++ b/.mergify.yml @@ -0,0 +1,16 @@ +pull_request_rules: + - name: add label when PR has conflict + conditions: + - conflict + actions: + label: + add: + - "needs-rebase" + + - name: remove label when PR no longer has conflict + conditions: + - -conflict + actions: + label: + remove: + - "needs-rebase" diff --git a/CODEOWNERS b/CODEOWNERS index 1913942985..011e56c309 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1,2 @@ -* @vyos/reviewers \ No newline at end of file +# Users from reviewers github team +# * @dmbaturin @sarthurdev @jestabro @sever-sever @c-po diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 48cdbd5a77..98b9d231a3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,7 @@ # Contributing to VyOS You wan't to help us improve VyOS? This is awesome! +bp test 7 We accept any kind of Pull Requests on GitHub. In order to get your changes into the main repository as smooth as possible please take yourself some time and @@ -19,6 +20,7 @@ file(s) history by invoking git log path/to/file.txt. ### Prepare patch/commit + In a big system, such as VyOS, that is comprised of multiple components, itโ€™s impossible to keep track of all the changes and bugs/feature requests in oneโ€™s head. We use a bugtracker named Phorge (formerly known Phabricator) for it (โ€œissue trackerโ€ would @@ -82,7 +84,7 @@ development environments. bugs in a single commit. If you already worked on multiple fixes in the same file use git add โ€“patch to only add the parts related to the one issue into your upcoming commit. - + ## Bug Report/Issue Issues or bugs are found in any software project. VyOS is not an exception. diff --git a/New Text Document.txt b/New Text Document.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/README.md b/README.md index 4b7d7adb94..2cce764555 100644 --- a/README.md +++ b/README.md @@ -5,12 +5,17 @@ reason, which made it hard to navigate or write meaningful changelogs. As the code undergoes rewrite in the new style in VyOS 1.2.0+, we consolidate the rewritten code in this package. +t 10 + + If you just want to build a VyOS image, the repository you want is [vyos-build](https://github.com/vyos/vyos-build). If you also want to contribute to VyOS, read on. ## Package layout + + ``` data # Jinja2 templates debian # Our package build system @@ -77,3 +82,21 @@ be placed into the vyos-1x-smoketest package. +feature + __ + / _| ___ ___ +| |_ / _ \ / _ \ +| _| (_) | (_) | +|_| \___/ \___/ + + + +bar +baz +baz +baz +foo +foo +foo +foo +foo diff --git a/README2.md b/README2.md new file mode 100644 index 0000000000..57fff380e2 --- /dev/null +++ b/README2.md @@ -0,0 +1,14 @@ +bar +bar +bar +bar +bar +bar +bar +bar +bar +bar +bar +bar + +check diff --git a/foo b/foo new file mode 100644 index 0000000000..6c381519ee --- /dev/null +++ b/foo @@ -0,0 +1,6 @@ +asdf +bar +bar +foo +foo +foo diff --git a/m-pr-3.txt b/m-pr-3.txt new file mode 100644 index 0000000000..3296bb9bb8 --- /dev/null +++ b/m-pr-3.txt @@ -0,0 +1,3 @@ +open pr 3 +uni mirror 1 +dec 15 23.34 diff --git a/pr-1.txt b/pr-1.txt new file mode 100644 index 0000000000..4f804840df --- /dev/null +++ b/pr-1.txt @@ -0,0 +1,6 @@ +merge conflict check 1 - one more more +limit check 4 +onboard check 4 +cleanup 2 +TEST 4 +nov 18 00:07 diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000000..cf710352cc --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,3 @@ +[tool.black] +skip-string-normalization = true +line-length = 100 \ No newline at end of file diff --git a/python/setup.py b/python/setup.py index 2d614e7246..8e9662b687 100644 --- a/python/setup.py +++ b/python/setup.py @@ -1,4 +1,6 @@ import os +import json +# pr-mirror-fork-mt-21 from setuptools import setup def packages(directory): diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py index 8ba4817280..dca9a48c06 100644 --- a/python/vyos/ifconfig/bond.py +++ b/python/vyos/ifconfig/bond.py @@ -14,7 +14,7 @@ # License along with this library. If not, see . import os - +import json from vyos.ifconfig.interface import Interface from vyos.utils.dict import dict_search from vyos.utils.assertion import assert_list diff --git a/scripts/override-default b/scripts/override-default index 5058e79b3a..41467cc7dd 100755 --- a/scripts/override-default +++ b/scripts/override-default @@ -25,6 +25,7 @@ # relative to path; replace and remove to override the value. import sys +import json import glob import logging from copy import deepcopy diff --git a/src/activation-scripts/20-ethernet_offload.py b/src/activation-scripts/20-ethernet_offload.py index ca7213512b..7573032fc8 100755 --- a/src/activation-scripts/20-ethernet_offload.py +++ b/src/activation-scripts/20-ethernet_offload.py @@ -21,6 +21,7 @@ # them to the config if the kernel has them set (unless its a live boot) from vyos.ethtool import Ethtool +import json from vyos.configtree import ConfigTree from vyos.system.image import is_live_boot diff --git a/src/op_mode/accelppp.py b/src/op_mode/accelppp.py index 67ce786d02..4ebf66a56c 100755 --- a/src/op_mode/accelppp.py +++ b/src/op_mode/accelppp.py @@ -16,7 +16,7 @@ # import sys - +import os import vyos.accel_ppp import vyos.opmode