From 9f3fd4896109167c19159b4f01378c032dda1e3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= Date: Wed, 27 Nov 2024 10:48:27 +0100 Subject: [PATCH] CI: check that our Github Actions are able to run on ubuntu-24 --- .github/workflows/build.yml | 2 +- .github/workflows/check_push.yml | 23 +++++++++++++++++++++++ .github/workflows/check_repos.yml | 8 ++++++-- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/close-issues.yml | 6 +++++- .github/workflows/scan.yml | 5 +++-- .github/workflows/scan_released.yml | 8 ++++++-- 7 files changed, 51 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/check_push.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 35f9597ff..1df511df6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,7 +29,7 @@ env: jobs: build-dev-environment: name: "Build dev-env (${{ matrix.distro }}-${{ matrix.version }})" - runs-on: ubuntu-latest + runs-on: ubuntu-24 strategy: matrix: include: diff --git a/.github/workflows/check_push.yml b/.github/workflows/check_push.yml new file mode 100644 index 000000000..c7d727151 --- /dev/null +++ b/.github/workflows/check_push.yml @@ -0,0 +1,23 @@ +name: Check branch conformity +on: + pull_request: + push: + branches: + - main + - "test/**" + +jobs: + prevent-fixup-commits: + runs-on: ubuntu-24 + env: + target: debian-bookworm + distro: debian + version: bookworm + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: prevent fixup commits + run: | + git fetch origin + git status + git log --pretty=format:%s origin/main..HEAD | grep -ie '^fixup\|^wip' && exit 1 || true diff --git a/.github/workflows/check_repos.yml b/.github/workflows/check_repos.yml index db33f9a65..1e165c7c3 100644 --- a/.github/workflows/check_repos.yml +++ b/.github/workflows/check_repos.yml @@ -10,11 +10,15 @@ on: schedule: - cron: '0 0 * * *' # Run every day at 00:00 UTC. workflow_dispatch: + push: + branches: + - main + - "test/**" jobs: install-from-apt-repo: name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" - runs-on: ubuntu-latest + runs-on: ubuntu-24 container: ${{ matrix.distro }}:${{ matrix.version }} strategy: matrix: @@ -70,7 +74,7 @@ jobs: install-from-yum-repo: name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" - runs-on: ubuntu-latest + runs-on: ubuntu-24 container: ${{ matrix.distro }}:${{ matrix.version }} strategy: matrix: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4af11d27c..050abbd07 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ concurrency: jobs: run-lint: - runs-on: ubuntu-latest + runs-on: ubuntu-24 container: image: debian:bookworm steps: @@ -78,7 +78,7 @@ jobs: download-tessdata: name: Download and cache Tesseract data - runs-on: ubuntu-latest + runs-on: ubuntu-24 steps: - uses: actions/checkout@v4 - name: Cache Tessdata @@ -183,7 +183,7 @@ jobs: needs: - build-container-image name: "build-deb (${{ matrix.distro }} ${{ matrix.version }})" - runs-on: ubuntu-latest + runs-on: ubuntu-24 strategy: matrix: include: @@ -250,8 +250,8 @@ jobs: install-deb: name: "install-deb (${{ matrix.distro }} ${{ matrix.version }})" - runs-on: ubuntu-latest - needs: + runs-on: ubuntu-24 + needs: - build-deb strategy: matrix: @@ -305,7 +305,7 @@ jobs: build-install-rpm: name: "build-install-rpm (${{ matrix.distro }} ${{matrix.version}})" - runs-on: ubuntu-latest + runs-on: ubuntu-24 needs: - build-container-image strategy: @@ -377,7 +377,7 @@ jobs: run-tests: name: "run tests (${{ matrix.distro }} ${{ matrix.version }})" - runs-on: ubuntu-latest + runs-on: ubuntu-24 needs: - build-container-image - download-tessdata diff --git a/.github/workflows/close-issues.yml b/.github/workflows/close-issues.yml index cf503fd7b..aeda14b05 100644 --- a/.github/workflows/close-issues.yml +++ b/.github/workflows/close-issues.yml @@ -2,10 +2,14 @@ name: Close inactive issues on: schedule: - cron: "30 1 * * *" + push: + branches: + - main + - "test/**" jobs: close-issues: - runs-on: ubuntu-latest + runs-on: ubuntu-24 permissions: issues: write steps: diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index d98510927..fafef1fba 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -3,6 +3,7 @@ on: push: branches: - main + - "test/**" pull_request: schedule: - cron: '0 0 * * *' # Run every day at 00:00 UTC. @@ -10,7 +11,7 @@ on: jobs: security-scan-container: - runs-on: ubuntu-latest + runs-on: ubuntu-24 steps: - name: Checkout uses: actions/checkout@v4 @@ -51,7 +52,7 @@ jobs: severity-cutoff: critical security-scan-app: - runs-on: ubuntu-latest + runs-on: ubuntu-24 steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/scan_released.yml b/.github/workflows/scan_released.yml index 0333e4925..6502446e3 100644 --- a/.github/workflows/scan_released.yml +++ b/.github/workflows/scan_released.yml @@ -1,5 +1,9 @@ name: Scan released app and container on: + push: + branches: + - main + - "test/**" schedule: - cron: '0 0 * * *' # Run every day at 00:00 UTC. workflow_dispatch: @@ -9,7 +13,7 @@ jobs: strategy: matrix: include: - - runs-on: ubuntu-latest + - runs-on: ubuntu-24 arch: i686 # Do not scan Silicon mac for now to avoid masking release scan results for other plaforms. # - runs-on: macos-latest @@ -55,7 +59,7 @@ jobs: severity-cutoff: critical security-scan-app: - runs-on: ubuntu-latest + runs-on: ubuntu-24 steps: - name: Checkout uses: actions/checkout@v4