From 8af3ee6058d24cae110ea5e5d35c3753606fd1fe Mon Sep 17 00:00:00 2001 From: Haroon Khel <34969545+Haroon-Khel@users.noreply.github.com> Date: Tue, 27 Feb 2024 01:43:31 +0800 Subject: [PATCH 01/35] github: Build on MacOS13 image in github workflow (#3413) * github: build on macos13 in the workflow * remove jdk10 install from common --- .github/workflows/build_mac.yml | 4 +++- .../AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml index 8720ba7998..e4a70b9798 100644 --- a/.github/workflows/build_mac.yml +++ b/.github/workflows/build_mac.yml @@ -17,7 +17,9 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [macos-11] + include: + - os: [macos-11] + - os: [macos-13] steps: - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml index 7b3506b690..1b5f24865c 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/MacOSX.yml @@ -21,7 +21,6 @@ Build_Tool_Packages_NOT_10_12: - ccache # ccache is no longer working on macOS 10.12 Build_Tool_Casks: - - adoptopenjdk10 - packages Test_Tool_Packages: From bf6bd5fc4b7f7737683304dedee51d6e55fd2aef Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Wed, 28 Feb 2024 17:03:57 +0000 Subject: [PATCH 02/35] awx: add requirements.yml for galaxy roles (#3421) Signed-off-by: Stewart X Addison --- collections/requirements.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 collections/requirements.yml diff --git a/collections/requirements.yml b/collections/requirements.yml new file mode 100644 index 0000000000..9ee87128fb --- /dev/null +++ b/collections/requirements.yml @@ -0,0 +1,6 @@ +--- +# Required by AWX for the homebrew and zypper operations +# in curl/GIT_Source roles +collections: + - name: community.general + source: https://galaxy.ansible.com From c1e517a1fc422c09ac01187eeb35e257818e0e92 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:09:08 +0000 Subject: [PATCH 03/35] Fix case of CentOS service check (#3419) --- .../AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml index 7e0fd6e8ac..8dbd9428ab 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml @@ -45,7 +45,7 @@ when: - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "8") or (ansible_distribution == "SLES" and ansible_distribution_major_version == "12") or - (ansible_distribution == "centos" and ansible_distribution_major_version == "7" ) + (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" ) tags: ntp_time - name: Start NTP for SUSE12 From a957c6c59583bbe34389022ce00a0de0e9edccbf Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Fri, 1 Mar 2024 16:50:33 +0000 Subject: [PATCH 04/35] inventory: add azure dockerhost (#3426) * inventory: add azure dockerhost Signed-off-by: Stewart X Addison * Switch AMD for Intel machine as VT works Signed-off-by: Stewart X Addison --------- Signed-off-by: Stewart X Addison --- ansible/inventory.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 8dc8401017..1bfbfc984d 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -83,6 +83,9 @@ hosts: - dockerhost: + - azure: + ubuntu2204-x64-1: {ip: 52.180.147.157, description: Xeon Platinum 8272CL, 16 cores, 64GB} + - equinix: ubuntu2204-x64-1: {ip: 145.40.113.173, description: Intel Xeon Gold 40 core} ubuntu2004-x64-1: {ip: 145.40.114.58, description: AMD EPYC 7401P 24 core} From 3d98b8bc9ea1a963d6ebe5bd7078f8fc8d0bcef1 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Mon, 4 Mar 2024 14:48:24 +0000 Subject: [PATCH 05/35] github: Fix labeler GitHub Action (#3432) * Fix labeler gha * Bump actions versions --- .github/workflows/labeler.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index b32d3a518f..8554da27a4 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -8,14 +8,19 @@ on: jobs: triage: + permissions: + contents: read + pull-requests: write + issues: write runs-on: ubuntu-latest + name: Assign Labels steps: - - uses: actions/labeler@5c7539237e04b714afd8ad9b4aed733815b9fab4 # v4.0.2 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 if: ${{ github.event.pull_request }} with: repo-token: "${{ secrets.GITHUB_TOKEN }}" - - uses: fuxingloh/multi-labeler@fb9bc28b2d65e406ffd208384c5095793c3fd59a # v1.8.0 + - uses: fuxingloh/multi-labeler@b15a54460c38f54043fa75f7b08a0e2aa5b94b5b # v4.0.0 with: github-token: "${{secrets.GITHUB_TOKEN}}" config-path: .github/regex_labeler.yml From 523d4f750de50ad10b93c575a6e614d552ca7559 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Mon, 4 Mar 2024 16:19:27 +0000 Subject: [PATCH 06/35] Github: Update Labeler Configuration File To New Format. (#3434) * Fix labeler gha * Bump actions versions * Revert to previous action SHAs. * Update labeler config for new versions of actions. * Update to new action versions. * Fix typo * Remove Rogue comment * Update labeler.yml * Test new config * Test new config * Restore config --- .github/labeler.yml | 24 +++++++++++++----------- .github/workflows/labeler.yml | 2 +- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.github/labeler.yml b/.github/labeler.yml index e7ae3a4e2f..f34cb11fc0 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -9,20 +9,22 @@ # label_name: # - path/to/file_or_folder + ghActions: - - .github/workflows/**/* +- changed-files: + - any-glob-to-any-file: [.github/*] doc: - - docs/* - - '**/*.md' +- changed-files: + - any-glob-to-any-file: [docs/*, '**/*.md'] Vagrant: - - ansible/pbTestScripts/**/* - - ansible/vagrant/Vagrantfile* +- changed-files: + - any-glob-to-any-file: [ansible/pbTestScripts/**/*, ansible/vagrant/Vagrantfile*] pbTests: - - ansible/pbTestScripts/**/* +- changed-files: + - any-glob-to-any-file: [ansible/pbTestScripts/**/*] docker: - - ansible/docker/Dockerfile* +- changed-files: + - any-glob-to-any-file: [ansible/docker/Dockerfile*] ansible: - - ansible/playbooks/**/* - - ansible/plugins/**/* - - ansible/inventory.yml - - ansible/ansible.cfg +- changed-files: + - any-glob-to-any-file: [ansible/playbooks/**/*, ansible/plugins/**/*, ansible/inventory.yml, ansible/ansible.cfg] diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 8554da27a4..c4a207d2c7 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -5,7 +5,7 @@ on: pull_request_target: issues: issue_comment: - + jobs: triage: permissions: From 57363dd80f899876dd7177b88c3bcf04e5c2a132 Mon Sep 17 00:00:00 2001 From: George Adams Date: Tue, 5 Mar 2024 05:29:31 +0000 Subject: [PATCH 07/35] inventory: add scaleway risc-v hosts to inventory (#3431) * inventory: add scaleway risc-v hosts to inventory * fix permissions * Update labeler.yml * Update code-freeze.yml --------- Co-authored-by: Martijn Verburg --- .github/workflows/code-freeze.yml | 4 ++++ ansible/inventory.yml | 4 ++++ ansible/plugins/inventory/adoptopenjdk_yaml.py | 3 ++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/code-freeze.yml b/.github/workflows/code-freeze.yml index 83ffd2746c..5f06ab68f4 100644 --- a/.github/workflows/code-freeze.yml +++ b/.github/workflows/code-freeze.yml @@ -7,6 +7,10 @@ on: issue_comment: types: [created] +permissions: + contents: write + pull-requests: write + jobs: codefreeze: uses: adoptium/.github/.github/workflows/code-freeze.yml@main diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 1bfbfc984d..84f2cdbde8 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -162,6 +162,10 @@ hosts: macos1015-x64-1: {ip: 10.0.40.10, ipv6: "2a02:418:3001:40::10", user: administrator} macos1015-x64-2: {ip: 10.0.40.11, ipv6: "2a02:418:3001:40::11", user: administrator} + - scaleway: + ubuntu2310-riscv64-1: {ip: 62.210.163.13, user: ubuntu} + ubuntu2310-riscv64-2: {ip: 62.210.163.98, user: ubuntu} + - siteox: solaris10u11-sparcv9-1: {ip: cloud.siteox.com, port: 53322} diff --git a/ansible/plugins/inventory/adoptopenjdk_yaml.py b/ansible/plugins/inventory/adoptopenjdk_yaml.py index dfd3c14240..f88ba3ba5c 100755 --- a/ansible/plugins/inventory/adoptopenjdk_yaml.py +++ b/ansible/plugins/inventory/adoptopenjdk_yaml.py @@ -32,6 +32,7 @@ from os import path import yaml + try: import configparser except ImportError: @@ -48,7 +49,7 @@ 'provider': ('alibaba', 'azure', 'marist', 'osuosl', 'macstadium', 'macincloud', 'ibmcloud', 'spearhead', 'siteox', 'equinix', 'linaro','digitalocean', 'ibm', 'godaddy', - 'aws', 'inspira', 'equinix_esxi', 'nine', 'gdams', 'skytap', + 'aws', 'inspira', 'equinix_esxi', 'nine', 'scaleway', 'skytap', 'hetzner') } From f70d5de1c557d1d2acf1065dcc03c92e0822f7f8 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Tue, 5 Mar 2024 05:33:01 +0000 Subject: [PATCH 08/35] Set Explicit Permissions (#3435) Co-authored-by: Martijn Verburg From 031e0424a5c53a65b4c9765d361e6512f85a023c Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Tue, 5 Mar 2024 06:46:17 +0000 Subject: [PATCH 09/35] unixPB: Clean_Up role: remove warn: no (#3428) Signed-off-by: Stewart X Addison Co-authored-by: Martijn Verburg --- .../AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml index a0c1f4434f..d44eae9124 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Clean_Up/tasks/main.yml @@ -20,8 +20,6 @@ - name: Remove yum dependencies that are no longer required - RedHat and CentOS command: yum -y autoremove - args: - warn: no when: - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "6") or (ansible_distribution == "CentOS" and ansible_distribution_major_version != "6") - ansible_architecture != "aarch64" From 9c47baa2b5fe035401f7ea091db8230870215e15 Mon Sep 17 00:00:00 2001 From: Ludovic Henry Date: Tue, 5 Mar 2024 07:46:38 +0100 Subject: [PATCH 10/35] Download cross-build jdk11u from CI (#3433) We don't want to rely on openjdk-11-jdk from Ubuntu 20.04 repositories, it's based on Zero VM and just too slow for use as boot/build JDK. Co-authored-by: George Adams Co-authored-by: Martijn Verburg --- .../AdoptOpenJDK_Unix_Playbook/main.yml | 1 - .../roles/adoptopenjdk_install/tasks/main.yml | 33 ++++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index fe976ced42..750ed586a8 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -107,7 +107,6 @@ when: - (ansible_distribution != "Alpine" or ansible_architecture != "aarch64") - ansible_distribution != "Solaris" - - ansible_architecture != "riscv64" tags: build_tools - role: adoptopenjdk_install # Previous LTS jdk_version: 17 diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml index f02f099f7c..1082036599 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml @@ -134,7 +134,7 @@ - ansible_distribution != "MacOSX" - not ((ansible_distribution == "RedHat" or ansible_distribution == "CentOS") and ansible_distribution_major_version == "6") - ansible_os_family != "Solaris" - - not (ansible_architecture == "riscv64" and (jdk_version == 21 or jdk_version == 19 or jdk_version == 17)) # Linux-riscv64 for JDK 17, 19, 21 are special cased + - not (ansible_architecture == "riscv64" and (jdk_version == 21 or jdk_version == 19 or jdk_version == 17 or jdk_version == 11)) # Linux-riscv64 for JDK 11, 17, 19, 21 are special cased - adoptopenjdk_installed.rc != 0 tags: adoptopenjdk_install # Api does not return release information for JDK10 @@ -265,6 +265,37 @@ path: /tmp/jdk17.tar.gz state: absent +# JDK 11 on Linux-riscv64 is a special-case because the Ubuntu openjdk-11-jdk package is just too +# damn slow (it's Zero VM) and times out on CI +- name: Install JDK {{ jdk_version }} on Linux-riscv64 + when: + - ansible_architecture == "riscv64" and jdk_version == 11 + - adoptopenjdk_installed.rc != 0 + tags: adoptopenjdk_install + # Api does not return release information for JDK10 + block: + - name: Download jdk{{ jdk_version }} release (Linux-riscv64) + get_url: + url: https://ci.adoptium.net/userContent/riscv/OpenJDK11U-jdk_riscv64_linux_hotspot_2024-02-08-16-01.tar.gz + dest: /tmp/jdk11.tar.gz + mode: 0440 + checksum: sha256:b14e237de3929f235671c38694a9458e7aeab1720065edc1888aa8754a2e21b2 + retries: 3 + delay: 5 + register: adoptopenjdk_download + until: adoptopenjdk_download is not failed + + - name: Install latest jdk{{ jdk_version }} release if one not already installed (Linux-riscv64) + unarchive: + src: /tmp/jdk11.tar.gz + dest: /usr/lib/jvm + remote_src: yes + + - name: Remove jdk11.tar.gz (Linux-riscv64) + file: + path: /tmp/jdk11.tar.gz + state: absent + # # CentOS6 needs it's own task so it can use a different python interpreter. # # See: https://github.com/adoptium/infrastructure/issues/1877 - name: Install latest JDK {{ jdk_version }} release if not already installed (CentOS6) From 4697b0a3cc165502cc39f53366ec6cabc8f919f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 09:45:03 +0000 Subject: [PATCH 11/35] build(deps): bump docker/build-push-action from 2.10.0 to 5.1.0 (#3313) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 5.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ac9327eae2b366085ac7f6a2d02df8aa8ead720a...4a13e500e55cf31b7a5d59a38ab2040ab0f42f56) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Martijn Verburg --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b74dbb3895..b7e4bcac59 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,7 +39,7 @@ jobs: - name: Docker Build CentOS6 Image Test - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: file: ./ansible/docker/Dockerfile.CentOS6 build-args: git_sha=${{ github.sha }} @@ -50,7 +50,7 @@ jobs: if: github.ref != 'refs/heads/master' - name: Docker Build & Push Centos6 Image to Docker Hub On Merge - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: file: ./ansible/docker/Dockerfile.CentOS6 build-args: git_sha=${{ github.sha }} @@ -71,7 +71,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Docker Build Alpine3 Image - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: file: ./ansible/docker/Dockerfile.Alpine3 build-args: git_sha=${{ github.sha }} From d4b81b0d3de59221e375bf7168edb108af192a3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 10:52:30 +0000 Subject: [PATCH 12/35] build(deps): bump actions/checkout from 2.1.0 to 4.1.1 (#3312) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v2.1.0...v4.1.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Martijn Verburg --- .github/workflows/build.yml | 4 ++-- .github/workflows/build_mac.yml | 2 +- .github/workflows/build_qemu.yml | 2 +- .github/workflows/build_vagrant.yml | 2 +- .github/workflows/build_wsl.yml | 2 +- .github/workflows/check_dockerstatic.yml | 8 ++++---- .github/workflows/linter.yml | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b7e4bcac59..20751d619e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Docker Buildx to use cache feature uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Docker Buildx to use cache feature uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml index e4a70b9798..267ef23c3e 100644 --- a/.github/workflows/build_mac.yml +++ b/.github/workflows/build_mac.yml @@ -22,7 +22,7 @@ jobs: - os: [macos-13] steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install dependencies run: brew install ansible diff --git a/.github/workflows/build_qemu.yml b/.github/workflows/build_qemu.yml index c4df6ab2e5..2f56f628d7 100644 --- a/.github/workflows/build_qemu.yml +++ b/.github/workflows/build_qemu.yml @@ -36,7 +36,7 @@ jobs: # distro: jessie steps: - - uses: actions/checkout@01aecccf739ca6ff86c0539fbc67a7a5007bbc81 # v2.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run on architecture uses: uraimo/run-on-arch-action@517085f0367c8256bcfa753e3e13e1550af09954 # v2.7.1 diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index 8e3b12ceab..46f65fe18a 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -22,7 +22,7 @@ jobs: runs-on: macos-12 steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install dependencies run: | diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml index d9b688c015..931b765959 100644 --- a/.github/workflows/build_wsl.yml +++ b/.github/workflows/build_wsl.yml @@ -41,7 +41,7 @@ jobs: .\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert .\ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: Vampire/setup-wsl@c5a800f46e4525a2e9f0b4d2be3262c85dea9f57 # v2.0.2 diff --git a/.github/workflows/check_dockerstatic.yml b/.github/workflows/check_dockerstatic.yml index 5127786bb6..86079786c4 100644 --- a/.github/workflows/check_dockerstatic.yml +++ b/.github/workflows/check_dockerstatic.yml @@ -28,7 +28,7 @@ jobs: - os: alpine3.19 dockerfile: "Dockerfile.alp319" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} @@ -45,7 +45,7 @@ jobs: - os: centos8 dockerfile: "Dockerfile.cent8" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} @@ -62,7 +62,7 @@ jobs: - os: fedora39 dockerfile: "Dockerfile.f39" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} @@ -83,7 +83,7 @@ jobs: - os: ubuntu22.04 dockerfile: "Dockerfile.u2204" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Test Dockerfile on ${{ matrix.os }} env: DOCKERFILE: ${{ matrix.dockerfile }} diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 4c51a72abb..10a3c3b4bd 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Yamllint' uses: karancode/yamllint-github-action@fdef6bc189425ecc84cc4543b2674566c0827053 # v2.1.1 @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Python 3.x uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 From b648da813b708d78f198806e42ad8547a261797a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 10:53:21 +0000 Subject: [PATCH 13/35] build(deps): bump actions/setup-python from 2.3.3 to 5.0.0 (#3315) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.3 to 5.0.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/75f3110429a8c05be0e1bf360334e4cced2b63fa...0a5c61591373683505ea898e09a3ea4f39ef2b9c) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 10a3c3b4bd..4f7dbebf30 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Python 3.x - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: '3.x' From fa53619c3d74c692234c31f7d8455ff5c3c05f56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 10:53:59 +0000 Subject: [PATCH 14/35] build(deps): bump Vampire/setup-wsl from 2.0.2 to 3.0.0 (#3374) Bumps [Vampire/setup-wsl](https://github.com/vampire/setup-wsl) from 2.0.2 to 3.0.0. - [Release notes](https://github.com/vampire/setup-wsl/releases) - [Commits](https://github.com/vampire/setup-wsl/compare/c5a800f46e4525a2e9f0b4d2be3262c85dea9f57...d4e837996638afd047e7b468de70e28fe76cf75a) --- updated-dependencies: - dependency-name: Vampire/setup-wsl dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Martijn Verburg --- .github/workflows/build_wsl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml index 931b765959..96e2ddd031 100644 --- a/.github/workflows/build_wsl.yml +++ b/.github/workflows/build_wsl.yml @@ -43,7 +43,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: Vampire/setup-wsl@c5a800f46e4525a2e9f0b4d2be3262c85dea9f57 # v2.0.2 + - uses: Vampire/setup-wsl@d4e837996638afd047e7b468de70e28fe76cf75a # v3.0.0 - name: Install dependencies run: | From 4b05441bab032e374c64aff90620697ec2051f21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Mar 2024 10:54:30 +0000 Subject: [PATCH 15/35] build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#3418) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f95db51fddba0c2d1ec667646a06c2ce06100226...0d103c3126aa41d772a8362f6aa67afac040f80c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Martijn Verburg --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 20751d619e..bbc493063b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Docker Buildx to use cache feature - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Login to Docker Hub uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 @@ -68,7 +68,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Docker Buildx to use cache feature - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Docker Build Alpine3 Image uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 From d80c1c84e97ee08b8ecc33cf26749ecff17df221 Mon Sep 17 00:00:00 2001 From: Ludovic Henry Date: Tue, 5 Mar 2024 13:27:21 +0100 Subject: [PATCH 16/35] docker: update riscv64 JDK11_BOOT_DIR to use /usr/lib/jvm/jdk-11 (#3440) --- ansible/docker/Dockerfile.Ubuntu2004-riscv64 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/docker/Dockerfile.Ubuntu2004-riscv64 b/ansible/docker/Dockerfile.Ubuntu2004-riscv64 index 0a635b3936..72d9c3665d 100644 --- a/ansible/docker/Dockerfile.Ubuntu2004-riscv64 +++ b/ansible/docker/Dockerfile.Ubuntu2004-riscv64 @@ -20,8 +20,8 @@ RUN groupadd -g 1000 ${user} RUN useradd -c "Jenkins user" -d /home/${user} -u 1000 -g 1000 -m ${user} ENV \ - JDK11_BOOT_DIR="/usr/lib/jvm/java-11-openjdk-riscv64" \ + JDK11_BOOT_DIR="/usr/lib/jvm/jdk-11" \ JDK17_BOOT_DIR="/usr/lib/jvm/jdk-17" \ JDK19_BOOT_DIR="/usr/lib/jvm/jdk-19" \ JDK21_BOOT_DIR="/usr/lib/jvm/jdk-21" \ - JAVA_HOME="/usr/lib/jvm/java-11-openjdk-riscv64" + JAVA_HOME="/usr/lib/jvm/jdk-11" From b6cd869a043ab0e48db745fdfb8308efac8d13ad Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Tue, 5 Mar 2024 15:12:33 +0000 Subject: [PATCH 17/35] Github: Add Semgrep Check On Pull Request (#3429) * Initial version of semgrep diff * Update semgrep_diff.yml * reformat params * Pin checkout action to sha * Dummy - To Test Semgrep * Testing SEMGREP * Ignore Nagios Example j2 templates --------- Co-authored-by: Martijn Verburg --- .github/workflows/semgrep_diff.yml | 23 +++++++++++++++++++++++ .semgrepignore | 2 ++ 2 files changed, 25 insertions(+) create mode 100644 .github/workflows/semgrep_diff.yml create mode 100644 .semgrepignore diff --git a/.github/workflows/semgrep_diff.yml b/.github/workflows/semgrep_diff.yml new file mode 100644 index 0000000000..e0dfdcd9f0 --- /dev/null +++ b/.github/workflows/semgrep_diff.yml @@ -0,0 +1,23 @@ +--- +name: Semgrep Differential Scan +on: + pull_request: + +jobs: + semgrep-diff: + runs-on: ubuntu-latest + container: + image: returntocorp/semgrep + + steps: + # Step 1: Clone application source code + - name: Checkout code + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + fetch-depth: 0 + + # Step 2: Differential scan + - name: Differential scan + run: | + semgrep scan --error --metrics=off --config="p/trailofbits" \ + --baseline-commit ${{ github.event.before }} diff --git a/.semgrepignore b/.semgrepignore new file mode 100644 index 0000000000..09f86810a2 --- /dev/null +++ b/.semgrepignore @@ -0,0 +1,2 @@ +# Ignore The Nagios Configuration J2 templates, as they are only examples. +./ansible/playbooks/nagios/roles/Nagios_Config/files/templates/*.j2 From b073f683191665e2e813aff2515fda5bba55b707 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Tue, 5 Mar 2024 19:39:29 +0000 Subject: [PATCH 18/35] winPB: Update Wix Installer Download URL & Checksum (#3443) * Update WIX Url & Checksum * Fix VS2022 Download Checksum --- .../roles/MSVS_2022/tasks/main.yml | 2 +- .../AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml index 06a9dc118f..1ed57d05c3 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/MSVS_2022/tasks/main.yml @@ -94,7 +94,7 @@ - name: Download Visual Studio Community 2022 win_get_url: url: 'https://aka.ms/vs/17/release/vs_Community.exe' - checksum: 51d8dc03605a4fa11d445795cb1cc7ea1a518b0b0ce466cdaa805fc6029d7058 + checksum: 6dfb021f82e9e7f89de632c08a654c0695d7701c3f47bb894508717a9948048f checksum_algorithm: sha256 dest: 'C:\temp\vs_community22.exe' force: no diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml index 2fdcfa7997..bc606fcbfe 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/WiX/tasks/main.yml @@ -10,10 +10,10 @@ - name: Download WiX win_get_url: - url: https://wixtoolset.org/downloads/v3.14.0.3910/wix314.exe + url: https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe dest: 'C:\temp\wix.exe' follow_redirects: all - checksum: f333d4cf132f03b75222aa107633d28ce5ba8d612892b38cfc2ddc4cd92ad6de + checksum: 704439ea88fc9e5a3647eedeeb45943f9a392e3d209f58512280130096847937 checksum_algorithm: sha256 when: (not wix_installed.stat.exists) tags: Wix From 8beac8275a5e36f53ea773edd7e69d1cc1fdf908 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Wed, 6 Mar 2024 10:42:30 +0000 Subject: [PATCH 19/35] Shift to using semgrep CI (#3447) --- .github/workflows/semgrep_diff.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/semgrep_diff.yml b/.github/workflows/semgrep_diff.yml index e0dfdcd9f0..32b28382d8 100644 --- a/.github/workflows/semgrep_diff.yml +++ b/.github/workflows/semgrep_diff.yml @@ -19,5 +19,5 @@ jobs: # Step 2: Differential scan - name: Differential scan run: | - semgrep scan --error --metrics=off --config="p/trailofbits" \ - --baseline-commit ${{ github.event.before }} + semgrep ci \ + --config="p/trailofbits" From 8a831d48a3ab342ff614625c0619fef43de70bd1 Mon Sep 17 00:00:00 2001 From: Aswin K R Date: Wed, 6 Mar 2024 16:59:00 +0530 Subject: [PATCH 20/35] unixPB: Fix SLES 15 Devel-Tools repo url (#3441) Co-authored-by: Martijn Verburg --- .../AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml index e487028701..71cc7ab63b 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml @@ -23,7 +23,7 @@ - name: Add Devel-Tools repository (SLES15) zypper_repository: - repo: https://download.opensuse.org/repositories/devel:/tools/15.4/devel:tools.repo + repo: https://download.opensuse.org/repositories/devel:/tools/15.5/devel:tools.repo auto_import_keys: yes state: present when: From c6dd3c8070f485b051b67b330dfbde02f7a570a4 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 6 Mar 2024 14:28:57 +0000 Subject: [PATCH 21/35] unixPB: apply cloud.cfg etc/hosts fix for scaleway (#3449) --- .../roles/Providers/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml index 15c0edf5c7..49b1af67d6 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Providers/tasks/main.yml @@ -66,11 +66,11 @@ - providers - adoptopenjdk -########### -# Marist # -########### +##################### +# Marist & Scaleway # +##################### -# Marist machines need their host template updated for changes to /etc/hosts to persist +# Marist & Scaleway machines need their host template updated for changes to /etc/hosts to persist - name: Update /etc/cloud/cloud.cfg file - To remove update hosts function lineinfile: dest: /etc/cloud/cloud.cfg @@ -78,7 +78,7 @@ state: absent when: - provider_name.rc == 0 - - provider_name.stdout == "marist" + - (provider_name.stdout == "marist" or provider_name.stdout == "scaleway") tags: - providers - adoptopenjdk From 79d44e20579ed367412bcbe485b2bc420bd3ca21 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Thu, 7 Mar 2024 12:22:53 +0000 Subject: [PATCH 22/35] unixPB: Include check for ntpd service. (#3455) UnixPB: Improve NTPD Checks --- .../roles/NTP_TIME/tasks/main.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml index 8dbd9428ab..d17df7d829 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/NTP_TIME/tasks/main.yml @@ -37,12 +37,38 @@ - (ansible_distribution == "Ubuntu") or (ansible_distribution == "SLES" and ansible_distribution_major_version == "11") tags: ntp_time +- name: Gather Facts About The Services Present + service_facts: + tags: ntp_time + +- name: Check If NTPD Exists In The Service Facts + set_fact: + ntpd_entry_exists: "{{ 'ntpd.service' in services }}" + when: ansible_facts.services is defined + tags: ntp_time + +- name: Set Fact Where NTPD Is Not Available As A Service + set_fact: + ntpd_entry_exists: "false" + when: ansible_facts.services is not defined + tags: ntp_time + +- name: Display NTPD Status + debug: + var: ntpd_entry_exists + when: + - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "8") or + (ansible_distribution == "SLES" and ansible_distribution_major_version == "12") or + (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" ) + tags: ntp_time + - name: Start NTP for RedHat, SLES 12 and CentOS 7 service: name: ntpd state: restarted enabled: yes when: + - ntpd_entry_exists | default(false) | bool - (ansible_distribution == "RedHat" and ansible_distribution_major_version != "8") or (ansible_distribution == "SLES" and ansible_distribution_major_version == "12") or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" ) From 511f85b7010a9ea354b85009583acc7bc58ab908 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 08:31:02 +1300 Subject: [PATCH 23/35] build(deps): bump actions/checkout from 3.1.0 to 4.1.1 (#3445) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Martijn Verburg --- .github/workflows/semgrep_diff.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semgrep_diff.yml b/.github/workflows/semgrep_diff.yml index 32b28382d8..6c44589a6d 100644 --- a/.github/workflows/semgrep_diff.yml +++ b/.github/workflows/semgrep_diff.yml @@ -12,7 +12,7 @@ jobs: steps: # Step 1: Clone application source code - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 From d236febde0af3cc390bcff9dbc693ebb87599a37 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 7 Mar 2024 19:35:16 +0000 Subject: [PATCH 24/35] docs: add steps to provision solaris machines in ESXi (#2361) * docs: add steps to provision solaris machines in ESXi * Update ansible/create-solaris-esxi.md Co-authored-by: Stewart X Addison <6487691+sxa@users.noreply.github.com> * Update ansible/create-solaris-esxi.md Co-authored-by: Stewart X Addison <6487691+sxa@users.noreply.github.com> --------- Co-authored-by: Stewart X Addison <6487691+sxa@users.noreply.github.com> Co-authored-by: Martijn Verburg --- ansible/create-solaris-esxi.md | 88 ++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 ansible/create-solaris-esxi.md diff --git a/ansible/create-solaris-esxi.md b/ansible/create-solaris-esxi.md new file mode 100644 index 0000000000..4dc74050fa --- /dev/null +++ b/ansible/create-solaris-esxi.md @@ -0,0 +1,88 @@ +# Instructions for creating Solaris machines in ESXi + +## Creating the new machine template + +1. Login to https://esxi.adoptopenjdk.net. @gdams and @sxa have credentials if needed. +1. Click `Create / Register VM`. +1. Click `Create a new virtual machine`. +1. Select a name and guest OS: + - Name: Provide a hostname + - Compatibility: `ESXi 6.5 virtual machine`. + - Guest OS family: `Other`. + - Guest OS version: `Oracle Solaris 10 (64-bit)` +1. Leave the storage as `datastore1`. +1. Customize settings: + - CPU: Select `4` unless more is needed. + - Memory: Select `8GB` unless more is needed. + - Hard disk 1: Select a minimum of 120GB. + - Network Adapter 1: Ensure that `VM Network` is selected and the `Connect` box is ticked. + - CD/DVD Drive 1: Select `Datastore ISO file`, then select `sol-10-u11-ga-x86-dvd.iso`. +1. Click `Finish` + + +## First boot and Solaris Installation + +### System Identification + +1. Once the machine has been created, click on it and select the `Power on` option. +1. You should then be able to click the console screen in the left corner which should display the `GNU GRUB` loader. +1. `Oracle Solaris` should boot by default or you can hit the enter button. +1. Type `1` and then enter (Oracle Solaris Interactive default) +1. Select the keyboard layout (in my case `UK-English`) and then hit `F2` (Or `Escape` then `2` as an alternative. +1. Press Enter in the screen test shell. +1. Select a language (in my case `0`), then hit Enter. +1. Click `F2` for the next few screen using the default settings until you get to the hostname. +1. Set the hostname to match what you set the machine name is ESXi to be and then hit `F2`. +1. Set the IP address. The current block of IP's that we have is `147.75.85.208/29` (8 addresses) See the [inventory.yml](https://github.com/temurin-compliance/infrastructure/blob/master/ansible/inventory.yml) and the [temurin-compliance inventory](https://github.com/temurin-compliance/infrastructure/blob/master/ansible/inventory.yml) to find out which of those are already in use. +1. The system is part of a subnet so select `Yes` at the next screen. +1. Set the subnet mask as `255.255.255.248`. +1. Select `No` to IPv6 support. +1. For the default route, use the `Specify one` option and set it to be `147.75.85.209`. +1. Check the summary and hit `F2` to confirm the network settings. +1. Select `No` to Kerberos security. +1. For the name service, select `DNS`. +1. For the Domain name, type `adoptium.net`. +1. For the DNS Server Addresses, add the following IPs: + - 147.75.207.207 + - 147.75.207.208 +1. For the Search domain, you can enter nothing and hit `F2`. +1. The next screen will say there is a name service error. Ignore this and select `No` to entering new name service information. +1. Use the default options for NFSv4. +1. At the Time Zone screen, select the timezone as Europe (or wherever the machine is hosted). The select the country on the next page. +1. At the Root Password prompt, add a suitable root password (remember to write this down and ensure that someone changes it if they take ownership of the machine). +1. Select `Yes` for Enabling Remote services. +1. Unselect the option that asks about registering using My Oracle Support. + +### Solaris Interactive Installation + +1. Hit `F2` to do a Standard install. +1. Select `Install on a non-iSCSI target`. +1. Select `Automatically eject CD/DVD`. +1. Select `Auto Reboot`. +1. Select `CD/DVD` as the media source. +1. Accept the license and then set the Geographic Region. +1. Leave the locale as `POSIX C ( C )`. +1. Select `None` when it asks if you want to install Additional Products. +1. Select `ZFS` as the filesystem to use. +1. Select `Entire Disribution` as the software choice and select the only available disk device (which you created in ESXi). +1. Hit F2 to progress through the next couple of screens until you reach the summary page. Check the options and then hit `F2` to begin installation. +1. The Solaris Initial Install will run for a few minutes (now is the time to get a coffee). +1. Once the install has completed, you will see a sceen saying that the install is paused for 90 seconds. You need to eject the virtual disk in ESXi. If you still have the console window open you can click the `Actions` button in the top right corner, click `Edit settings` and change `CD/DVD Drive 1` back to be `Host Device`. Then click Save. You'll likely see a warning about the machine using the device, Click `Yes` and then `Answer`. +1. You can then type `c` to continue. The VM will now reboot and all being well, you should end up at a Solaris Login prompt. +1. Enter the root credentials that you created earlier and you'll be logged in. +1. You may see a prompt about `Starting a Desktop Login`. You want to cancel this by hitting `Enter`. (The Desktop doesn't work well until the VMWare Tools are installed.) + +### Enable root SSH login + +1. Before you can SSH into the machine, you'll need to change the SSH config file. Open `/etc/ssh/sshd_config` with `vi` and change the line `PermitRootLogin` to `yes`. Once changed, you need to restart the ssh service with `svcadm restart svc:/network/ssh:default`. + +### Install VMware Tools + +At this point the machine is essentially setup but, it's highly recommended to install the VMware Tools for monitoring. + +1. With the console window open you can click the `Actions` button in the top right corner. The hover over `Guest OS` in the dropdown and select `Install VMware Tools`. This will mount a disk drive on the machine which contains the executable. +1. Whilst in the home directory run the following command to extract the VMware Tools: `gunzip -c /cdrom/vmwaretools/vmware-solaris-tools.tar.gz | tar xf -`. +1. Start the installation process by running: `./vmware-tools-distrib/vmware-install.pl`. +1. Click enter several times accepting all the default options. +1. Enable Autostart on the machine by clicking `Actions` button in the top right corner. Hover over `Autostart` and select `Enable`. +1. Finally, reboot the machine and the installation is complete! From dc731c6696c8a8c87ff1aa6be3af98ecb2dbbe5a Mon Sep 17 00:00:00 2001 From: George Adams Date: Fri, 8 Mar 2024 08:51:37 +0000 Subject: [PATCH 25/35] unixPB: add risc-v jck machines to iptables (#3457) Co-authored-by: Martijn Verburg --- .../roles/jckservices_iptables/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml index 9430f42319..de74f61b86 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml @@ -74,6 +74,8 @@ - 207.254.73.168 # gn324-macos11-x86_64 - 207.254.28.13 # esmv4-macos11-arm64 - 207.254.28.99 # noh7B-macos12-arm64 + - 62.210.163.172 # jck-scaleway-ubuntu2310-riscv64-1 + - 62.210.163.106 # jck-scaleway-ubuntu2310-riscv64-2 - name: Setup iptables iptables: From cf61ec9de08552d80b8992fda888e65e01fa7962 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Stankiewicz?= Date: Fri, 8 Mar 2024 13:29:11 +0100 Subject: [PATCH 26/35] Decommission skytap AIX 7.1 machines (#3403) EF issue: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/4285 Signed-off-by: Pawel Stankiewicz --- .../roles/jckservices_iptables/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml index de74f61b86..97072bc632 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/jckservices_iptables/tasks/main.yml @@ -62,8 +62,6 @@ - 140.211.168.163 # jck-osuol-ubuntu2004-ppc64le-1 - 140.211.168.2 # jck-osuol-ubuntu2004-ppc64le-2 - 213.146.141.66 # jck-linaro-ubuntu2004-aarch64-2 - - 20.61.136.211 # jck-skytap-aix71-ppc64-1 - - 20.61.136.213 # jck-skytap-aix71-ppc64-2 - 20.61.222.79 # jck-skytap-aix72-ppc64-3 - 20.61.222.106 # jck-skytap-aix72-ppc64-4 - 12.202.69.3 # jck-siteox-solaris10u11-sparcv9-1 From f863eafc7525878215b82859a57b16550276f186 Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Fri, 8 Mar 2024 12:52:46 +0000 Subject: [PATCH 27/35] inventory: add Azure x64 awx.adoptium.net (#3422) Signed-off-by: Stewart X Addison --- ansible/inventory.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 84f2cdbde8..a30893aa3e 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -14,6 +14,7 @@ hosts: ubuntu2004-x64-1: {ip: 40.121.206.1, user: webmaster, description: jckservices.adoptium.net} ubuntu2204-x64-1: {ip: 172.187.163.163, user: adoptopenjdk, description: infra-wazuh-server} ubuntu2204-x64-2: {ip: 20.90.182.165, description: trss.adoptium.net} + ubuntu2204-x64-3: {ip: 172.187.93.97, description: awx.adoptium.net} - digitalocean: ubuntu2004-x64-1: {ip: 178.62.115.224, description: bastillion.adoptopenjdk.net} From 25a3db2f00797e82ded7d55307fb70d99fa8d013 Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Fri, 8 Mar 2024 15:10:32 +0000 Subject: [PATCH 28/35] github: Migrate Solaris Check To Ubuntu (#3458) * github: Migrate Solaris Check To Ubuntu Co-Authored-By: George Adams * refactor --------- Co-authored-by: George Adams Co-authored-by: George Adams --- .github/workflows/build_vagrant.yml | 63 ++++++++++++++++++----------- 1 file changed, 39 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml index 46f65fe18a..d92af98739 100644 --- a/.github/workflows/build_vagrant.yml +++ b/.github/workflows/build_vagrant.yml @@ -19,39 +19,53 @@ permissions: jobs: build-solaris: name: Solaris - runs-on: macos-12 + runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Install dependencies - run: | - brew install ansible + - name: Install Ansible + run: sudo apt-get install ansible + + - name: Install VirtualBox + run: sudo apt-get install virtualbox + + - name: Install Vagrant + run: sudo apt-get install vagrant + + - name: Cache Solaris10.box + id: solaris-10-cache + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 + with: + path: Solaris10.box + key: sol10boxcache - - name: Install Solaris 10 Box If Not Already Present + - name: Download Solaris 10 Box If Cache Misses + if: steps.solaris-10-cache.outputs.cache-hit != 'true' + run: wget https://ci.adoptium.net/userContent/vagrant/Solaris10.box.gz + + - name: Verify Checksum If Cache Misses + if: steps.solaris-10-cache.outputs.cache-hit != 'true' run: | - if [ `vagrant box list|grep ^solaris10|wc -l` -gt 0 ] + CKSUM=`shasum -a 256 ./Solaris10.box.gz|cut -d" " -f1` + if [ "$CKSUM" = "0879215f4bf03f5e125addb139d0b5a49a4f8a258297b765cf1f22a8a7ee3309" ] then - echo "Box Exists - Do Nothing" + echo "Checksum OK" else - echo "No Box - Download From Jenkins And Import" - wget https://ci.adoptium.net/userContent/vagrant/Solaris10.box.gz - CKSUM=`shasum -a 256 ./Solaris10.box.gz|cut -d" " -f1` - if [ "$CKSUM" = "0879215f4bf03f5e125addb139d0b5a49a4f8a258297b765cf1f22a8a7ee3309" ] - then - echo "Checksum OK" - gunzip Solaris10.box.gz - vagrant box add --name="solaris10" ./Solaris10.box - rm Solaris10.box - else - echo "Sum Bad" - exit 99; - fi + echo "Sum Bad" + exit 99; fi + - name: Extract Solaris10.box.gz If Cache Misses + if: steps.solaris-10-cache.outputs.cache-hit != 'true' + run: gunzip Solaris10.box.gz + + - name: Add Solaris 10 Box To Vagrant + run: vagrant box add --name="solaris10" ./Solaris10.box + - name: Setup Vagrant VM + working-directory: ansible run: | - cd ansible ln -sf vagrant/Vagrantfile.Solaris10 Vagrantfile rm -f id_rsa.pub id_rsa # Copy the machine's ssh key for the VMs to use, after removing prior files @@ -61,12 +75,13 @@ jobs: vagrantPORT=$(vagrant port | grep host | awk '{ print $4 }') rm -f playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx echo "[127.0.0.1]:${vagrantPORT}" >> playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx + [ ! -d $HOME/.ssh ] && mkdir $HOME/.ssh && chmod 700 $HOME/.ssh [ ! -r $HOME/.ssh/known_hosts ] && touch $HOME/.ssh/known_hosts && chmod 644 $HOME/.ssh/known_hosts + [ ! -d $HOME/.ansible ] && mkdir $HOME/.ansible ssh-keygen -R $(cat playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx) sed -i -e "s/.*hosts:.*/ hosts: all/g" playbooks/AdoptOpenJDK_Unix_Playbook/main.yml awk '{print}/^\[defaults\]$/{print "private_key_file = id_rsa"; print "timeout = 60"; print "remote_tmp = $HOME/.ansible/tmp"}' < ansible.cfg > ansible.cfg.tmp && mv ansible.cfg.tmp ansible.cfg - name: Run Ansible Playbook - run: | - cd ansible - ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx --ssh-common-args='-o StrictHostKeyChecking=no -o HostKeyAlgorithms=ssh-rsa' -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml + working-directory: ansible + run: ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx --ssh-common-args='-o HostKeyAlgorithms=ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 -o PubKeyAcceptedKeyTypes=ssh-rsa' -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml From 767e20e13da596c1a76c89ce967e5fcdafb95b45 Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Mon, 11 Mar 2024 08:36:22 +0000 Subject: [PATCH 29/35] doc: add note on backing up jenkins war file on upgrades (#3444) Signed-off-by: Stewart X Addison --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index dd573e6837..d5a5ba53e9 100644 --- a/README.md +++ b/README.md @@ -118,11 +118,11 @@ to do an out-of-bound patch if a sufficientl sever issue is identified. to identify any potential problems. Allow jenkins to upgrade itself 5. Redo step 1/2 so that any plugins that were unable to be updated due to the older jenkins level can update themselves. -6. If necessary, and the remediation cannot be performed within the window, - identify potentially risky plugins that were held back and create an issue - to deal with them in the next cycle. - -(TODO: Publish and link to video of an upgrade session) +6. If necessary, and the remediation cannot be performed within the + maintenance window, identify potentially risky plugins that were held + back and create an issue to deal with them in the next cycle. +7. Backup the main war in /usr/share/jenkins to a name with a version suffix + in case of corruption to the main jar. ### Backups From 5163c571bd003899a364b7c35152263640d146de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 09:46:00 +0000 Subject: [PATCH 30/35] build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 (#3465) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4a13e500e55cf31b7a5d59a38ab2040ab0f42f56...af5a7ed5ba88268d5278f7203fb52cd833f66d6e) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bbc493063b..9238511028 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,7 +39,7 @@ jobs: - name: Docker Build CentOS6 Image Test - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: file: ./ansible/docker/Dockerfile.CentOS6 build-args: git_sha=${{ github.sha }} @@ -50,7 +50,7 @@ jobs: if: github.ref != 'refs/heads/master' - name: Docker Build & Push Centos6 Image to Docker Hub On Merge - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: file: ./ansible/docker/Dockerfile.CentOS6 build-args: git_sha=${{ github.sha }} @@ -71,7 +71,7 @@ jobs: uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Docker Build Alpine3 Image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: file: ./ansible/docker/Dockerfile.Alpine3 build-args: git_sha=${{ github.sha }} From 86510da4a91ea52c2d24366cabdc53d55683532b Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Mon, 11 Mar 2024 15:25:35 +0000 Subject: [PATCH 31/35] Update installed JDKs to match current boot JDK requirements (#3073) * unixPB aixPB winPB: Update boot JDKs to match current requirements Signed-off-by: Stewart X Addison * Download JDK10 for windows from api.adoptopenjdk.net Signed-off-by: Stewart X Addison * unixPB: Update role to pull JDKs from api.adoptium for current releases Signed-off-by: Stewart X Addison * Use correct API for each JDK version Signed-off-by: Stewart X Addison * variable expansions at start of expression must be quoted Signed-off-by: Stewart X Addison * Fix OR conditional Signed-off-by: Stewart X Addison * fix conditional Signed-off-by: Stewart X Addison * syntax fixup Signed-off-by: Stewart X Addison * Final fixups, plus inclusing JDK21 where possible Signed-off-by: Stewart X Addison * Updates following linter failures Signed-off-by: Stewart X Addison * Fixups - testing Signed-off-by: Stewart X Addison * Fix AIX Signed-off-by: Stewart X Addison * Sort Windows Signed-off-by: Stewart X Addison * Solaris, riscv64 and CentO6 fixup Signed-off-by: Stewart X Addison * Update ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml Removing double space * Update ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml Lining up comment hashes. * Update ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml Lining up comment hashes. --------- Signed-off-by: Stewart X Addison Co-authored-by: Adam Farley --- .../roles/bootjdk/tasks/main.yml | 1 + .../roles/bootjdk/tasks/openjdk.yml | 49 ++++++++++------ .../AdoptOpenJDK_Unix_Playbook/main.yml | 13 ++--- .../roles/adoptopenjdk_install/tasks/main.yml | 56 ++++++++++++------- .../AdoptOpenJDK_Windows_Playbook/main.yml | 10 ++-- .../roles/Java_install/tasks/main.yml | 20 ++++++- 6 files changed, 96 insertions(+), 53 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml index 45dccace65..ad1e3ca31c 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/main.yml @@ -19,6 +19,7 @@ - '11' - '16' - '17' + - '21' - name: Set /usr/java8_64 as default file: diff --git a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml index c5ca659635..8349b9d065 100644 --- a/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml +++ b/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/bootjdk/tasks/openjdk.yml @@ -7,44 +7,57 @@ os_img: "aix/ppc64/jdk" heap: "normal" impl: "hotspot" - new_baseurl: "https://api.adoptium.net/v3/binary/latest" - new_vendor: "eclipse" - baseurl: "https://api.adoptopenjdk.net/v3/binary/latest" - vendor: "adoptopenjdk" - project: "{{ heap }}/{{ vendor }}?project=jdk" + adoptium_baseurl: "https://api.adoptium.net/v3/binary/latest" + adoptopenjdk_baseurl: "https://api.adoptopenjdk.net/v3/binary/latest" + adoptium_project: "{{ heap }}/eclipse?project=jdk" + adoptopenjdk_project: "{{ heap }}/adoptopenjdk?project=jdk" block: - name: Verify space in /usr include_tasks: chfs.yml - - name: Check for jdk {{ jdk }} availability + - name: Check for jdk {{ jdk }} availability in /usr/java{{ jdk }}_64 stat: - path: /usr/java{{ jdk }}_64 + path: /usr/java{{ jdk }}_64/bin/java register: java_installed - - name: Download JDK {{ jdk }} binary + - name: Download JDK {{ jdk }} binary from api.adoptopenjdk.net get_url: - url: "{{ baseurl }}/{{ jdk }}/ga/{{ os_img }}/{{ impl }}/{{ project }}" + url: "{{ adoptopenjdk_baseurl }}/{{ jdk }}/ga/{{ os_img }}/{{ impl }}/{{ adoptopenjdk_project }}" dest: /tmp/jdk{{ jdk }}.tar.gz mode: 0440 timeout: 25 retries: 3 delay: 5 when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists + - jdk == '10' or jdk == '16' # These are the only two we still use from adoptopenjdk API + register: openjdk + + - name: Download JDK {{ jdk }} binary from api.adoptium.net + get_url: + url: "{{ adoptium_baseurl }}/{{ jdk }}/ga/{{ os_img }}/{{ impl }}/{{ adoptium_project }}" + dest: /tmp/jdk{{ jdk }}.tar.gz + mode: 0440 + timeout: 25 + retries: 3 + delay: 5 + when: + - not java_installed.stat.exists + - not ( jdk == '10' or jdk == '16' ) register: openjdk - name: Get Signature File Link shell: curl -s 'https://api.adoptium.net/v3/assets/latest/{{ jdk }}/hotspot?architecture=ppc64&image_type=jdk&os=aix&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' when: - jdk != '10' and jdk != '16' - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists register: sig_output - name: GPG Signature verification script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/jdk{{ jdk }}.tar.gz -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - jdk != '10' and jdk != '16' - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - name: Install JDK {{ jdk }} binary unarchive: @@ -52,7 +65,7 @@ dest: /usr remote_src: yes when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - name: Report HTTP 404 message debug: @@ -66,7 +79,7 @@ path: /tmp/jdk{{ jdk }}.tar.gz state: absent when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists # jdk8 directories do not have a hyphen - name: Find java 8 directory @@ -75,7 +88,7 @@ paths: /usr patterns: 'jdk8u*' when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk == '8' register: java8_directory @@ -85,7 +98,7 @@ paths: /usr patterns: 'jdk-{{ jdk }}*' when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk != '8' register: java_directory @@ -98,7 +111,7 @@ with_items: - "{{ java8_directory.files }}" when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk == '8' - name: Symlink to java{{ jdk }}_64 @@ -109,7 +122,7 @@ with_items: - "{{ java_directory.files }}" when: - - java_installed.stat.isdir is not defined + - not java_installed.stat.exists - jdk != '8' # Defaults for BootJDK API # AdoptOpenJDK changes to Adoptium: diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index 750ed586a8..6fb692ee3e 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -113,23 +113,18 @@ when: - ansible_distribution != "Solaris" tags: build_tools - - role: adoptopenjdk_install # JDK19 Build Bootstrap - jdk_version: 18 + - role: adoptopenjdk_install # JDK21 Build Bootstrap + jdk_version: 20 when: - ansible_distribution != "Alpine" - ansible_distribution != "Solaris" - ansible_architecture != "riscv64" tags: build_tools - - role: adoptopenjdk_install # JDK20 Build Bootstrap - jdk_version: 19 - when: - - ansible_distribution != "Alpine" - - ansible_distribution != "Solaris" - tags: build_tools - role: adoptopenjdk_install # Current LTS jdk_version: 21 when: - - ansible_architecture == "riscv64" + - ansible_distribution != "Solaris" + - ansible_architecture != "armv7l" tags: build_tools - role: Nagios_Plugins # AdoptOpenJDK Infrastructure tags: [nagios_plugins, adoptopenjdk] diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml index 1082036599..d7e0c79261 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/adoptopenjdk_install/tasks/main.yml @@ -1,12 +1,28 @@ --- ############################################################## -# ansible install adoptopenjdk into /usr/lib/jvm/JDK_VERSION # +# ansible install adopt binary into /usr/lib/jvm/JDK_VERSION # ############################################################## # Conditions: # Check if target is installed # Proceed with installing to /usr/lib/jvm +- name: Use adoptium API if release is available at adoptium + set_fact: + api_url: https://api.adoptium.net + api_vendor: eclipse + when: + - jdk_version == 8 or jdk_version == 11 or ( jdk_version | int >= 17) + tags: adoptopenjdk_install + +- name: Use adoptopenjdk API if release is not supported by adoptium + set_fact: + api_url: https://api.adoptopenjdk.net + api_vendor: adoptopenjdk + when: + - jdk_version == 10 or jdk_version == 16 + tags: adoptopenjdk_install + - name: Set path variable when jdk_version == 8 set_fact: path: /usr/lib/jvm/jdk8 @@ -134,21 +150,21 @@ - ansible_distribution != "MacOSX" - not ((ansible_distribution == "RedHat" or ansible_distribution == "CentOS") and ansible_distribution_major_version == "6") - ansible_os_family != "Solaris" - - not (ansible_architecture == "riscv64" and (jdk_version == 21 or jdk_version == 19 or jdk_version == 17 or jdk_version == 11)) # Linux-riscv64 for JDK 11, 17, 19, 21 are special cased + - not (ansible_architecture == "riscv64" and (jdk_version == 21 or jdk_version == 20 or jdk_version == 19 or jdk_version == 17 or jdk_version == 11)) # Linux-riscv64 for JDK 11, 17, 19, 21 are special cased - adoptopenjdk_installed.rc != 0 tags: adoptopenjdk_install # Api does not return release information for JDK10 block: - name: Get Signature File Link (Linux/Alpine-Linux) - shell: curl -s 'https://api.adoptium.net/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor={{ api_vendor }}' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - not (jdk_version == 8 and ansible_architecture == "s390x") register: sig_output - name: Download latest release (Linux/Alpine-Linux) get_url: - url: https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk + url: "{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk" dest: /tmp/jdk{{ jdk_version }}.tar.gz mode: 0440 retries: 3 @@ -159,10 +175,10 @@ - name: GPG Signature verification (Linux/Alpine-Linux) script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/jdk{{ jdk_version }}.tar.gz -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - not (jdk_version == 8 and ansible_architecture == "s390x") - - name: Install latest release if one not already installed (Linux/Alpine-Linux) + - name: Install latest Adopt JDK{{ jdk_version }} if one not already installed (Linux/Alpine-Linux) unarchive: src: /tmp/jdk{{ jdk_version }}.tar.gz dest: /usr/lib/jvm @@ -305,7 +321,7 @@ tags: adoptopenjdk_install block: - name: Download latest JDK {{ jdk_version }} release (CentOS6) - command: wget -q 'https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk' -O /tmp/jdk{{ jdk_version }}.tar.gz + command: wget -q '{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/{{ platformLinux }}/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk' -O /tmp/jdk{{ jdk_version }}.tar.gz vars: ansible_python_interpreter: /usr/local/python2/bin/python2.7 retries: 3 @@ -314,15 +330,15 @@ until: adoptopenjdk_download is not failed - name: Get Signature File Link (CentOS6) - shell: curl -s 'https://api.adoptium.net/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/feature_releases/{{ jdk_version }}/ga?architecture={{ api_architecture }}&heap_size=normal&image_type=jdk&jvm_impl={{ bootjdk }}&os={{ platformLinux }}&page=0&page_size=1&project=jdk&vendor={{ api_vendor }}' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 register: sig_output - name: GPG Signature verification (CentOS6) script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/jdk{{ jdk_version }}.tar.gz -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - name: Install latest JDK {{ jdk_version }} release (CentOS6) unarchive: @@ -343,16 +359,16 @@ block: - name: Download latest JDK {{ jdk_version }} release (macOS) get_url: - url: https://api.adoptium.net/v3/installer/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/eclipse?project=jdk + url: "{{ api_url }}/v3/installer/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk" dest: /tmp/{{ jdk_version }}-installer.pkg register: adoptopenjdk_download until: adoptopenjdk_download is not failed when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - name: Download JDK10 tarball when installer is not available (macOS) unarchive: - src: https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk + src: "{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/mac/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk" remote_src: yes dest: /Library/Java/JavaVirtualMachines/ become: yes @@ -365,20 +381,20 @@ - jdk_version == 10 - name: Get Signature File Link (macOS) - shell: curl -s 'https://api.adoptium.net/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=mac&vendor=eclipse' | grep signature_link | grep pkg | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=mac&vendor={{ api_vendor }}' | grep signature_link | grep pkg | awk '{split($0,a,"\""); print a[4]}' when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 register: sig_output - name: GPG Signature verification (macOS) script: ../Supporting_Scripts/package_signature_verification.sh -f /tmp/{{ jdk_version }}-installer.pkg -sl "{{ sig_output.stdout }}" -k {{ key.adoptium }} when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 - name: Run installer for JDK {{ jdk_version }} (macOS) shell: sudo installer -pkg /tmp/{{ jdk_version }}-installer.pkg -target / when: - - jdk_version != 10 + - jdk_version != 10 and jdk_version != 16 # The boot JDK will be installed into a temurin directory. Playbooks, build and (possibly) test scripts will look for an adoptopenjdk directory # https://github.com/adoptium/infrastructure/issues/2281#issuecomment-1059322275 @@ -412,12 +428,12 @@ tags: adoptopenjdk_install block: - name: Download latest JDK {{ jdk_version }} release (Solaris) - command: wget https://api.adoptium.net/v3/binary/latest/{{ jdk_version }}/ga/solaris/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/eclipse?project=jdk -O /tmp/jdk-{{ jdk_version }}.tar.gz + command: wget {{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/solaris/{{ api_architecture }}/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk -O /tmp/jdk-{{ jdk_version }}.tar.gz register: adoptopenjdk_download until: adoptopenjdk_download is not failed - name: Get Signature File Link (Solaris) - shell: curl -s 'https://api.adoptium.net/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=solaris&vendor=eclipse' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' + shell: curl -s '{{ api_url }}/v3/assets/latest/{{ jdk_version }}/{{ bootjdk }}?architecture={{ api_architecture }}&image_type=jdk&os=solaris&vendor={{ api_vendor }}' | grep signature_link | awk '{split($0,a,"\""); print a[4]}' register: sig_output - name: GPG Signature verification (Solaris) diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml index c7e09c00db..afc10a15c5 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/main.yml @@ -59,12 +59,14 @@ jdk_version: 10 - role: Java_install # For Gradle jdk_version: 11 - - role: Java_install # JDK16 build bootstrap - jdk_version: 15 - - role: Java_install # JDK17 build bootstrap + - role: Java_install # Latest LTS, for use by agents jdk_version: 16 - - role: Java_install + - role: Java_install # Latest LTS, for use by agents jdk_version: 17 + - role: Java_install # Bootstrap for JDK21 + jdk_version: 20 + - role: Java_install # Latest LTS, for use by agents + jdk_version: 21 - ANT # Testing - role: MSVS_2013 when: ansible_architecture == "64-bit" diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml index f0eba7af35..6786ce4313 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/Java_install/tasks/main.yml @@ -8,9 +8,25 @@ register: java_installed tags: Java_install -- name: Download Java{{ jdk_version }} +- name: Use adoptium API if release is available at adoptium + set_fact: + api_url: api.adoptium.net + api_vendor: eclipse + when: + - jdk_version == '8' or jdk_version == '11' or ( jdk_version | int >= 17) + tags: adoptopenjdk_install + +- name: Use adoptopenjdk API if release is not supported by adoptium + set_fact: + api_url: api.adoptopenjdk.net + api_vendor: adoptopenjdk + when: + - jdk_version == 10 or jdk_version == 16 + tags: adoptopenjdk_install + +- name: Download Temurin JDK {{ jdk_version }} win_get_url: - url: https://api.adoptopenjdk.net/v3/binary/latest/{{ jdk_version }}/ga/windows/x64/jdk/{{ bootjdk }}/normal/adoptopenjdk?project=jdk + url: https://{{ api_url }}/v3/binary/latest/{{ jdk_version }}/ga/windows/x64/jdk/{{ bootjdk }}/normal/{{ api_vendor }}?project=jdk dest: 'C:\temp\jdk-{{ jdk_version }}.zip' when: not java_installed.stat.exists tags: Java_install From 87a42d0f15ba7f2c495e6c6de2f3e987461119d3 Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Mon, 11 Mar 2024 19:20:04 +0000 Subject: [PATCH 32/35] unixPB: do not install arm32 Temurin 20 (It does not exist) (#3466) Signed-off-by: Stewart X Addison --- ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index 6fb692ee3e..e43cf47b4e 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -119,6 +119,7 @@ - ansible_distribution != "Alpine" - ansible_distribution != "Solaris" - ansible_architecture != "riscv64" + - ansible_architecture != "armv7l" tags: build_tools - role: adoptopenjdk_install # Current LTS jdk_version: 21 From c770d3568ac410b0a3289463964634d229182706 Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Mon, 11 Mar 2024 23:33:07 +0000 Subject: [PATCH 33/35] doc: update FAQ with correct AQA custom target parameter (#3351) Signed-off-by: Stewart X Addison --- FAQ.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/FAQ.md b/FAQ.md index 447b8727ed..cc850474fb 100644 --- a/FAQ.md +++ b/FAQ.md @@ -208,8 +208,10 @@ is more information on running tests yourself in the A few examples that test specific pieces of infra-related functionality so useful to be aware of. These are the parameters to pass into a Grinder job in jenkins. If using -these from the command line as per the example above, the `TARGET` name -should have an underscore `_` prepended to it. +these from the command line instead of a Grinder job there are a couple of +things regarding the information in this table: +- The `TARGET` name should have an underscore `_` prepended to it (like the shell snippet above) +- For custom targets, specify it as a JDK_CUSTOM_TARGET variable to make e.g. `make _jdk_custom JDK_CUSTOM_TARGET=java/lang/invoke/lambda/LambdaFileEncodingSerialization.java` | `BUILD_LIST` | `TARGET` | `CUSTOM_TARGET` | What does it test? | | --- | --- | --- | --- | From a8a152ecccc2c1d4cc50a6cb67a559c89e273815 Mon Sep 17 00:00:00 2001 From: Stewart X Addison <6487691+sxa@users.noreply.github.com> Date: Mon, 11 Mar 2024 23:38:32 +0000 Subject: [PATCH 34/35] unixPB,winPB: install jq on Linux+Windows for SBoM parsing (#3460) Signed-off-by: Stewart X Addison --- .../roles/Common/tasks/CentOS.yml | 13 +++++++++++++ .../roles/Common/tasks/RedHat.yml | 7 ++++++- .../roles/Common/vars/Debian.yml | 1 + .../roles/Common/vars/Fedora.yml | 1 + .../roles/Common/vars/SLES.yml | 1 + .../roles/Common/vars/Ubuntu.yml | 1 + .../roles/cygwin/tasks/main.yml | 2 +- 7 files changed, 24 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml index 99907e2888..079cb95eb0 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/CentOS.yml @@ -113,6 +113,12 @@ - ! (ansible_distribution_major_version == "7" and ansible_architecture == "s390x") tags: build_tools +- name: Install jq for SBoM parsing for build reproducibility testing + package: "name=jq state=latest" + when: + - ansible_distribution_major_version > "7" + tags: test_tools + - name: Add devtools-2 to yum repo list for gcc 4.8 get_url: url: https://people.centos.org/tru/devtools-2/devtools-2.repo @@ -190,6 +196,13 @@ - ansible_distribution_major_version == "6" tags: build_tools +- name: Install jq for SBoM parsing for build reproducibility testing + package: "name=jq state=latest" + when: + - ansible_distribution_major_version != "6" + - ansible_distribution_major_version != "7" + tags: test_tools + ############################## # expat on CentOS on x86_64 # ############################## diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml index 46d5691c18..69268ba445 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/RedHat.yml @@ -16,7 +16,6 @@ - ansible_architecture == "x86_64" tags: patch_update - - name: Enable EPEL release for RHEL8 or RHEL6 or RHEL7 yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm failed_when: false @@ -110,6 +109,12 @@ - (ansible_distribution_major_version == "8") tags: build_tools +- name: Install jq for SBoM parsing for build reproducibility testing + package: "name=jq state=latest" + when: + - ansible_distribution_major_version > "7" + tags: test_tools + ################# # xorg Packages # ################# diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml index 0da7c701a1..28096f1d24 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml @@ -104,6 +104,7 @@ Test_Tool_Packages: - binfmt-support - qemu-user-static - gnutls-bin + - jq # For parsing SBoM during reproducibility tests - libnss3 - libnss3-dev - libnss3-tools diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml index f45d1ef322..149ab1d9d9 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml @@ -132,6 +132,7 @@ Test_Tool_Packages: - zlib-devel - perl-devel - expat-devel + - jq # For parsing SBoM during reproducibility tests - libcurl-devel - mercurial - gnutls diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml index ce8127ea30..0d8775b754 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml @@ -98,6 +98,7 @@ Test_Tool_Packages: - xorg-x11-server-extra - glibc-locale # Internationalization tests - gnutls + - jq # For parsing SBoM during reproducibility tests - mozilla-nss - mozilla-nss-devel - mozilla-nss-tools diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml index 81462d0ccc..b73ce02149 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml @@ -119,6 +119,7 @@ Test_Tool_Packages: - libexpat1-dev - libcurl4-openssl-dev - fakeroot + - jq # For parsing SBoM during reproducibility tests - gnutls-bin - libnss3 - libnss3-tools diff --git a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml index fec969b404..443bd11eec 100644 --- a/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Windows_Playbook/roles/cygwin/tasks/main.yml @@ -17,7 +17,7 @@ - name: Install Cygwin win_shell: | - Start-Process -Wait -FilePath 'C:\temp\cygwin.exe' -ArgumentList '--packages autoconf,automake,bsdtar,cmake,cpio,curl,gcc-core,git,gnupg,grep,libtool,make,mingw64-x86_64-gcc-core,perl,rsync,unzip,wget,zip --quiet-mode --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin/ --local-package-dir C:\cygwin_packages --root C:\cygwin64' + Start-Process -Wait -FilePath 'C:\temp\cygwin.exe' -ArgumentList '--packages autoconf,automake,bsdtar,cmake,cpio,curl,gcc-core,git,gnupg,grep,jq,libtool,make,mingw64-x86_64-gcc-core,perl,rsync,unzip,wget,zip --quiet-mode --download --local-install --delete-orphans --site https://mirrors.kernel.org/sourceware/cygwin/ --local-package-dir C:\cygwin_packages --root C:\cygwin64' args: executable: powershell when: not cygwin_installed.stat.exists From 9cc52b83482be76afb427ce7e31be2ed73fbcf48 Mon Sep 17 00:00:00 2001 From: George Adams Date: Tue, 12 Mar 2024 02:12:19 +0000 Subject: [PATCH 35/35] bump latest mac run to macos-14 (#3450) * github: bump latest mac run to macos-14 * fix variable lookup --------- Co-authored-by: Martijn Verburg --- .github/workflows/build_mac.yml | 2 +- .../AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml index 267ef23c3e..8c57eb9ae4 100644 --- a/.github/workflows/build_mac.yml +++ b/.github/workflows/build_mac.yml @@ -19,7 +19,7 @@ jobs: matrix: include: - os: [macos-11] - - os: [macos-13] + - os: [macos-14] steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml index 623b658855..4fdb4d88ef 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Xcode11/tasks/main.yml @@ -11,7 +11,7 @@ - name: Check if SAS variable is defined set_fact: apple_variables: yes - when: not xcode11_installed.stat.exists and XCode11.7_SAS_TOKEN is defined + when: not xcode11_installed.stat.exists and vars['XCode11.7_SAS_TOKEN'] is defined - name: Display Information when XCode11.7_SAS_TOKEN is not defined debug: