diff --git a/.github/workflows/_build_publish.yaml b/.github/workflows/_build_publish.yaml index 953bbff757a1..7bfef7f45ac0 100644 --- a/.github/workflows/_build_publish.yaml +++ b/.github/workflows/_build_publish.yaml @@ -44,7 +44,7 @@ env: jobs: build-binaries: timeout-minutes: 40 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: BINARY_ARTIFACT_DIGEST_BASE64: ${{ steps.inspect-binary-output.outputs.binary_artifact_digest_base64 }} steps: @@ -88,7 +88,11 @@ jobs: run: | make publish/pulp build-images: +<<<<<<< HEAD runs-on: ubuntu-22.04 # pining to this version since we use older base image for kuma-init and we don't want to change it since it can break users environment +======= + runs-on: ubuntu-24.04 +>>>>>>> 79dbceeef (ci(github): update workflows to use ubuntu-24.04 runners (#12251)) timeout-minutes: 30 strategy: fail-fast: false @@ -195,7 +199,12 @@ jobs: registry_password: ${{ secrets.DOCKER_API_KEY }} digest-images: needs: [build-images] +<<<<<<< HEAD runs-on: ubuntu-latest +======= + runs-on: ubuntu-24.04 + if: ${{ fromJSON(inputs.ALLOW_PUSH) }} +>>>>>>> 79dbceeef (ci(github): update workflows to use ubuntu-24.04 runners (#12251)) outputs: DIGESTS: ${{ steps.compute-digests.outputs.digests }} steps: @@ -213,7 +222,7 @@ jobs: publish-helm: needs: [build-images] timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: diff --git a/.github/workflows/_test.yaml b/.github/workflows/_test.yaml index 852cc98c2763..6c430dd6605a 100644 --- a/.github/workflows/_test.yaml +++ b/.github/workflows/_test.yaml @@ -18,7 +18,7 @@ jobs: test_unit: timeout-minutes: 20 if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci/skip-test') }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: @@ -39,7 +39,7 @@ jobs: make test gen_e2e_matrix: timeout-minutes: 2 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: matrix: ${{ steps.generate-matrix.outputs.matrix }} steps: diff --git a/.github/workflows/auto-merge.yaml b/.github/workflows/auto-merge.yaml index 51f3bdc5c18a..531df5681655 100644 --- a/.github/workflows/auto-merge.yaml +++ b/.github/workflows/auto-merge.yaml @@ -13,7 +13,7 @@ permissions: jobs: approve-and-auto-merge: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: contains(github.event.pull_request.labels.*.name, 'ci/auto-merge') permissions: pull-requests: write diff --git a/.github/workflows/bom.yaml b/.github/workflows/bom.yaml index a22354b26adb..b627963c9243 100644 --- a/.github/workflows/bom.yaml +++ b/.github/workflows/bom.yaml @@ -7,7 +7,7 @@ permissions: read-all jobs: sbom: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 diff --git a/.github/workflows/build-test-distribute.yaml b/.github/workflows/build-test-distribute.yaml index 724d427db758..8823768d1ca8 100644 --- a/.github/workflows/build-test-distribute.yaml +++ b/.github/workflows/build-test-distribute.yaml @@ -24,7 +24,7 @@ jobs: # golangci-lint-action checks: write timeout-minutes: 25 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 env: FULL_MATRIX: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'ci/run-full-matrix') }} ALLOW_PUSH: ${{ github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'ci/force-publish') }} @@ -89,7 +89,11 @@ jobs: uses: ./.github/workflows/_test.yaml with: FULL_MATRIX: ${{ needs.check.outputs.FULL_MATRIX }} +<<<<<<< HEAD RUNNERS_BY_ARCH: ${{ (github.event_name == 'push' || github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) && '{"amd64":"ubuntu-latest-kong","arm64":"ubuntu-latest-arm64-kong"}' || '{"amd64":"ubuntu-latest","arm64":""}' }} +======= + RUNNERS_BY_ARCH: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) && '{"amd64":"ubuntu-latest-kong","arm64":"ubuntu-latest-arm64-kong"}' || '{"amd64":"ubuntu-24.04","arm64":""}' }} +>>>>>>> 79dbceeef (ci(github): update workflows to use ubuntu-24.04 runners (#12251)) secrets: inherit build_publish: permissions: @@ -128,7 +132,7 @@ jobs: needs: ["build_publish", "check", "test", "provenance"] timeout-minutes: 10 if: ${{ always() }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: write actions: read # For getting workflow run info diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml index 056a24adcb70..c6e2cb1febcb 100644 --- a/.github/workflows/check.yaml +++ b/.github/workflows/check.yaml @@ -12,7 +12,13 @@ permissions: jobs: commit-lint: timeout-minutes: 10 +<<<<<<< HEAD runs-on: ubuntu-latest +======= + runs-on: ubuntu-24.04 + permissions: + pull-requests: write +>>>>>>> 79dbceeef (ci(github): update workflows to use ubuntu-24.04 runners (#12251)) steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: Check PR title diff --git a/.github/workflows/ci-stability.yaml b/.github/workflows/ci-stability.yaml new file mode 100644 index 000000000000..55b148cc1f31 --- /dev/null +++ b/.github/workflows/ci-stability.yaml @@ -0,0 +1,82 @@ +name: Check CI stability for PRs with "ci/verify-stability" or "ci/verify-stability-merge-master" label + +on: + schedule: + # Monday to Friday: Every 2 hours from 7 PM to 7 AM CEST + - cron: "0 17 * * 1-5" + - cron: "0 19 * * 1-5" + - cron: "0 21 * * 1-5" + - cron: "0 23 * * 1-5" + - cron: "0 1 * * 2-6" + - cron: "0 3 * * 2-6" + - cron: "0 5 * * 2-6" + # Saturday and Sunday: Every 2 hours all day + - cron: "0 */2 * * 6,0" + workflow_dispatch: # Allows manual trigger from GitHub Actions UI +env: + GH_USER: "github-actions[bot]" + GH_EMAIL: "<41898282+github-actions[bot]@users.noreply.github.com>" +jobs: + trigger-ci: + runs-on: ubuntu-24.04 + steps: + - name: Generate GitHub app token + id: github-app-token + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + token: ${{ steps.github-app-token.outputs.token }} + - name: Get open pull requests and save to file + run: | + gh pr list --json number,labels > open_prs.json + env: + GITHUB_TOKEN: ${{ steps.github-app-token.outputs.token }} + - name: Process PRs + id: process_prs + run: | + cat open_prs.json + pr_numbers_with_verify_stability=$(jq -r -c '.[] | select(.labels[]?.name == "ci/verify-stability") | .number' open_prs.json | tr '\n' ' ') + pr_numbers_with_verify_stability_merge_master=$(jq -r '.[] | select(.labels[]?.name == "ci/verify-stability-merge-master") | .number' open_prs.json | tr '\n' ' ') + echo "PRs with 'ci/verify-stability' label: $pr_numbers_with_verify_stability" + echo "PRs with 'ci/verify-stability-merge-master' label: $pr_numbers_with_verify_stability_merge_master" + echo "pr_numbers_with_verify_stability=$pr_numbers_with_verify_stability" >> $GITHUB_OUTPUT + echo "pr_numbers_with_verify_stability_merge_master=$pr_numbers_with_verify_stability_merge_master" >> $GITHUB_OUTPUT + env: + GITHUB_TOKEN: ${{ steps.github-app-token.outputs.token }} + - name: Merge master branch (if applicable) and push a single commit + if: steps.process_prs.outputs.pr_numbers_with_verify_stability != '' + run: | + eval "pr_numbers=(${{ steps.process_prs.outputs.pr_numbers_with_verify_stability }})" + for pr_number in $pr_numbers; do + current_datetime=$(date +"%Y-%m-%d %H:%M:%S") + echo "Processing PR #$pr_number" + + # Fetch PR details to get the base branch (original branch name) + pr_branch=$(gh pr view $pr_number --json headRefName --jq '.headRefName') + echo "The original branch for PR #$pr_number is $pr_branch" + git fetch origin pull/$pr_number/head:$pr_branch + git checkout $pr_branch + + git config user.name "${GH_USER}" + git config user.email "${GH_EMAIL}" + + # Check if the PR needs to merge with master + if echo "${{ steps.process_prs.outputs.pr_numbers_with_verify_stability_merge_master }}" | grep -wq "$pr_number"; then + echo "Merging master into PR #$pr_number" + git fetch origin master + git merge origin/master --no-ff --no-commit + git commit --allow-empty -m "Merge master into PR #$pr_number" + fi + + # Commit an empty commit to trigger the CI + echo "Pushing empty commit to trigger CI for PR #$pr_number on $current_datetime" + git commit --allow-empty -m "Trigger CI for PR #$pr_number on $current_datetime" + git push origin $pr_branch + done + env: + GITHUB_TOKEN: ${{ steps.github-app-token.outputs.token }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 095254f18396..3028906eec9d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -9,7 +9,7 @@ jobs: analyze: timeout-minutes: 30 name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: actions: read contents: read diff --git a/.github/workflows/merge-release-to-master.yaml b/.github/workflows/merge-release-to-master.yaml new file mode 100644 index 000000000000..f9d3d7af3b4a --- /dev/null +++ b/.github/workflows/merge-release-to-master.yaml @@ -0,0 +1,70 @@ +name: "Merge release to master" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false +on: + push: + branches: ["release-*"] + workflow_dispatch: {} +permissions: + contents: read +jobs: + release: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + with: + ref: "master" + fetch-depth: 0 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version-file: go.mod + - run: | + make dev/tools + - run: | + git config --global user.email "110050114+kumahq[bot]@users.noreply.github.com" + git config --global user.name "kumahq[bot]" + - id: latest-branch + run: | + echo "branch=$(make dev/print-latest-release-branch)" >> $GITHUB_OUTPUT + - run: | + if [[ "refs/heads/${{ steps.latest-branch.outputs.branch }}" == "${{ github.ref }}" ]]; then + make dev/merge-release + fi + - id: commit-changes + run: | + git status + # "git merge HEAD" is the way to check if merge is in progress + if git merge HEAD &> /dev/null; then + echo "skipping commit" + echo "changes=skipped" >> $GITHUB_OUTPUT + else + echo "commit changes" + git commit -s -m "chore(merge): ${{ steps.latest-branch.outputs.branch }} branch to master" + echo "changes=committed" >> $GITHUB_OUTPUT + fi + - name: Generate GitHub app token + id: github-app-token + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + - name: "Create Pull Request" + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + if: steps.commit-changes.outputs.changes == 'committed' + with: + commit-message: "chore(merge): ${{ steps.latest-branch.outputs.branch }} branch to master" + signoff: true + branch: chore/merge-release-to-master + base: master + delete-branch: true + title: "chore(merge): ${{ steps.latest-branch.outputs.branch }} branch to master" + draft: false + token: ${{ steps.github-app-token.outputs.token }} + committer: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com> + author: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com> + body: | + **Do NOT squash on merging.** Allow merge commit first in the [repository settings](https://github.com/${{ github.repository }}/settings). + + Generated by [action](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) diff --git a/.github/workflows/pr-comments.yaml b/.github/workflows/pr-comments.yaml index 2da2d1583b47..5a8142edc8e4 100644 --- a/.github/workflows/pr-comments.yaml +++ b/.github/workflows/pr-comments.yaml @@ -12,7 +12,7 @@ jobs: pr_comments: timeout-minutes: 30 if: github.event.issue.pull_request != '' && (contains(github.event.comment.body, '/format') || contains(github.event.comment.body, '/golden_files')) - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Generate GitHub app token id: github-app-token diff --git a/.github/workflows/pr-merged.yaml b/.github/workflows/pr-merged.yaml index 79f9c400d33d..6ffe04524df4 100644 --- a/.github/workflows/pr-merged.yaml +++ b/.github/workflows/pr-merged.yaml @@ -15,7 +15,7 @@ jobs: timeout-minutes: 10 if: github.event_name != 'pull_request_target' || github.event.pull_request.merged name: "Notify about merged PR" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: "Send repository dispatch event" uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 66b0e714d7da..2a4e9ac8f987 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,7 @@ permissions: jobs: release: timeout-minutes: 30 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4bb4d1d3dcaa..2032ed0d572d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -14,7 +14,7 @@ jobs: analysis: timeout-minutes: 10 name: Scorecard analysis - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write diff --git a/.github/workflows/transparentproxy-tests.yaml b/.github/workflows/transparentproxy-tests.yaml index a257795a60f0..0853d55ca6c2 100644 --- a/.github/workflows/transparentproxy-tests.yaml +++ b/.github/workflows/transparentproxy-tests.yaml @@ -11,7 +11,7 @@ permissions: jobs: test: timeout-minutes: 60 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: diff --git a/.github/workflows/update-docs.yaml b/.github/workflows/update-docs.yaml index 5f4b06a1c072..358ac6766b7a 100644 --- a/.github/workflows/update-docs.yaml +++ b/.github/workflows/update-docs.yaml @@ -21,7 +21,7 @@ permissions: jobs: generate-docs: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: diff --git a/.github/workflows/update-insecure-dependencies.yaml b/.github/workflows/update-insecure-dependencies.yaml index 0c4daffbaa09..ff2131708b92 100644 --- a/.github/workflows/update-insecure-dependencies.yaml +++ b/.github/workflows/update-insecure-dependencies.yaml @@ -7,7 +7,7 @@ permissions: read-all jobs: build-matrix: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: branches: ${{ steps.generate-matrix.outputs.branches }} steps: @@ -28,7 +28,7 @@ jobs: fail-fast: false matrix: branch: ${{ fromJSON(needs.build-matrix.outputs.branches) }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Set Swap Space uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c