From 7da7d84421596ce7afcad4490985d14a1e592917 Mon Sep 17 00:00:00 2001 From: Bart Smykla Date: Tue, 17 Dec 2024 09:25:19 +0100 Subject: [PATCH] ci(github): update workflows to use ubuntu-24.04 runners (#12251) GitHub is upgrading the `ubuntu-latest` runners to `ubuntu-24.04`. We need to make sure our CI still works as expected. I also suggest pinning the runner image version instead of using `ubuntu-latest`. Signed-off-by: Bart Smykla --- .github/workflows/_build_publish.yaml | 13 +++++++++++-- .github/workflows/_test.yaml | 4 ++-- .github/workflows/auto-merge.yaml | 2 +- .github/workflows/bom.yaml | 2 +- .github/workflows/build-test-distribute.yaml | 6 +++--- .github/workflows/check.yaml | 6 ++++++ .github/workflows/ci-stability.yaml | 2 +- .github/workflows/codeql.yaml | 2 +- .github/workflows/merge-release-to-master.yaml | 2 +- .github/workflows/pr-comments.yaml | 2 +- .github/workflows/pr-merged.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/transparentproxy-tests.yaml | 2 +- .github/workflows/update-docs.yaml | 2 +- .github/workflows/update-insecure-dependencies.yaml | 4 ++-- 16 files changed, 35 insertions(+), 20 deletions(-) diff --git a/.github/workflows/_build_publish.yaml b/.github/workflows/_build_publish.yaml index de4d675c9394..a7c0a2d01e6b 100644 --- a/.github/workflows/_build_publish.yaml +++ b/.github/workflows/_build_publish.yaml @@ -44,7 +44,7 @@ env: jobs: build-binaries: timeout-minutes: 40 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: BINARY_ARTIFACT_DIGEST_BASE64: ${{ steps.inspect-binary-output.outputs.binary_artifact_digest_base64 }} steps: @@ -88,7 +88,11 @@ jobs: run: | make publish/pulp build-images: +<<<<<<< HEAD runs-on: ubuntu-22.04 # pining to this version until https://github.com/actions/runner-images/issues/10636#issuecomment-2397720931 has a better solution +======= + runs-on: ubuntu-24.04 +>>>>>>> 79dbceeef (ci(github): update workflows to use ubuntu-24.04 runners (#12251)) timeout-minutes: 30 strategy: fail-fast: false @@ -195,7 +199,12 @@ jobs: registry_password: ${{ secrets.DOCKER_API_KEY }} digest-images: needs: [build-images] +<<<<<<< HEAD runs-on: ubuntu-latest +======= + runs-on: ubuntu-24.04 + if: ${{ fromJSON(inputs.ALLOW_PUSH) }} +>>>>>>> 79dbceeef (ci(github): update workflows to use ubuntu-24.04 runners (#12251)) outputs: DIGESTS: ${{ steps.compute-digests.outputs.digests }} steps: @@ -213,7 +222,7 @@ jobs: publish-helm: needs: [build-images] timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: diff --git a/.github/workflows/_test.yaml b/.github/workflows/_test.yaml index 7bcb7bfaec70..8722d7fedd80 100644 --- a/.github/workflows/_test.yaml +++ b/.github/workflows/_test.yaml @@ -18,7 +18,7 @@ jobs: test_unit: timeout-minutes: 20 if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci/skip-test') }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: @@ -39,7 +39,7 @@ jobs: make test gen_e2e_matrix: timeout-minutes: 2 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: matrix: ${{ steps.generate-matrix.outputs.matrix }} steps: diff --git a/.github/workflows/auto-merge.yaml b/.github/workflows/auto-merge.yaml index ad0746171811..85e7e3b78c32 100644 --- a/.github/workflows/auto-merge.yaml +++ b/.github/workflows/auto-merge.yaml @@ -13,7 +13,7 @@ permissions: jobs: approve-and-auto-merge: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: contains(github.event.pull_request.labels.*.name, 'ci/auto-merge') permissions: pull-requests: write diff --git a/.github/workflows/bom.yaml b/.github/workflows/bom.yaml index d20159b5e27e..4d508d20bcf2 100644 --- a/.github/workflows/bom.yaml +++ b/.github/workflows/bom.yaml @@ -7,7 +7,7 @@ permissions: read-all jobs: sbom: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/build-test-distribute.yaml b/.github/workflows/build-test-distribute.yaml index 99406db288d0..e01e1c80c393 100644 --- a/.github/workflows/build-test-distribute.yaml +++ b/.github/workflows/build-test-distribute.yaml @@ -24,7 +24,7 @@ jobs: # golangci-lint-action checks: write timeout-minutes: 25 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 env: FULL_MATRIX: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'ci/run-full-matrix') }} ALLOW_PUSH: ${{ github.event_name == 'push' || contains(github.event.pull_request.labels.*.name, 'ci/force-publish') }} @@ -88,7 +88,7 @@ jobs: uses: ./.github/workflows/_test.yaml with: FULL_MATRIX: ${{ needs.check.outputs.FULL_MATRIX }} - RUNNERS_BY_ARCH: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) && '{"amd64":"ubuntu-latest-kong","arm64":"ubuntu-latest-arm64-kong"}' || '{"amd64":"ubuntu-latest","arm64":""}' }} + RUNNERS_BY_ARCH: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) && '{"amd64":"ubuntu-latest-kong","arm64":"ubuntu-latest-arm64-kong"}' || '{"amd64":"ubuntu-24.04","arm64":""}' }} secrets: inherit build_publish: permissions: @@ -127,7 +127,7 @@ jobs: needs: ["build_publish", "check", "test", "provenance"] timeout-minutes: 10 if: ${{ always() }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: read actions: read # For getting workflow run info diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml index 8a9971af8e8b..1848951488ec 100644 --- a/.github/workflows/check.yaml +++ b/.github/workflows/check.yaml @@ -12,7 +12,13 @@ permissions: jobs: commit-lint: timeout-minutes: 10 +<<<<<<< HEAD runs-on: ubuntu-latest +======= + runs-on: ubuntu-24.04 + permissions: + pull-requests: write +>>>>>>> 79dbceeef (ci(github): update workflows to use ubuntu-24.04 runners (#12251)) steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Check PR title diff --git a/.github/workflows/ci-stability.yaml b/.github/workflows/ci-stability.yaml index c55b78d1c0aa..89069ee3840d 100644 --- a/.github/workflows/ci-stability.yaml +++ b/.github/workflows/ci-stability.yaml @@ -18,7 +18,7 @@ env: GH_EMAIL: "<41898282+github-actions[bot]@users.noreply.github.com>" jobs: trigger-ci: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Generate GitHub app token id: github-app-token diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 808fe4a5e3dc..e44c296c19ca 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -9,7 +9,7 @@ jobs: analyze: timeout-minutes: 30 name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: actions: read contents: read diff --git a/.github/workflows/merge-release-to-master.yaml b/.github/workflows/merge-release-to-master.yaml index 003d51fe777f..afb176efc4f3 100644 --- a/.github/workflows/merge-release-to-master.yaml +++ b/.github/workflows/merge-release-to-master.yaml @@ -11,7 +11,7 @@ permissions: contents: read jobs: release: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: diff --git a/.github/workflows/pr-comments.yaml b/.github/workflows/pr-comments.yaml index 0a6073143414..e7f02f572d75 100644 --- a/.github/workflows/pr-comments.yaml +++ b/.github/workflows/pr-comments.yaml @@ -12,7 +12,7 @@ jobs: pr_comments: timeout-minutes: 30 if: github.event.issue.pull_request != '' && (contains(github.event.comment.body, '/format') || contains(github.event.comment.body, '/golden_files')) - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Generate GitHub app token id: github-app-token diff --git a/.github/workflows/pr-merged.yaml b/.github/workflows/pr-merged.yaml index 79f9c400d33d..6ffe04524df4 100644 --- a/.github/workflows/pr-merged.yaml +++ b/.github/workflows/pr-merged.yaml @@ -15,7 +15,7 @@ jobs: timeout-minutes: 10 if: github.event_name != 'pull_request_target' || github.event.pull_request.merged name: "Notify about merged PR" - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: "Send repository dispatch event" uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index febcf833d5af..a27880352d97 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,7 @@ permissions: jobs: release: timeout-minutes: 30 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 148ac9aa60fd..8e5e88f79110 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -14,7 +14,7 @@ jobs: analysis: timeout-minutes: 10 name: Scorecard analysis - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write diff --git a/.github/workflows/transparentproxy-tests.yaml b/.github/workflows/transparentproxy-tests.yaml index ad4977fc2948..b2cc38be6eb4 100644 --- a/.github/workflows/transparentproxy-tests.yaml +++ b/.github/workflows/transparentproxy-tests.yaml @@ -11,7 +11,7 @@ permissions: jobs: test: timeout-minutes: 60 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: diff --git a/.github/workflows/update-docs.yaml b/.github/workflows/update-docs.yaml index 387171a79c20..dd9abb484445 100644 --- a/.github/workflows/update-docs.yaml +++ b/.github/workflows/update-docs.yaml @@ -21,7 +21,7 @@ permissions: jobs: generate-docs: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: diff --git a/.github/workflows/update-insecure-dependencies.yaml b/.github/workflows/update-insecure-dependencies.yaml index 3d35c0f08a2d..d4027ba95cb0 100644 --- a/.github/workflows/update-insecure-dependencies.yaml +++ b/.github/workflows/update-insecure-dependencies.yaml @@ -7,7 +7,7 @@ permissions: read-all jobs: build-matrix: timeout-minutes: 10 - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 outputs: branches: ${{ steps.generate-matrix.outputs.branches }} steps: @@ -28,7 +28,7 @@ jobs: fail-fast: false matrix: branch: ${{ fromJSON(needs.build-matrix.outputs.branches) }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Set Swap Space uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c