Commit Graph

50 Commits

Author SHA1 Message Date
Anders Kaseorg a8d72115eb ci: Fix custom database name test.
Caught by actionlint.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-30 17:33:37 -07:00
Varun Sharma 6cdf2853ff
ci: Limit GitHub token permissions for workflows.
This limits the ability for an Action to do mischief with this token.

Fixes #22786.

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-08-29 17:12:55 -07:00
Alex Vandiver f8e2d652e1 ci: Test upgrades from the minimum of each major version, not the max. 2022-07-16 10:43:40 -07:00
Anders Kaseorg acff0879e7 ci: Avoid duplicate GitHub Actions runs for push, pull_request.
We’ve always been running CI on both push events and pull_request
events, which means it runs twice for commits that are pushed to a
pull request.

Filter the push events by branch name.  Add the workflow_dispatch
event in case developers want to manually run CI on some other branch
that isn’t a pull request.

https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 17:31:07 -07:00
Anders Kaseorg 27fa91066c ci: Update GitHub Actions dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 15:54:46 -07:00
Anders Kaseorg 4a11642cee ci: Replace cancel-previous-runs job with concurrency configuration.
Using ‘github.head_ref || github.run_id’ makes this only cancel
in-progress jobs for pull_request events.

https://docs.github.com/en/actions/using-jobs/using-concurrency

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 13:08:06 -07:00
Alex Vandiver 91379fd67e ci: Update upgrade test to 5.3, from 5.2. 2022-06-21 17:40:33 -07:00
Alex Vandiver bf562f8fff ci: Update upgrade test to 5.2, from 5.1. 2022-05-04 11:37:15 -07:00
Anders Kaseorg e952641013 install: Resupport Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-05-03 09:41:08 -07:00
Anders Kaseorg e8e0b045fc Revert "ci: Remove actions/cache@v2 steps from run due to failures."
This reverts commit ae24fe69ed.

The problem was fixed by GitHub.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-29 14:03:12 -07:00
Lauryn Menard ae24fe69ed
ci: Remove actions/cache@v2 steps from run due to failures.
Comments out the steps in 'Create cache directories' that use
`actions/cache@2` so that the CI and production build can pass
while Github support issue is processed.

See https://github.com/actions/cache/issues/794 for an upstream report.
2022-04-29 10:14:51 -07:00
Anders Kaseorg a543dcc8e3 Remove Debian 10 support.
As a consequence:

• Bump minimum supported Python version to 3.8.
• Move Vagrant environment to Ubuntu 20.04, which has Python 3.8.
• Move CI frontend tests to Ubuntu 20.04.
• Move production build test to Ubuntu 20.04.
• Move 3.4 upgrade test to Ubuntu 20.04.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-26 16:32:02 -07:00
Alex Vandiver e2a3fe0930 ci: Test upgrades from 3.x, 4.x and 5.x. 2022-04-08 17:10:03 -07:00
Alex Vandiver d150236217 ci: Test upgrades from 4.11. 2022-03-15 16:00:02 -07:00
Anders Kaseorg 3848050456 ci: Temporarily disable Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-02 16:00:35 -08:00
Alex Vandiver 62f4f3435f ci: Test upgrades from 4.10. 2022-02-25 16:28:33 -08:00
Anders Kaseorg 894a50b5c9 install: Support Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-25 14:49:07 -08:00
Anders Kaseorg b3260bd610 docs: Use Debian and Ubuntu version numbers over development codenames.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-23 12:04:24 -08:00
Alex Vandiver 2fc156e556 ci: Cache with the OS name, not the job name.
The job name is just the constant `production_build`.  Renaming it to
have the OS in the key ensures that it is not shared across OS'es (for
instance between `4.x` and `main`, which are now bionic and buster,
respectively), and also allows it to share caches with the install
step, which uses the OS name in that place.
2022-01-24 14:29:49 -08:00
Anders Kaseorg a58a71ef43 Remove Ubuntu 18.04 support.
As a consequence:

• Bump minimum supported Python version to 3.7.
• Move Vagrant environment to Debian 10, which has Python 3.7.
• Move CI frontend tests to Debian 10.
• Move production build test to Debian 10.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 17:26:14 -08:00
Anders Kaseorg d035efd467 ci: Test upgrade-postgresql on Ubuntu 20.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 17:26:14 -08:00
Alex Vandiver 71b56f7c1c puppet: process_fts_updates connects as nagios (or provided username).
It should not use the configured zulip username, but should instead
pull from the login user (likely `nagios`), or an explicit alternate
provided PostgreSQL username.  Failure to do so results in Nagios
failures because the `nagios` login does not have permissions to
authenticated the `zulip` PostgreSQL user.

This requires CI changes, as the install tests install as the `zulip`
login username, which allowed Nagios tests to pass previously; with
the custom database and username, however, they must be passed to
process_fts_updates explicitly when validating the install.
2021-12-14 14:48:53 -08:00
Alex Vandiver a751d3a6ff ci: Refactor --test-custom-db to be an argument, not a command. 2021-12-14 14:48:53 -08:00
Alex Vandiver 0ae375e0f9 ci: Test upgrades from the latest minor release. 2021-11-25 08:00:34 -08:00
Alex Vandiver 4f1f8d8f6e ci: Remove an unnecessary and incorrect is_focal tag. 2021-11-25 08:00:34 -08:00
Alex Vandiver 73055255bb ci: Test pgroonga installation. 2021-11-20 07:13:50 -08:00
Alex Vandiver c9ebccdf70 ci: Update outdated comments to generated Dockerfiles.
These were missed in the doc updates in d78723b6e8, which were for
behavior changes in 16067bc4fc.
2021-11-05 15:45:46 -07:00
Alex Vandiver a1d22cc7fa ci: Run production tests when files mentioning zilencer are changed.
Production installs do not use the zilencer application, but the tests
do include it; as such, changes to any files which reference zilencer
are more likely to pass tests but fail production installs.

Run production tests when those files are changed.
2021-10-20 16:53:11 -07:00
Tim Abbott aa651f75c1 ci: Adjust when production suite is run.
We make a few adjustments:
* We now run full CI whenever pushing to master. It's cheap enough
  that it's worth getting accurate signal.
* We now don't run production tests on PRs for changes to JavaScript/CSS
  in static/ that don't also affect the webpack configuration.
* We sort the list of paths that trigger tests.
2021-07-30 15:32:23 -07:00
Alex Vandiver 2daad58afa ci: Use an init process to reap defunct processes.
When Github Actions run in Docker, the default pid 1 entrypoint is
`tail -f /dev/null`.  PID 1 is responsible for propagating signals to
its children, and calling `waitpid()` on defunct processes; `tail`
does not do these things.  This results in zombie processes piling up
inside the container, which is not an issue in most contexts.

However, it affects `start-stop-daemon`, which hangs when stopping
daemon processes, as they are never reaped.  This appears in CI as
`/etc/init.d/supervisor restart` never being able to succeed.

Run the docker container with `--init`, which spawns a
`/sbin/docker-init` PID 1 to handle the job of an init process.
2021-07-22 14:09:01 -07:00
Alex Vandiver d78723b6e8 ci: Update outdated comments, documentation and gitignore.
Use of `Dockerfile.template` and generated `tools/ci/images/` was
removed in 16067bc4fc.
2021-07-22 14:09:01 -07:00
Gaurav Pandey 9282956f19 upgrade-check: Add create cache directory step.
Create cache directories for the upgrade check
in the production-suite.
2021-07-05 09:55:38 -07:00
Gaurav Pandey e648ad3477 ci: Add prod upgrade step to prod suite.
This adds a check in the current production suite of
CI that upgrades a previous release of zulip server
with a newer one.

Fixes #18346.
2021-06-21 10:15:24 -07:00
Adam Birds 9aab03654e ci: Update CI to test once with custom db name and user.
Update CI to test once with a custom db name and user so we can test
both scenarios of a custom dbname/user and the default "zulip".
2021-05-25 13:56:05 -07:00
Tim Abbott 3af0485d84 ci: Unpack installation tarball under /root/.
This ensures that we exercise the fact that the Zulip installer may be
unpacked to a directory that may not be world-readable.

bc45525369 fixed a recent regression in
this behavior that would have been caught by this commit.
2021-05-14 14:31:00 -07:00
Anders Kaseorg 405bc8dabf requirements: Remove Thumbor.
Thumbor and tc-aws have been dragging their feet on Python 3 support
for years, and even the alphas and unofficial forks we’ve been running
don’t seem to be maintained anymore.  Depending on these projects is
no longer viable for us.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-06 20:07:32 -07:00
Gaurav Pandey 303e7b9701 ci: Add Debian bullseye to production test suite. 2021-04-15 21:38:31 -07:00
Tim Abbott ad2e7dcba3 ci: Add comments documenting building base images. 2021-04-13 10:33:47 -07:00
Alex Vandiver 0023d561dd ci: Switch to hosting the CI images under Zulip on Dockerhub. 2021-03-31 16:54:34 -07:00
Aman Agrawal 837736001d ci: Use latest containers for running production tests.
This should have been a part of
da80895249 where the containers
were originally created.
2021-03-30 07:54:41 -07:00
Anders Kaseorg 056b715765 ci: Remove 2>&1 redirection.
We had used 2>&1 to redirect stderr to stdout so it could be piped
into ts, but commit dd3cdd6ec5 (#17611)
removed ts, so we no longer need the redirection.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-29 14:52:06 -07:00
Gaurav Pandey 371cdf9dc1 production_suite: Add debian production install to production suite.
We support Debian as an OS for setting up the Zulip server. But the CI
does not run on pull request to test the setting up of the server on
Debian. Hence, add the check to CI.
2021-03-28 16:04:03 -07:00
Aman Agrawal dd3cdd6ec5 github_actions: Stop logging timestamp.
Timestamps are logged automatically by GitHub Actions and can be
made visible using log settings easily. Hence we remove the
unnecessary timestamps here to make the logs look much cleaner.
2021-03-16 15:11:21 -07:00
Aman Agrawal 80268c52df ci: Notify in zulip when a build fails in GitHub Actions.
We use the circleci integration which already has a nice setup
for sending messages when triggered to send the build failure
notification.
2021-02-26 08:29:56 -08:00
Tim Abbott b6ec66e972 github: Enable retention periods for uploaded artifacts.
This prevents Zulip CI from eventually consuming large amounts of
storage on one's GitHub account.

I picked a longer retention period for the Puppeteer artifacts because
humans look at those; the production tarballs are unlikely to be used
10 minutes after the run completes as they are just for the next stage
fo the build; certainly 14 days seems ample for any debugging.
2020-11-03 16:36:26 -08:00
Anders Kaseorg 72d6ff3c3b docs: Fix more capitalization issues.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 11:46:55 -07:00
Priyank Patel 9504d403b3 github-actions: Fix incorrect hash key in production install job.
The hash keys were missing hash for package.json and yarn.lock
because they were not present since we don't do a full checkout
in this job. We fix this by sending over those files and generating
hashes from them.

I usally verify these cache keys by clicking the Restore <cache>
step dropdown menu and then clicking the Run ... dropdown menu again
to see the generated hash.
2020-08-03 12:37:20 -07:00
Priyank Patel 07b79833a9 github-actions: Only run production suite on production related updates.
The production suite will only run if anything under puppet,
scripts, and tools or any migrations are updated. The '**' glob
means it includes subdirectory updates. For migrations all ~5
migrations directories are includes using the **/migrations/**
pattern.

The GitHub Action docs that explain the syntax:
https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
2020-07-24 10:36:55 -07:00
Priyank Patel 3ab53c6a83 github-actions: Add bionic and focal production install jobs.
We remove the "Do memcached hack" step from CircleCI when migrating
this job because a fix has been made upstream.
2020-07-24 10:36:55 -07:00
Priyank Patel 23372a49e1 github-actions: Add bionic production build job.
All the steps are same from circleci except two steps:
  1. The 'Add permissions ...' step is Actions specific as explained
     in comments.
  2. The step that used upload-artifacts is Actions verison of
     presist_to_workspace.

Finally, I should note the duplication in this and zulip-ci
workflow. There are three reason this is not a problem:
  1. It will be messy to mush this into zulip-ci workflow only for
     benefit of un-duplicating the env and cache restore steps.
  2. We needs this on its own workflow if we want to only run it
     when production related dependencies are updated.
  3. I don't see us updating the duplicated steps between both
     workflow. Circle CI config is prefect example for this; nothing
     is changed except for adding or updating steps which are not
     duplicated.
2020-07-24 10:36:55 -07:00