Commit Graph

109 Commits

Author SHA1 Message Date
Anders Kaseorg 872f4b41c1 ci: Check that non-scripts aren’t marked executable.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-12-07 09:54:01 -08:00
Josh Klar a67ecc0f36 ci: Only report failures to CZO on branch pushes.
Targeted fix for regression introduced in #23719 wherein failure reports
were attempted for all CI failures, including those from forked pull
requests, which don't have access to Actions Secrets. Since undefined
Secrets are empty strings at interpolation time [^1], the underlying
`send-message` Action was being called with no API Key, causing a
failure in the failure handler.

This fix is, per discussion in both a comment on #23719 and later on CZO
[^2], prefered to restoring the prior guard against ZULIP_BOT_KEY being
an empty string that had been in the shell script as it is more explicit
in its intent.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets

[^2]: https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/all.20branches.20failing/near/1475246
2022-12-06 17:43:54 -05:00
Josh Klar 3a0620a40c tools: Reimplement CI failure script without using CircleCI endpoint.
Using curl to POST to the CircleCI workflow endpoint on CZO:

- Doesn't work on zulip/zulip@main (CZO runs a revert)
- Sets a bad example for other orgs
- Robs us of an opportunity to dogfood our own zulip/github-actions-zulip

Refactor the Actions workflows in this repo to report failure states
using the Zulip Action, and reimplement the related helper scripts in
Python, since they'd previously mostly shelled out to Python anyway.
2022-12-05 14:33:15 -05:00
Alya Abbott 23d43b8ad9 github: Make self-review checklist in PR template collapsible. 2022-12-02 16:54:58 -08:00
Alex Vandiver 1ad26a2a9a ci: Test upgrades from Zulip Server 6.0. 2022-11-28 20:21:28 -08:00
Alex Vandiver 63d2565467 ci: Do not pre-install rabbitmq-server in Docker images.
Before Zulip 4.9, the Zulip install process left any already-installed
rabbitmq with whatever nodename it had previously configured.  Wince
this encodes the name of the host when it was installed, this does not
function well with containers.

Leave rabbitmq-server uninstalled, which lets the Zulip installation
process set the nodename to `localhost`, which ensures that it is
usable across container restarts.
2022-10-25 14:53:32 -04:00
Anders Kaseorg a8d72115eb ci: Fix custom database name test.
Caught by actionlint.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-30 17:33:37 -07:00
Varun Sharma 6cdf2853ff
ci: Limit GitHub token permissions for workflows.
This limits the ability for an Action to do mischief with this token.

Fixes #22786.

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-08-29 17:12:55 -07:00
Vipul 35d56ea528
CI: Remove multiple hashFiles instances in a single step.
hashFiles supports passing multiple filenames, and using this feature results in 
much cleaner keys.

Fixes: #22796
2022-08-29 10:37:10 -07:00
Alex Vandiver f8e2d652e1 ci: Test upgrades from the minimum of each major version, not the max. 2022-07-16 10:43:40 -07:00
Anders Kaseorg e8283b37b4 ci: Limit CodeQL analysis with the same branches for push, pull_request.
Silences “Warning: 1 issue was detected with this workflow: Please
make sure that every branch in on.pull_request is also in on.push so
that Code Scanning can compare pull requests against the state of the
base branch.”

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-07 14:51:51 -07:00
Anders Kaseorg acff0879e7 ci: Avoid duplicate GitHub Actions runs for push, pull_request.
We’ve always been running CI on both push events and pull_request
events, which means it runs twice for commits that are pushed to a
pull request.

Filter the push events by branch name.  Add the workflow_dispatch
event in case developers want to manually run CI on some other branch
that isn’t a pull request.

https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 17:31:07 -07:00
Anders Kaseorg 27fa91066c ci: Update GitHub Actions dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 15:54:46 -07:00
Anders Kaseorg 4a11642cee ci: Replace cancel-previous-runs job with concurrency configuration.
Using ‘github.head_ref || github.run_id’ makes this only cancel
in-progress jobs for pull_request events.

https://docs.github.com/en/actions/using-jobs/using-concurrency

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 13:08:06 -07:00
Alex Vandiver 91379fd67e ci: Update upgrade test to 5.3, from 5.2. 2022-06-21 17:40:33 -07:00
Alex Vandiver bf562f8fff ci: Update upgrade test to 5.2, from 5.1. 2022-05-04 11:37:15 -07:00
Anders Kaseorg e952641013 install: Resupport Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-05-03 09:41:08 -07:00
Anders Kaseorg e8e0b045fc Revert "ci: Remove actions/cache@v2 steps from run due to failures."
This reverts commit ae24fe69ed.

The problem was fixed by GitHub.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-29 14:03:12 -07:00
Lauryn Menard ae24fe69ed
ci: Remove actions/cache@v2 steps from run due to failures.
Comments out the steps in 'Create cache directories' that use
`actions/cache@2` so that the CI and production build can pass
while Github support issue is processed.

See https://github.com/actions/cache/issues/794 for an upstream report.
2022-04-29 10:14:51 -07:00
Tim Abbott 066b1b58c2 github: Add visible link in pull request template. 2022-04-28 15:29:37 -07:00
Tim Abbott 0c385fe01b ci: Only run documentation/link tests on a single job.
As noted in ReadTheDocs, it's very unlikely that these documentation
tests will pass or fail depending on the server's OS.
2022-04-26 17:26:41 -07:00
Anders Kaseorg a543dcc8e3 Remove Debian 10 support.
As a consequence:

• Bump minimum supported Python version to 3.8.
• Move Vagrant environment to Ubuntu 20.04, which has Python 3.8.
• Move CI frontend tests to Ubuntu 20.04.
• Move production build test to Ubuntu 20.04.
• Move 3.4 upgrade test to Ubuntu 20.04.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-26 16:32:02 -07:00
Alya Abbott 07c12e8a6c github: Rewrite pull request template.
This rewrite is intended to help new contributors do an effective
self-review of their work, with reminders of many common mistakes made
when preparing pull requests.
2022-04-10 16:47:13 -07:00
Alex Vandiver e2a3fe0930 ci: Test upgrades from 3.x, 4.x and 5.x. 2022-04-08 17:10:03 -07:00
Alex Vandiver d150236217 ci: Test upgrades from 4.11. 2022-03-15 16:00:02 -07:00
Anders Kaseorg 3848050456 ci: Temporarily disable Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-02 16:00:35 -08:00
Alex Vandiver 62f4f3435f ci: Test upgrades from 4.10. 2022-02-25 16:28:33 -08:00
Anders Kaseorg 894a50b5c9 install: Support Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-25 14:49:07 -08:00
Anders Kaseorg 170f4745dc ci: Ban check-database-compatibility.py from using static/generated.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-24 14:31:24 -08:00
Anders Kaseorg b3260bd610 docs: Use Debian and Ubuntu version numbers over development codenames.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-23 12:04:24 -08:00
Anders Kaseorg b0ce4f1bce docs: Fix many spelling mistakes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-07 18:51:06 -08:00
Alex Vandiver 2fc156e556 ci: Cache with the OS name, not the job name.
The job name is just the constant `production_build`.  Renaming it to
have the OS in the key ensures that it is not shared across OS'es (for
instance between `4.x` and `main`, which are now bionic and buster,
respectively), and also allows it to share caches with the install
step, which uses the OS name in that place.
2022-01-24 14:29:49 -08:00
Anders Kaseorg a58a71ef43 Remove Ubuntu 18.04 support.
As a consequence:

• Bump minimum supported Python version to 3.7.
• Move Vagrant environment to Debian 10, which has Python 3.7.
• Move CI frontend tests to Debian 10.
• Move production build test to Debian 10.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 17:26:14 -08:00
Anders Kaseorg d035efd467 ci: Test upgrade-postgresql on Ubuntu 20.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 17:26:14 -08:00
Alex Vandiver 71b56f7c1c puppet: process_fts_updates connects as nagios (or provided username).
It should not use the configured zulip username, but should instead
pull from the login user (likely `nagios`), or an explicit alternate
provided PostgreSQL username.  Failure to do so results in Nagios
failures because the `nagios` login does not have permissions to
authenticated the `zulip` PostgreSQL user.

This requires CI changes, as the install tests install as the `zulip`
login username, which allowed Nagios tests to pass previously; with
the custom database and username, however, they must be passed to
process_fts_updates explicitly when validating the install.
2021-12-14 14:48:53 -08:00
Alex Vandiver a751d3a6ff ci: Refactor --test-custom-db to be an argument, not a command. 2021-12-14 14:48:53 -08:00
Alex Vandiver 0ae375e0f9 ci: Test upgrades from the latest minor release. 2021-11-25 08:00:34 -08:00
Alex Vandiver 4f1f8d8f6e ci: Remove an unnecessary and incorrect is_focal tag. 2021-11-25 08:00:34 -08:00
Alex Vandiver 73055255bb ci: Test pgroonga installation. 2021-11-20 07:13:50 -08:00
Alex Vandiver c9ebccdf70 ci: Update outdated comments to generated Dockerfiles.
These were missed in the doc updates in d78723b6e8, which were for
behavior changes in 16067bc4fc.
2021-11-05 15:45:46 -07:00
rht a3a71487b0 CI: Add Codespell linter.
This tool helps catch common typos in code and documentation, which is
particularly useful for our many contributors who are not native
English speakers.

The config is based on the codespell that I ran in
https://github.com/zulip/zulip/pull/18535.
2021-10-27 16:49:30 -07:00
Alex Vandiver a1d22cc7fa ci: Run production tests when files mentioning zilencer are changed.
Production installs do not use the zilencer application, but the tests
do include it; as such, changes to any files which reference zilencer
are more likely to pass tests but fail production installs.

Run production tests when those files are changed.
2021-10-20 16:53:11 -07:00
Anders Kaseorg 9cf5a03f2a ci: Migrate to new Codecov uploader.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 17:56:52 -07:00
Anders Kaseorg a88ace988a ci: Remove /__w permission twiddling.
Commit 9f2ac49fb3 (#19963) should make
this unnecessary.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 13:24:30 -07:00
Alex Vandiver acbe7ae7a8 github: Ignore CodeQL analysis in private repos.
CodeQL only runs in public repos; private forks will otherwise error
their CI runs.
2021-09-30 18:07:20 -07:00
Anders Kaseorg e96abc3c5a ci: Remove legacy-os test.
As of yesterday, the GitHub Actions ubuntu-16.04 environment has been
removed.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-22 13:58:46 -07:00
Ganesh Pawar dee20f0dbf node_tests: Run node tests in parallel.
Fixes #9471.
2021-09-10 14:18:31 -07:00
Anders Kaseorg a4dbc1edd4 docs: Format Markdown with Prettier.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-08 12:06:24 -07:00
Anders Kaseorg a9501772c1 ci: Do not run CodeQL on Dependabot push events.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-04 02:34:21 -07:00
Anders Kaseorg d464b3c805 ci: Run CodeQL on merge commit.
As per https://github.com/github/codeql-action/pull/297.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-03 13:51:18 -07:00