bootstrap: clean up CI workflows a bit (#30574)
- [x] Add `mkdir -p` and `chmod` to ensure `/home/spack-test` exists and has correct permissions. - [x] Remove version comments from dependabot-managed action commits - [x] Don't duplicate comment describing required fixes for distros with patched git
This commit is contained in:
parent
b76fc61deb
commit
555202833f
1 changed files with 66 additions and 61 deletions
127
.github/workflows/bootstrap.yml
vendored
127
.github/workflows/bootstrap.yml
vendored
|
@ -31,20 +31,20 @@ jobs:
|
||||||
bzip2 curl file gcc-c++ gcc gcc-gfortran git gnupg2 gzip \
|
bzip2 curl file gcc-c++ gcc gcc-gfortran git gnupg2 gzip \
|
||||||
make patch unzip which xz python3 python3-devel tree \
|
make patch unzip which xz python3 python3-devel tree \
|
||||||
cmake bison bison-devel libstdc++-static
|
cmake bison bison-devel libstdc++-static
|
||||||
- name: Work around CVE-2022-24765
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- name: Setup non-root user
|
||||||
run: |
|
run: |
|
||||||
# See:
|
# See [1] below
|
||||||
# - https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
|
||||||
# - https://github.com/actions/checkout/issues/760
|
|
||||||
git config --global --add safe.directory /__w/spack/spack
|
git config --global --add safe.directory /__w/spack/spack
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
|
useradd spack-test && mkdir -p ~spack-test
|
||||||
- name: Setup repo and non-root user
|
chown -R spack-test . ~spack-test
|
||||||
|
- name: Setup repo
|
||||||
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
git --version
|
git --version
|
||||||
git fetch --unshallow
|
git fetch --unshallow
|
||||||
. .github/workflows/setup_git.sh
|
. .github/workflows/setup_git.sh
|
||||||
useradd spack-test
|
|
||||||
chown -R spack-test .
|
|
||||||
- name: Bootstrap clingo
|
- name: Bootstrap clingo
|
||||||
shell: runuser -u spack-test -- bash {0}
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
|
@ -67,22 +67,20 @@ jobs:
|
||||||
bzip2 curl file g++ gcc gfortran git gnupg2 gzip \
|
bzip2 curl file g++ gcc gfortran git gnupg2 gzip \
|
||||||
make patch unzip xz-utils python3 python3-dev tree \
|
make patch unzip xz-utils python3 python3-dev tree \
|
||||||
cmake bison
|
cmake bison
|
||||||
- name: Work around CVE-2022-24765
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- name: Setup non-root user
|
||||||
run: |
|
run: |
|
||||||
# Apparently Ubuntu patched git v2.25.1 with a security patch that introduces
|
# See [1] below
|
||||||
# a breaking behavior. See:
|
|
||||||
# - https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
|
||||||
# - https://github.com/actions/checkout/issues/760
|
|
||||||
# - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog
|
|
||||||
git config --global --add safe.directory /__w/spack/spack
|
git config --global --add safe.directory /__w/spack/spack
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
|
useradd spack-test && mkdir -p ~spack-test
|
||||||
- name: Setup repo and non-root user
|
chown -R spack-test . ~spack-test
|
||||||
|
- name: Setup repo
|
||||||
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
git --version
|
git --version
|
||||||
git fetch --unshallow
|
git fetch --unshallow
|
||||||
. .github/workflows/setup_git.sh
|
. .github/workflows/setup_git.sh
|
||||||
useradd -m spack-test
|
|
||||||
chown -R spack-test .
|
|
||||||
- name: Bootstrap clingo
|
- name: Bootstrap clingo
|
||||||
shell: runuser -u spack-test -- bash {0}
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
|
@ -104,22 +102,20 @@ jobs:
|
||||||
apt-get install -y \
|
apt-get install -y \
|
||||||
bzip2 curl file g++ gcc gfortran git gnupg2 gzip \
|
bzip2 curl file g++ gcc gfortran git gnupg2 gzip \
|
||||||
make patch unzip xz-utils python3 python3-dev tree
|
make patch unzip xz-utils python3 python3-dev tree
|
||||||
- name: Work around CVE-2022-24765
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- name: Setup non-root user
|
||||||
run: |
|
run: |
|
||||||
# Apparently Ubuntu patched git v2.25.1 with a security patch that introduces
|
# See [1] below
|
||||||
# a breaking behavior. See:
|
|
||||||
# - https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
|
||||||
# - https://github.com/actions/checkout/issues/760
|
|
||||||
# - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog
|
|
||||||
git config --global --add safe.directory /__w/spack/spack
|
git config --global --add safe.directory /__w/spack/spack
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
|
useradd spack-test && mkdir -p ~spack-test
|
||||||
- name: Setup repo and non-root user
|
chown -R spack-test . ~spack-test
|
||||||
|
- name: Setup repo
|
||||||
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
git --version
|
git --version
|
||||||
git fetch --unshallow
|
git fetch --unshallow
|
||||||
. .github/workflows/setup_git.sh
|
. .github/workflows/setup_git.sh
|
||||||
useradd -m spack-test
|
|
||||||
chown -R spack-test .
|
|
||||||
- name: Bootstrap clingo
|
- name: Bootstrap clingo
|
||||||
shell: runuser -u spack-test -- bash {0}
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
|
@ -127,7 +123,6 @@ jobs:
|
||||||
spack -d solve zlib
|
spack -d solve zlib
|
||||||
tree ~/.spack/bootstrap/store/
|
tree ~/.spack/bootstrap/store/
|
||||||
|
|
||||||
|
|
||||||
opensuse-clingo-sources:
|
opensuse-clingo-sources:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: "opensuse/leap:latest"
|
container: "opensuse/leap:latest"
|
||||||
|
@ -140,12 +135,13 @@ jobs:
|
||||||
bzip2 curl file gcc-c++ gcc gcc-fortran tar git gpg2 gzip \
|
bzip2 curl file gcc-c++ gcc gcc-fortran tar git gpg2 gzip \
|
||||||
make patch unzip which xz python3 python3-devel tree \
|
make patch unzip which xz python3 python3-devel tree \
|
||||||
cmake bison
|
cmake bison
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
|
- name: Checkout
|
||||||
- name: Setup repo and non-root user
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- name: Setup repo
|
||||||
run: |
|
run: |
|
||||||
git --version
|
# See [1] below
|
||||||
# See http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog
|
|
||||||
git config --global --add safe.directory /__w/spack/spack
|
git config --global --add safe.directory /__w/spack/spack
|
||||||
|
git --version
|
||||||
git fetch --unshallow
|
git fetch --unshallow
|
||||||
. .github/workflows/setup_git.sh
|
. .github/workflows/setup_git.sh
|
||||||
- name: Bootstrap clingo
|
- name: Bootstrap clingo
|
||||||
|
@ -162,7 +158,8 @@ jobs:
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: |
|
run: |
|
||||||
brew install cmake bison@2.7 tree
|
brew install cmake bison@2.7 tree
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
- name: Bootstrap clingo
|
- name: Bootstrap clingo
|
||||||
run: |
|
run: |
|
||||||
source share/spack/setup-env.sh
|
source share/spack/setup-env.sh
|
||||||
|
@ -181,8 +178,9 @@ jobs:
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: |
|
run: |
|
||||||
brew install tree
|
brew install tree
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
|
- name: Checkout
|
||||||
- uses: actions/setup-python@98f2ad02fd48d057ee3b4d4f66525b231c3e52b6 # @v2
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- uses: actions/setup-python@98f2ad02fd48d057ee3b4d4f66525b231c3e52b6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ matrix.python-version }}
|
python-version: ${{ matrix.python-version }}
|
||||||
- name: Bootstrap clingo
|
- name: Bootstrap clingo
|
||||||
|
@ -198,11 +196,12 @@ jobs:
|
||||||
matrix:
|
matrix:
|
||||||
python-version: ['2.7', '3.5', '3.6', '3.7', '3.8', '3.9', '3.10']
|
python-version: ['2.7', '3.5', '3.6', '3.7', '3.8', '3.9', '3.10']
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # @v2
|
- name: Checkout
|
||||||
- uses: actions/setup-python@98f2ad02fd48d057ee3b4d4f66525b231c3e52b6 # @v2
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- uses: actions/setup-python@98f2ad02fd48d057ee3b4d4f66525b231c3e52b6
|
||||||
with:
|
with:
|
||||||
python-version: ${{ matrix.python-version }}
|
python-version: ${{ matrix.python-version }}
|
||||||
- name: Setup repo and non-root user
|
- name: Setup repo
|
||||||
run: |
|
run: |
|
||||||
git --version
|
git --version
|
||||||
git fetch --unshallow
|
git fetch --unshallow
|
||||||
|
@ -226,22 +225,20 @@ jobs:
|
||||||
apt-get install -y \
|
apt-get install -y \
|
||||||
bzip2 curl file g++ gcc patchelf gfortran git gzip \
|
bzip2 curl file g++ gcc patchelf gfortran git gzip \
|
||||||
make patch unzip xz-utils python3 python3-dev tree
|
make patch unzip xz-utils python3 python3-dev tree
|
||||||
- name: Work around CVE-2022-24765
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- name: Setup non-root user
|
||||||
run: |
|
run: |
|
||||||
# Apparently Ubuntu patched git v2.25.1 with a security patch that introduces
|
# See [1] below
|
||||||
# a breaking behavior. See:
|
|
||||||
# - https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
|
||||||
# - https://github.com/actions/checkout/issues/760
|
|
||||||
# - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog
|
|
||||||
git config --global --add safe.directory /__w/spack/spack
|
git config --global --add safe.directory /__w/spack/spack
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
useradd spack-test && mkdir -p ~spack-test
|
||||||
- name: Setup repo and non-root user
|
chown -R spack-test . ~spack-test
|
||||||
|
- name: Setup repo
|
||||||
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
git --version
|
git --version
|
||||||
git fetch --unshallow
|
git fetch --unshallow
|
||||||
. .github/workflows/setup_git.sh
|
. .github/workflows/setup_git.sh
|
||||||
useradd -m spack-test
|
|
||||||
chown -R spack-test .
|
|
||||||
- name: Bootstrap GnuPG
|
- name: Bootstrap GnuPG
|
||||||
shell: runuser -u spack-test -- bash {0}
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
|
@ -263,22 +260,20 @@ jobs:
|
||||||
bzip2 curl file g++ gcc patchelf gfortran git gzip \
|
bzip2 curl file g++ gcc patchelf gfortran git gzip \
|
||||||
make patch unzip xz-utils python3 python3-dev tree \
|
make patch unzip xz-utils python3 python3-dev tree \
|
||||||
gawk
|
gawk
|
||||||
- name: Work around CVE-2022-24765
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
|
- name: Setup non-root user
|
||||||
run: |
|
run: |
|
||||||
# Apparently Ubuntu patched git v2.25.1 with a security patch that introduces
|
# See [1] below
|
||||||
# a breaking behavior. See:
|
|
||||||
# - https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
|
||||||
# - https://github.com/actions/checkout/issues/760
|
|
||||||
# - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog
|
|
||||||
git config --global --add safe.directory /__w/spack/spack
|
git config --global --add safe.directory /__w/spack/spack
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
useradd spack-test && mkdir -p ~spack-test
|
||||||
- name: Setup repo and non-root user
|
chown -R spack-test . ~spack-test
|
||||||
|
- name: Setup repo
|
||||||
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
git --version
|
git --version
|
||||||
git fetch --unshallow
|
git fetch --unshallow
|
||||||
. .github/workflows/setup_git.sh
|
. .github/workflows/setup_git.sh
|
||||||
useradd -m spack-test
|
|
||||||
chown -R spack-test .
|
|
||||||
- name: Bootstrap GnuPG
|
- name: Bootstrap GnuPG
|
||||||
shell: runuser -u spack-test -- bash {0}
|
shell: runuser -u spack-test -- bash {0}
|
||||||
run: |
|
run: |
|
||||||
|
@ -296,7 +291,8 @@ jobs:
|
||||||
brew install tree
|
brew install tree
|
||||||
# Remove GnuPG since we want to bootstrap it
|
# Remove GnuPG since we want to bootstrap it
|
||||||
sudo rm -rf /usr/local/bin/gpg
|
sudo rm -rf /usr/local/bin/gpg
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
- name: Bootstrap GnuPG
|
- name: Bootstrap GnuPG
|
||||||
run: |
|
run: |
|
||||||
source share/spack/setup-env.sh
|
source share/spack/setup-env.sh
|
||||||
|
@ -312,7 +308,8 @@ jobs:
|
||||||
brew install gawk tree
|
brew install gawk tree
|
||||||
# Remove GnuPG since we want to bootstrap it
|
# Remove GnuPG since we want to bootstrap it
|
||||||
sudo rm -rf /usr/local/bin/gpg
|
sudo rm -rf /usr/local/bin/gpg
|
||||||
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
- name: Checkout
|
||||||
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
||||||
- name: Bootstrap GnuPG
|
- name: Bootstrap GnuPG
|
||||||
run: |
|
run: |
|
||||||
source share/spack/setup-env.sh
|
source share/spack/setup-env.sh
|
||||||
|
@ -320,3 +317,11 @@ jobs:
|
||||||
spack bootstrap untrust github-actions-v0.2
|
spack bootstrap untrust github-actions-v0.2
|
||||||
spack -d gpg list
|
spack -d gpg list
|
||||||
tree ~/.spack/bootstrap/store/
|
tree ~/.spack/bootstrap/store/
|
||||||
|
|
||||||
|
|
||||||
|
# [1] Distros that have patched git to resolve CVE-2022-24765 (e.g. Ubuntu patching v2.25.1)
|
||||||
|
# introduce breaking behaviorso we have to set `safe.directory` in gitconfig ourselves.
|
||||||
|
# See:
|
||||||
|
# - https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
||||||
|
# - https://github.com/actions/checkout/issues/760
|
||||||
|
# - http://changelogs.ubuntu.com/changelogs/pool/main/g/git/git_2.25.1-1ubuntu3.3/changelog
|
||||||
|
|
Loading…
Reference in a new issue