Skip to content

Commit

Permalink
Merge branch 'fasttrack/3.0' into ankitapareek/3.0-cert-manager-CVE-2…
Browse files Browse the repository at this point in the history
  • Loading branch information
jslobodzian authored Jan 9, 2025
2 parents 08123d2 + bd01bb7 commit 4473290
Show file tree
Hide file tree
Showing 77 changed files with 1,531 additions and 352 deletions.
67 changes: 47 additions & 20 deletions .github/policies/resourceManagement.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,34 +13,37 @@ configuration:
- payloadType: Pull_Request
then:
- if:
- includesModifiedFiles:
files:
- SPECS/
- SPECS-EXTENDED/
- SPECS-SIGNED/
- filesMatchPattern:
pattern: "^(SPECS|SPECS-EXTENDED|SPECS-SIGNED)/"
matchAny: true
then:
- addLabel:
label: Packaging
- if:
- includesModifiedFiles:
files:
- toolkit/docs/
- filesMatchPattern:
pattern: "^SPECS-EXTENDED/"
matchAny: true
then:
- addLabel:
label: specs-extended
- if:
- filesMatchPattern:
pattern: "^toolkit/docs/"
matchAny: true
then:
- addLabel:
label: documentation
- if:
- includesModifiedFiles:
files:
- toolkit/tools/
- toolkit/scripts/
- filesMatchPattern:
pattern: "^toolkit/(tools|scripts)/"
matchAny: true
then:
- addLabel:
label: Tools
- if:
- includesModifiedFiles:
files:
- toolkit/imageconfigs/
- toolkit/tools/imagegen/configuration
- filesMatchPattern:
pattern: "^toolkit/(imageconfigs|tools/imagegen/configuration)/"
matchAny: true
then:
- addLabel:
label: Schema
Expand Down Expand Up @@ -69,16 +72,40 @@ configuration:
then:
- if:
- targetsBranch:
branch: 1.0-dev
branch: main
then:
- addLabel:
label: 1.0-dev
label: main
- if:
- targetsBranch:
branch: main
branch: 2.0
then:
- addLabel:
label: main
label: 2.0
- if:
- targetsBranch:
branch: 3.0-dev
then:
- addLabel:
label: 3.0-dev
- if:
- targetsBranch:
branch: 3.0
then:
- addLabel:
label: 3.0
- if:
- targetsBranch:
branch: fasttrack/2.0
then:
- addLabel:
label: fasttrack/2.0
- if:
- targetsBranch:
branch: fasttrack/3.0
then:
- addLabel:
label: fasttrack/3.0
description:
onFailure:
onSuccess:
4 changes: 3 additions & 1 deletion .github/workflows/check-manifests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,9 @@ jobs:
# This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond
- name: Define missing rpm macros
run: |
[[ -n $(rpm --eval '%bcond test 1') ]] && echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros
if [[ -n $(rpm --eval '%bcond test 1') ]]; then
echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros
fi
- name: Check x86_64 manifests
run: |
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/check-package-cgmanifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,9 @@ jobs:
# This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond
- name: Define missing rpm macros
run: |
[[ -n $(rpm --eval '%bcond test 1') ]] && echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros
if [[ -n $(rpm --eval '%bcond test 1') ]]; then
echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros
fi
- name: Get base commit for PRs
if: ${{ github.event_name == 'pull_request' }}
Expand Down
3 changes: 2 additions & 1 deletion .pipelines/containerSourceData/cuda/core.pkg
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
util-linux
ca-certificates
kernel
kernel
kernel-drivers-gpu
48 changes: 42 additions & 6 deletions .pipelines/prchecks/PackageBuildPRCheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,9 +80,11 @@ extends:
# GCC fails to build as a regular package.
ignoredSpecs: ["gcc"]

- script: echo "##vso[task.setvariable variable=toolchainArtifactName;isOutput=true]$(ob_artifactBaseName)"
- script: |
echo "##vso[task.setvariable variable=toolchainArtifactName;isOutput=true]$(ob_artifactBaseName)"
echo "##vso[task.setvariable variable=toolchainTarballName;isOutput=true]toolchain_built_rpms_all.tar.gz"
name: "ToolchainArtifactName"
displayName: "Set variable for published artifact name"
displayName: "Set variables for published toolchain tarball"
# 1. Automatic publishing won't work if 'isCustom: true' is set on the pool. We cannot do 'isCustom: false' because
# then OneBranch attempts to perform additional actions (adding build tags for instance), which require additional permissions
Expand All @@ -104,24 +106,38 @@ extends:
isCustom: true
name: ${{ configuration.agentPool }}
variables:
inputArtifactsLocation: $(Agent.TempDirectory)
ob_artifactBaseName: $(rpmsArtifactNameBase)_${{ configuration.name }}_$(System.JobAttempt)
ob_outputDirectory: $(Build.ArtifactStagingDirectory)
outputRPMsTarballName: "rpms.tar.gz"
toolchainArtifactName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainArtifactName'] ]
toolchainTarballName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainTarballName'] ]
steps:
- task: DownloadPipelineArtifact@2
displayName: "Download toolchain"
inputs:
artifact: $(toolchainArtifactName)
patterns: "**/$(toolchainTarballName)"
targetPath: $(inputArtifactsLocation)

- template: .pipelines/templates/PackageBuild.yml@self
parameters:
checkBuildRetries: "1"
customToolchainArtifactName: $(toolchainArtifactName)
customToolchainTarballName: $(toolchainTarballName)
inputArtifactsFolder: $(inputArtifactsLocation)
isCheckBuild: true
isQuickRebuildPackages: true
isUseCCache: true
maxCPU: "${{ configuration.maxCPUs }}"
outputArtifactsFolder: $(ob_outputDirectory)
outputRPMsTarballName: $(outputRPMsTarballName)
pipArtifactFeeds: "mariner/Mariner-Pypi-Feed"
selfRepoName: self
testSuiteName: "[${{ configuration.name }}] Package test"

- script: echo "##vso[task.setvariable variable=rpmsArtifactName;isOutput=true]$(ob_artifactBaseName)"
- script: |
echo "##vso[task.setvariable variable=rpmsArtifactName;isOutput=true]$(ob_artifactBaseName)"
echo "##vso[task.setvariable variable=rpmsTarballName;isOutput=true]$(outputRPMsTarballName)"
name: "RPMsArtifactName"
displayName: "Set variable for published artifact name"
Expand All @@ -142,15 +158,25 @@ extends:
isCustom: true
name: ${{ configuration.agentPool }}
variables:
inputArtifactsLocation: $(Agent.TempDirectory)
ob_artifactBaseName: $(toolchainTestsArtifactNameBase)_${{ configuration.name }}_$(System.JobAttempt)
ob_outputDirectory: $(Build.ArtifactStagingDirectory)
testListFromToolchain: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['CalculateToolchainPackageRetestList.toolchainPackageRetestList'] ]
toolchainArtifactName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainArtifactName'] ]
toolchainTarballName: $[ stageDependencies.Toolchain_${{ configuration.name }}.Build.outputs['ToolchainArtifactName.toolchainTarballName'] ]
steps:
- task: DownloadPipelineArtifact@2
displayName: "Download toolchain"
inputs:
artifact: $(toolchainArtifactName)
patterns: "**/$(toolchainTarballName)"
targetPath: $(inputArtifactsLocation)

- template: .pipelines/templates/PackageBuild.yml@self
parameters:
checkBuildRetries: "1"
customToolchainArtifactName: $(toolchainArtifactName)
customToolchainTarballName: $(toolchainTarballName)
inputArtifactsFolder: $(inputArtifactsLocation)
isAllowToolchainRebuilds: true
isCheckBuild: true
isQuickRebuildPackages: true
Expand Down Expand Up @@ -179,8 +205,18 @@ extends:
isCustom: true
name: ${{ configuration.agentPool }}
variables:
inputArtifactsLocation: $(Agent.TempDirectory)
rpmsArtifactName: $[ stageDependencies.RPMs_${{ configuration.name }}.BuildAndTest.outputs['RPMsArtifactName.rpmsArtifactName'] ]
rpmsTarballName: $[ stageDependencies.RPMs_${{ configuration.name }}.BuildAndTest.outputs['RPMsArtifactName.rpmsTarballName'] ]
steps:
- task: DownloadPipelineArtifact@2
displayName: "Download RPMs tarball"
inputs:
artifact: $(rpmsArtifactName)
patterns: "**/$(rpmsTarballName)"
targetPath: $(inputArtifactsLocation)

- template: .pipelines/templatesWithCheckout/SodiffCheck.yml@self
parameters:
inputArtifactName: $(rpmsArtifactName)
inputArtifactsFolder: $(inputArtifactsLocation)
inputRPMsTarballName: $(rpmsTarballName)
40 changes: 14 additions & 26 deletions .pipelines/templates/PackageBuild.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,9 @@ parameters:
type: number
default: 12

- name: customToolchainArtifactName
type: string
default: ""

- name: customToolchainTarballName
type: string
default: "toolchain_built_rpms_all.tar.gz"
default: ""

- name: extraPackageRepos
type: string
Expand All @@ -30,12 +26,16 @@ parameters:
type: boolean
default: true

- name: inputCacheArtifacts
- name: inputArtifactsFolder
type: string
default: "$(Agent.TempDirectory)"

- name: inputCacheRPMsTarballs
type: object
default: []
# Sample:
# - name: build-artifacts
# rpmsTarball: cache.tar.gz
# - cache.tar.gz
# - cache2.tar.gz

- name: isAllowToolchainRebuilds
type: string
Expand Down Expand Up @@ -160,15 +160,9 @@ steps:
artifactFeeds: "${{ parameters.pipArtifactFeeds }}"
displayName: "Authenticate to custom pip artifact feeds"

- ${{ if parameters.customToolchainArtifactName }}:
- task: DownloadPipelineArtifact@2
displayName: "Download toolchain"
inputs:
artifact: "${{ parameters.customToolchainArtifactName }}"
patterns: "**/${{ parameters.customToolchainTarballName }}"

- ${{ if parameters.customToolchainTarballName }}:
- script: |
toolchain_archive="$(find "$(Pipeline.Workspace)" -name "${{ parameters.customToolchainTarballName }}" -print -quit)"
toolchain_archive="$(find "${{ parameters.inputArtifactsFolder }}" -name "${{ parameters.customToolchainTarballName }}" -print -quit)"
if [[ ! -f "$toolchain_archive" ]]; then
echo "ERROR: toolchain archive not found!" >&2
exit 1
Expand All @@ -178,17 +172,11 @@ steps:
sudo make -C "${{ parameters.buildRepoRoot }}/toolkit" toolchain TOOLCHAIN_ARCHIVE="$toolchain_archive"
displayName: "Populate toolchain"
- ${{ each inputCacheArtifact in parameters.inputCacheArtifacts }}:
- task: DownloadPipelineArtifact@2
displayName: "Download input cache RPM from ${{ inputCacheArtifact.name }}"
inputs:
artifact: "${{ inputCacheArtifact.name }}"
patterns: "**/${{ inputCacheArtifact.rpmsTarball }}"

- ${{ each inputCacheRPMsTarball in parameters.inputCacheRPMsTarballs }}:
- script: |
rpms_archive="$(find "$(Pipeline.Workspace)" -name "${{ inputCacheArtifact.rpmsTarball }}" -print -quit)"
rpms_archive="$(find "${{ parameters.inputArtifactsFolder }}" -name "${{ inputCacheRPMsTarball }}" -print -quit)"
if [[ ! -f "$rpms_archive" ]]; then
echo "ERROR: cache RPMs archive '${{ inputCacheArtifact.rpmsTarball }}' not found!" >&2
echo "ERROR: cache RPMs archive '${{ inputCacheRPMsTarball }}' not found!" >&2
exit 1
fi
Expand All @@ -200,7 +188,7 @@ steps:
check_build_retries_arg="CHECK_BUILD_RETRIES=${{ parameters.checkBuildRetries }}"
fi
if [[ -n "${{ parameters.customToolchainArtifactName }}" ]]; then
if [[ -n "${{ parameters.customToolchainTarballName }}" ]]; then
toolchain_archive_arg="TOOLCHAIN_ARCHIVE=$(toolchainArchive)"
fi
Expand Down
13 changes: 3 additions & 10 deletions .pipelines/templatesWithCheckout/SodiffCheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ parameters:
type: string
default: "$(Build.SourcesDirectory)"

- name: inputArtifactName
- name: inputArtifactsFolder
type: string
default: "$(Agent.TempDirectory)"

- name: inputRPMsTarballName
type: string
Expand All @@ -26,19 +27,11 @@ parameters:
default: "$(Agent.TempDirectory)/SourcesWorkspace"

steps:
- task: DownloadPipelineArtifact@2
displayName: "Download sources for signing"
inputs:
artifact: ${{ parameters.inputArtifactName }}
patterns: |
**/${{ parameters.inputRPMsTarballName }}
targetPath: "$(Agent.TempDirectory)"

- script: |
set -e
mkdir -p "${{ parameters.sourcesWorkspace }}"
find "$(Agent.TempDirectory)" -name "${{ parameters.inputRPMsTarballName }}" -print0 | xargs -0 -n 1 tar -C "${{ parameters.sourcesWorkspace }}" -xkf
find "${{ parameters.inputArtifactsFolder }}" -name "${{ parameters.inputRPMsTarballName }}" -print0 | xargs -0 -n 1 tar -C "${{ parameters.sourcesWorkspace }}" -xkf
displayName: "Extract sources tarball"
- script: |
Expand Down
Loading

0 comments on commit 4473290

Please sign in to comment.