From efd2be8f6f0a0253938be80ff6664c7bc51924a3 Mon Sep 17 00:00:00 2001 From: Ana Luisa Ponsirenas Date: Wed, 23 Apr 2025 07:42:50 -0700 Subject: [PATCH 01/11] Update hash reference in publish docs workflow (#55) - Updated to the latest `publish-docs` in `orch-ci` --- .github/workflows/publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 46330247c0..0c79b15255 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -17,7 +17,7 @@ permissions: jobs: build_microvisor-toolkit: if: ${{ (github.event.inputs.target == 'microvisor-toolkit') || (github.event.inputs.target == 'all-documentation') }} - uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@2fc4c75be6b7f308dd95bdf5a822e466437734ac + uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@f6daea43ff4711b5c8cc12032eab94aa59ccb3b7 secrets: SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} DOC_AWS_ACCESS_KEY_ID: ${{ secrets.DOC_AWS_ACCESS_KEY_ID }} From 6fc6894147a0c02572af27d7eb0f0be75d2fb5b6 Mon Sep 17 00:00:00 2001 From: Ana Luisa Ponsirenas Date: Wed, 23 Apr 2025 08:07:28 -0700 Subject: [PATCH 02/11] Update sha publish docs (#56) * Update hash reference in publish docs workflow - Updated to the latest `publish-docs` in `orch-ci` * Update publish-docs.yml --- .github/workflows/publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 0c79b15255..bc92e31a09 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -17,7 +17,7 @@ permissions: jobs: build_microvisor-toolkit: if: ${{ (github.event.inputs.target == 'microvisor-toolkit') || (github.event.inputs.target == 'all-documentation') }} - uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@f6daea43ff4711b5c8cc12032eab94aa59ccb3b7 + uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@4ecba6bd86b92c842c88dec9e53cf782f523a746 secrets: SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} DOC_AWS_ACCESS_KEY_ID: ${{ secrets.DOC_AWS_ACCESS_KEY_ID }} From 90b2b08c1fe1dc9202ae565bb10ab1a54e964220 Mon Sep 17 00:00:00 2001 From: Ana Luisa Ponsirenas Date: Wed, 23 Apr 2025 20:52:03 -0700 Subject: [PATCH 03/11] Update permissions for publish-docs (#57) * Update hash reference in publish docs workflow - Updated to the latest `publish-docs` in `orch-ci` * Update publish-docs.yml * Update publish-docs.yml Updated permissions * Update publish-docs.yml Pin to latest SHA * Adds branch pattern 3.0 * Update publish-docs.yml * Change working dir --- .github/workflows/publish-docs.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index bc92e31a09..6c6e39d9b9 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -12,15 +12,19 @@ on: - microvisor-toolkit permissions: - contents: read + contents: read # needed for actions/checkout + pull-requests: read # needed for gh pr list + issues: write # needed to post PR comment jobs: build_microvisor-toolkit: if: ${{ (github.event.inputs.target == 'microvisor-toolkit') || (github.event.inputs.target == 'all-documentation') }} - uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@4ecba6bd86b92c842c88dec9e53cf782f523a746 + uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@81b923cd8456c3efb633808611e09b4aed8ae3b1 secrets: SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} DOC_AWS_ACCESS_KEY_ID: ${{ secrets.DOC_AWS_ACCESS_KEY_ID }} DOC_AWS_SECRET_ACCESS_KEY: ${{ secrets.DOC_AWS_SECRET_ACCESS_KEY }} with: - docs_directory: docs + docs_directory: '.' + branch_pattern: '^3\.0.*$' + From 93dc987465e505d42a69c8389d2c0d07200eccaa Mon Sep 17 00:00:00 2001 From: Mats Agerstam Date: Wed, 23 Apr 2025 20:52:47 -0700 Subject: [PATCH 04/11] updated EMT-D overview documentation (#60) * updated EMT-D overview documentation * fixed typo --- docs/user-guide/Overview.md | 84 ++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/docs/user-guide/Overview.md b/docs/user-guide/Overview.md index 2826de0cbf..24f04f86e2 100644 --- a/docs/user-guide/Overview.md +++ b/docs/user-guide/Overview.md @@ -1,85 +1,91 @@ --- orphan: true --- -# Overview - -The Edge Microvisor Toolkit Developer is a package that contains mutable Edge Microvisor Toolkit in an `ISO` installer format. Edge Microvisor Toolkit is a streamlined container operating system that showcases the Intel® silicon optimizations. Built on Azure Linux, it features a Linux Kernel maintained by -Intel, incorporating all the latest kernel and user patches. - -The Edge Microvisor Toolkit Developer has undergone extensive validation across -all Intel® platforms such as Intel® Xeon®, Intel® Core™ Ultra, Intel® Core™ and Intel® Atom®. -The Edge Microvisor Toolkit Developer Node enables users to quickly deploy -and run their solutions for multiple scenarios like benchmarking and validation -of Edge AI computing workloads. The Edge Microvisor Toolkit Developer is -available to download from the Open-source repository. - -The Edge Microvisor Toolkit Developer supports Native applications and VM based applications out of the box. Users can customize their Edge Node using the -provided `dnf` package manager to install container runtimes and Docker tools. -This allows users to run Docker containers. - -The Edge Microvisor Toolkit Developer is Fully open-Source and royalty free. - -## Get started - -### System requirements - -Edge Microvisor Toolkit Developer is designed to support all Intel® platforms -with the latest Intel® kernel to ensure all features are exposed and available -for application and workloads. The microvisor has been validated on the -following platforms. +# Edge Microvisor Toolkit Developer Node + +The Edge Microvisor Toolkit Development Node is a developer version of the Edge +Microvisor Toolkit which is a container host operating system, that comes with +and an ISO installer. + +## Overview + +The Edge Microvisor Toolkit Development Node is a software package that contains +mutable Edge Microvisor Toolkit in an ISO installer format. Edge Microvisor +Toolkit is a streamlined container operating system that showcases the Intel +silicon optimizations. Built on Azure Linux, it features a Linux Kernel +maintained by Intel, incorporating all the latest kernel and user patches. The +Edge Microvisor Toolkit Development Node has undergone extensive validation +across all Intel platforms such as Xeon®, Intel® Core Ultra™, Intel Core™ and +Intel® Atom®. The Edge Microvisor Toolkit Development Node allows users to +quickly deploy and run their solutions for multiple scenarios like benchmarking +and validation of Edge AI computing workloads. This software package is +available to download as buildable source code from the Open-source repository +or as binary. + +The Edge Microvisor Toolkit Development Node supports Native applications and VM +based applications out of the box. Users can customize their Edge Node using the +provided dnf package manager to install container runtimes and Docker tools. +The Edge Microvisor Toolkit Development Node is fully open-Source and royalty +free. + +## How It Works + +Edge Microvisor Toolkit Development Node is designed to support all Intel® +platforms with the latest Intel® kernel to ensure all features are exposed and +available for application and workloads. The microvisor has been validated on +the following platforms. | Atom | Core | Xeon | | ----------------------| ----------------------------- | -------------- | -| Intel Atom® X Series | 12th Gen Intel® Core™ | 4th Gen Intel® Xeon® SP | +| Intel® Atom® X Series | 12th Gen Intel® Core™ | 4th Gen Intel® Xeon® SP | | | 13th Gen Intel® Core™ | 3rd Gen Intel® Xeon® SP | | | Intel® Core™ Ultra (Series 1) | | The following outlines the recommended hardware configuration to run Edge Microvisor Toolkit Developer. -| Component | Edge Microvisor Toolkit Developer | +| Component | Edge Microvisor Toolkit Development Node | |--------------|----------------------------| -| CPU | Intel Atom®, Intel® Core™, or Intel® Xeon® | +| CPU | Intel® Atom, Core, or Xeon | | RAM | 2GB minimum | | Storage | 32GB SSD/NVMe or eMMC | | Networking | 1GbE Ethernet or Wi-Fi | ### Installation Instructions -You can download the Edge Microvisor Toolkit Developer from [Edge Software Catalog](https://edgesoftwarecatalog.intel.com/) - -> TODO: Add step by step guide to download the ISO image from ESC with screenshots +You can download the Edge Microvisor Toolkit Developer Node [here](https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor) -## Secure by Design +### Secure by Design - Package based updates with 'dnf'. - Support for Secure Boot (optional) and TPM support for hardware-verified integrity. - Support for Full Disc Encryption (optional) -## Optimized for Intel® Architecture +### Optimized for Intel® Architecture - Pre-tuned drivers and acceleration libraries for Intel® CPUs and GPUs. - Enables Intel® silicon ahead of Operating System vendors (OSVs), unlocking features that may not be accepted upstream. - Intel® Linux* Kernel 6.12 with optimized security settings -## Flexible and Modular Deployment +### Flexible and Modular Deployment - Supports bare metal, VM-based, and containerized deployments. - Supports Kubernetes*, Docker*, and OCI-compliant runtimes. -## Open Source and Extensible +### Open Source and Extensible - Fully open-source and royalty-free. - Actively integrates OxM platform features and third-party vendor hardware. -## Getting help +### Getting help -If you encounter bugs, have feature requests, or need assistance, file a GitHub Issue. Before submitting a new report, check the existing issues to see if a +If you encounter bugs, have feature requests, or need assistance, file a GitHub +Issue. Before submitting a new report, check the existing issues to see if a similar one has not been filed already. If no matching issue is found, feel free to file the issue as described in the contribution guide. -## License Information +### License Information Edge Microvisor Toolkit Developer is based on [Azure Linux](https://github.com/microsoft/azurelinux), sharing its permissive open-source license: [MIT](https://github.com/microsoft/azurelinux/blob/3.0/LICENSE). From 54100ee5ee668e94abe00a92e2241e59d8bf9c9d Mon Sep 17 00:00:00 2001 From: SupriyaPamulpati <120701079+SupriyaPamulpati@users.noreply.github.com> Date: Fri, 25 Apr 2025 07:55:41 +0530 Subject: [PATCH 05/11] Update sb-howto.md (#58) * Update sb-howto.md * Update sb-howto.md * Update sb-howto.md --- docs/developer-guide/get-started/sb-howto.md | 27 ++++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/docs/developer-guide/get-started/sb-howto.md b/docs/developer-guide/get-started/sb-howto.md index 0f40e97a99..652f6704ab 100644 --- a/docs/developer-guide/get-started/sb-howto.md +++ b/docs/developer-guide/get-started/sb-howto.md @@ -125,10 +125,15 @@ export KEY=KeyInDB cd ~ ``` Make sure your rpm %_topdir is ~/rpmbuild; if not you should edit your ~/.rpmmacros to include: + ```bash mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} %_topdir %(echo $HOME)/rpmbuild ``` +If file ~/.rpmmacros does not exist in home directory, create one: +```bash +vi ~/.rpmmacros +``` ### Step 2: Rebuild the shim-unsigned Package @@ -143,14 +148,14 @@ certutil -d /etc/pki/pesign -L -n KeyInShim -r > ~/key-in-shim.der ```bash base_url=$(grep -E '^\s*baseurl' /etc/yum.repos.d/*.repo | awk -F= '{print $2}' | sed 's/^[ \t]*//') -shim_unsigned_package=$(tdnf repoquery --source shim-unsigned-x64 | tail -1) -wget $base_url/SRPMS/$shim_unsigned_package.rpm +shim_unsigned_package=$(tdnf repoquery --source shim-unsigned-x64 | tail -1 | sed 's/\.src$//') +wget $base_url/SRPMS/$shim_unsigned_package.src.rpm -rpm -i shim-unsigned-x64-*.src.rpm +rpm -i $shim_unsigned_package.src.rpm cd ~/rpmbuild cp ~/key-in-shim.der SOURCES/azurelinux-ca-20230216.der rpmbuild -bb SPECS/shim-unsigned-x64.spec -sudo tdnf install RPMS/x86_64/shim-unsigned-x64-*.x86_64.rpm +sudo tdnf install RPMS/x86_64/$shim_unsigned_package.x86_64.rpm ``` ```bash cd ~ @@ -163,10 +168,10 @@ cd ~ ```bash base_url=$(grep -E '^\s*baseurl' /etc/yum.repos.d/*.repo | awk -F= '{print $2}' | sed 's/^[ \t]*//') -shim_package=$(tdnf repoquery --source shim | grep -v "unsigned" | tail -1) -wget $base_url/SRPMS/$shim_package.rpm +shim_package=$(tdnf repoquery --source shim | grep -v "unsigned" | tail -1 | sed 's/\.src$//') +wget $base_url/SRPMS/$shim_package.src.rpm -rpm -i $shim_package.rpm +rpm -i $shim_package.src.rpm ``` **Sign the binaries**: @@ -186,12 +191,12 @@ rpmbuild -bb SPECS/shim.spec Install the new package and reboot with secure boot disabled: ```bash -sudo tdnf install RPMS/x86_64/$shim_package.rpm +sudo tdnf install RPMS/x86_64/$shim_package.x86_64.rpm ``` -Ensure that the `$shim_package.rpm` package is installed properly. If you encounter any messages, such as "Nothing to do", you can attempt to reinstall the package. +Ensure that the `$shim_package.x86_64.rpm` package is installed properly. If you encounter any messages, such as "Nothing to do", you can attempt to reinstall the package. ```bash -sudo tdnf reinstall --allowerasing RPMS/x86_64/$shim_package.rpm +sudo tdnf reinstall --allowerasing RPMS/x86_64/$shim_package.x86_64.rpm ``` ```bash @@ -213,7 +218,7 @@ sudo sh -c 'cp /boot/vmlinuz-* .' ```bash sudo pesign -s -i grubx64.efi -o /boot/efi/EFI/BOOT/grubx64.efi -c KeyInShim --force -udo sh -c 'pesign -s -i vmlinuz-* -o /boot/vmlinuz-* -c KeyInShim --force' +sudo sh -c 'pesign -s -i vmlinuz-* -o /boot/vmlinuz-* -c KeyInShim --force' ``` ### Step 6: Enroll KeyInDB into UEFI DB From d5f65db14c6eae27495be01ef854e978bd13d680 Mon Sep 17 00:00:00 2001 From: Anuj Mittal Date: Fri, 25 Apr 2025 14:41:09 +0800 Subject: [PATCH 06/11] docs/overview: fix location of iso (#62) Point to the location where ISO is available. --- docs/user-guide/Overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user-guide/Overview.md b/docs/user-guide/Overview.md index 24f04f86e2..c670b3c34f 100644 --- a/docs/user-guide/Overview.md +++ b/docs/user-guide/Overview.md @@ -53,7 +53,7 @@ Microvisor Toolkit Developer. ### Installation Instructions -You can download the Edge Microvisor Toolkit Developer Node [here](https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor) +You can download the Edge Microvisor Toolkit Developer Node [here](https://files-rs.edgeorchestration.intel.com/files-edge-orch/microvisor/iso/EdgeMicrovisorToolkit-3.0.iso) ### Secure by Design From acc705b8a223400bf08a2d67a9cf30691255ed8f Mon Sep 17 00:00:00 2001 From: Ana Luisa Ponsirenas Date: Sun, 27 Apr 2025 20:04:24 -0700 Subject: [PATCH 07/11] Update pinned sha in publish docs (#64) * Update hash reference in publish docs workflow - Updated to the latest `publish-docs` in `orch-ci` * Update publish-docs.yml * Update publish-docs.yml Updated permissions * Update publish-docs.yml Pin to latest SHA * Adds branch pattern 3.0 * Update publish-docs.yml * Change working dir * Update publish-docs.yml --- .github/workflows/publish-docs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index 6c6e39d9b9..a7d565477e 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -19,7 +19,7 @@ permissions: jobs: build_microvisor-toolkit: if: ${{ (github.event.inputs.target == 'microvisor-toolkit') || (github.event.inputs.target == 'all-documentation') }} - uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@81b923cd8456c3efb633808611e09b4aed8ae3b1 + uses: open-edge-platform/orch-ci/.github/workflows/publish-documentation.yml@734970a73e3d6e8d7cd160e2cad6366770f52403 secrets: SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }} DOC_AWS_ACCESS_KEY_ID: ${{ secrets.DOC_AWS_ACCESS_KEY_ID }} From 0eee046687f2f0884be46d8b0ebc504b6cbb085d Mon Sep 17 00:00:00 2001 From: Ashutosh Kumar Date: Tue, 29 Apr 2025 18:25:16 -0700 Subject: [PATCH 08/11] Update README.md (#74) Updated download links for standalone and developer versions --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 938e76c808..46067f2be6 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,8 @@ The currently published versions are: * Edge Microvisor Toolkit (immutable) * Edge Microvisor Toolkit with real time extensions (immutable) -* Edge Microvisor Toolkit Standalone (immutable) -* Edge Microvisor Toolkit Developer (mutable) +* Edge Microvisor Toolkit Standalone (immutable) ([Download link](https://edgesoftwarecatalog.intel.com/details/?microserviceType=recipeµserviceNameForUrl=edge-microvisor-toolkit-standalone-node)) +* Edge Microvisor Toolkit Developer (mutable) ([Download link](https://edgesoftwarecatalog.intel.com/details/?microserviceType=recipeµserviceNameForUrl=edge--microvisor-toolkit-development-node)) The Edge Microvisor Toolkit has undergone extensive validation across all Intel platforms such as Xeon®, Intel® Core Ultra™, Intel Core™ and Intel® Atom®. It From c52c1b779e679bb42e8e8bfea58c26746462b5ea Mon Sep 17 00:00:00 2001 From: Nirmal George Date: Wed, 30 Apr 2025 09:11:13 +0530 Subject: [PATCH 09/11] Zizmor report related fixes (#73) * permission fixes * workflow permission updates * Update .github/workflows/check-spec.yml * Update check-spec.yml --------- Co-authored-by: Anuj Mittal --- .github/workflows/check-circular-deps.yml | 4 ++++ .github/workflows/check-entangled-specs.yml | 4 +++- .github/workflows/check-license-map.yml | 4 +++- .github/workflows/check-manifests.yml | 2 ++ .github/workflows/check-package-cgmanifest.yml | 11 ++++++++--- .github/workflows/check-source-signatures.yml | 10 ++++++++-- .github/workflows/check-spec.yml | 9 +++++++-- .github/workflows/check-static-glibc.yml | 2 ++ .github/workflows/go-test-coverage.yml | 2 ++ .github/workflows/lint-specs.yml | 12 +++++++++--- .github/workflows/lint.yml | 4 ++++ .github/workflows/merge-conflict-check.yml | 13 ++++++++++--- 12 files changed, 62 insertions(+), 15 deletions(-) diff --git a/.github/workflows/check-circular-deps.yml b/.github/workflows/check-circular-deps.yml index d1aa1c2bb3..d995eb6995 100644 --- a/.github/workflows/check-circular-deps.yml +++ b/.github/workflows/check-circular-deps.yml @@ -11,6 +11,8 @@ on: - .github/workflows/check-circular-deps.yml - '**.spec' +permissions: read-all + jobs: spec-check: name: Circular dependency check @@ -20,6 +22,8 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Check for circular dependencies run: | diff --git a/.github/workflows/check-entangled-specs.yml b/.github/workflows/check-entangled-specs.yml index d9d130a658..1ce335df7c 100644 --- a/.github/workflows/check-entangled-specs.yml +++ b/.github/workflows/check-entangled-specs.yml @@ -20,7 +20,9 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 - + with: + persist-credentials: false + # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 uses: actions/setup-python@v5 diff --git a/.github/workflows/check-license-map.yml b/.github/workflows/check-license-map.yml index abe0ee677a..3c77d5769e 100644 --- a/.github/workflows/check-license-map.yml +++ b/.github/workflows/check-license-map.yml @@ -24,7 +24,9 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 - + with: + persist-credentials: false + - name: Setup Python 3.12 uses: actions/setup-python@v5 with: diff --git a/.github/workflows/check-manifests.yml b/.github/workflows/check-manifests.yml index 5c40bab380..77b0398f32 100644 --- a/.github/workflows/check-manifests.yml +++ b/.github/workflows/check-manifests.yml @@ -22,6 +22,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + persist-credentials: false # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - name: Define missing rpm macros diff --git a/.github/workflows/check-package-cgmanifest.yml b/.github/workflows/check-package-cgmanifest.yml index 2c89c989ea..0922498f56 100644 --- a/.github/workflows/check-package-cgmanifest.yml +++ b/.github/workflows/check-package-cgmanifest.yml @@ -22,6 +22,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + with: + persist-credentials: false # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - name: Define missing rpm macros @@ -33,9 +35,12 @@ jobs: - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - git fetch origin ${{ github.base_ref }} - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + git fetch origin $base_ref + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} diff --git a/.github/workflows/check-source-signatures.yml b/.github/workflows/check-source-signatures.yml index 8f6cce3181..efd86fc9e8 100644 --- a/.github/workflows/check-source-signatures.yml +++ b/.github/workflows/check-source-signatures.yml @@ -11,6 +11,8 @@ on: - .github/workflows/check-source-signatures.yml - '**.spec' +permissions: read-all + jobs: spec-check: name: Source Signature Check @@ -24,6 +26,7 @@ jobs: - name: Workflow trigger checkout uses: actions/checkout@v4 with: + persist-credentials: false fetch-depth: 0 # For consistency, we use the same major/minor version of Python that Azure Linux ships @@ -38,8 +41,11 @@ jobs: - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} diff --git a/.github/workflows/check-spec.yml b/.github/workflows/check-spec.yml index b95017005a..4df7f16dc8 100644 --- a/.github/workflows/check-spec.yml +++ b/.github/workflows/check-spec.yml @@ -24,6 +24,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 @@ -37,8 +38,11 @@ jobs: - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} @@ -63,6 +67,7 @@ jobs: with: ref: '3.0' path: '3.0-checkout' + persist-credentials: false - name: Verify .spec files if: ${{ env.updated-specs != '' }} diff --git a/.github/workflows/check-static-glibc.yml b/.github/workflows/check-static-glibc.yml index ad033bc7c3..709f956f7c 100644 --- a/.github/workflows/check-static-glibc.yml +++ b/.github/workflows/check-static-glibc.yml @@ -22,6 +22,8 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 + with: + persist-credentials: false # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 diff --git a/.github/workflows/go-test-coverage.yml b/.github/workflows/go-test-coverage.yml index 3e0f61e6db..e7645372d7 100644 --- a/.github/workflows/go-test-coverage.yml +++ b/.github/workflows/go-test-coverage.yml @@ -33,6 +33,8 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v4 + with: + persist-credentials: false - name: Check go.mod run: | diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index e93fb5be41..47dea50cbf 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -24,13 +24,17 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" - + base_ref="${BASE_REF}" + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} + - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} run: | @@ -50,6 +54,7 @@ jobs: with: ref: '3.0' path: '3.0-checkout' + persist-credentials: false # Our linter is based on the spec-cleaner tool from the folks at openSUSE # We apply a patch to modify it for our needs @@ -59,6 +64,7 @@ jobs: repository: 'rpm-software-management/spec-cleaner' ref: 'spec-cleaner-1.2.0' path: 'spec-cleaner' + persist-credentials: false # For consistency, we use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8cf75ec04e..fdb8bf5a63 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,6 +16,8 @@ on: - "**.spec" - "**.patch" +permissions: read-all + jobs: lint: name: Lint Workflows and Code @@ -32,6 +34,8 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + persist-credentials: false + - name: Lint uses: github/super-linter/slim@v7 env: diff --git a/.github/workflows/merge-conflict-check.yml b/.github/workflows/merge-conflict-check.yml index 26334f09f5..ffe173c40f 100644 --- a/.github/workflows/merge-conflict-check.yml +++ b/.github/workflows/merge-conflict-check.yml @@ -7,6 +7,8 @@ on: pull_request: branches: [main, 3.0*] +permissions: read-all + jobs: spec-check: name: Github Merge Conflict Check @@ -16,13 +18,18 @@ jobs: # Checkout the branch of our repo that triggered this action - name: Workflow trigger checkout uses: actions/checkout@v4 + with: + persist-credentials: false - name: Get base commit for PRs if: ${{ github.event_name == 'pull_request' }} run: | - git fetch origin ${{ github.base_ref }} - echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV - echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" + base_ref="${BASE_REF}" + git fetch origin $base_ref + echo "base_sha=$(git rev-parse origin/$base_ref)" >> $GITHUB_ENV + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} From 3e0eeb9eb77408536a87ecf9bc57715c3db45414 Mon Sep 17 00:00:00 2001 From: Alexandru Dimofte Date: Wed, 7 May 2025 07:18:55 -0700 Subject: [PATCH 10/11] Fixed some linter warnings --- .github/workflows/check-circular-deps.yml | 6 +- .github/workflows/check-entangled-specs.yml | 5 +- .github/workflows/check-license-map.yml | 5 +- .github/workflows/check-manifests.yml | 42 +++--- .../workflows/check-package-cgmanifest.yml | 80 +++++----- .github/workflows/check-source-signatures.yml | 4 +- .github/workflows/check-spec.yml | 4 +- .github/workflows/check-static-glibc.yml | 4 +- .github/workflows/go-test-coverage.yml | 141 +++++++++--------- .github/workflows/lint-specs.yml | 6 +- .github/workflows/lint.yml | 15 +- .github/workflows/merge-conflict-check.yml | 4 +- .github/workflows/publish-docs.yml | 1 - .yamllint.yaml | 8 + 14 files changed, 171 insertions(+), 154 deletions(-) create mode 100644 .yamllint.yaml diff --git a/.github/workflows/check-circular-deps.yml b/.github/workflows/check-circular-deps.yml index d995eb6995..ffaa7843f0 100644 --- a/.github/workflows/check-circular-deps.yml +++ b/.github/workflows/check-circular-deps.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Circular dependency check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Circular dependency check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action @@ -28,7 +28,7 @@ jobs: - name: Check for circular dependencies run: | echo "Checking for circular dependency loops..." - # Call this script to sync the toolchain manifests with the LKG daily build. + # This will sync the toolchain manifests with the LKG daily build. #./toolkit/scripts/setuplkgtoolchain.sh # Determine the LKG daily build ID. #LKG_BUILD_ID=$(wget -qO - https://mariner3dailydevrepo.blob.core.windows.net/lkg/lkg-3.0-dev.json | jq -r ".dailybuildid" | tr '\.' '-') diff --git a/.github/workflows/check-entangled-specs.yml b/.github/workflows/check-entangled-specs.yml index 1ce335df7c..091715956b 100644 --- a/.github/workflows/check-entangled-specs.yml +++ b/.github/workflows/check-entangled-specs.yml @@ -4,6 +4,7 @@ # This action checks that certain groups of specs have matching tags. # The main use case is to ensure that signed specs have the same Version and # Release tags as their unsigned counterparts +--- name: Spec Entanglement Mismatch Check on: @@ -22,8 +23,8 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - # For consistency, we use the same major/minor version of Python that Azure Linux ships + + # We use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 uses: actions/setup-python@v5 with: diff --git a/.github/workflows/check-license-map.yml b/.github/workflows/check-license-map.yml index 3c77d5769e..380ba80588 100644 --- a/.github/workflows/check-license-map.yml +++ b/.github/workflows/check-license-map.yml @@ -3,6 +3,7 @@ # This action checks that the licenses.json file is up-to-date # and that the LICENSES-MAP.md file is up-to-date +--- name: Spec License Map Check on: @@ -18,7 +19,7 @@ permissions: read-all jobs: check: name: Spec License Map Check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action @@ -26,7 +27,7 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - + - name: Setup Python 3.12 uses: actions/setup-python@v5 with: diff --git a/.github/workflows/check-manifests.yml b/.github/workflows/check-manifests.yml index 77b0398f32..4dd0beb027 100644 --- a/.github/workflows/check-manifests.yml +++ b/.github/workflows/check-manifests.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Check Manifests on: @@ -17,28 +17,28 @@ permissions: read-all jobs: build: name: Check Manifests - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v4 - with: + - name: Check out code + uses: actions/checkout@v4 + with: persist-credentials: false - # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - - name: Define missing rpm macros - run: | - if [[ -n $(rpm --eval '%bcond test 1') ]]; then - echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros - fi + # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond + - name: Define missing rpm macros + run: | + if [[ -n $(rpm --eval '%bcond test 1') ]]; then + echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros + fi - - name: Check x86_64 manifests - run: | - echo ########## - echo "Ensure toolchain and pkggen manifests (./toolkit/resources/manifests/package/*) match the versions in the .spec files" - echo "Run './scripts/toolchain/check_manifests.sh -a \"x86_64\"' to validate locally" - echo ########## - pushd toolkit - ./scripts/toolchain/check_manifests.sh -a "x86_64" - popd - shell: bash + - name: Check x86_64 manifests + run: | + echo ########## + echo "Ensure toolchain and pkggen manifests (./toolkit/resources/manifests/package/*) match the versions in the .spec files" + echo "Run './scripts/toolchain/check_manifests.sh -a \"x86_64\"' to validate locally" + echo ########## + pushd toolkit + ./scripts/toolchain/check_manifests.sh -a "x86_64" + popd + shell: bash diff --git a/.github/workflows/check-package-cgmanifest.yml b/.github/workflows/check-package-cgmanifest.yml index 0922498f56..e93e2c1cb9 100644 --- a/.github/workflows/check-package-cgmanifest.yml +++ b/.github/workflows/check-package-cgmanifest.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Check Package CGManifests on: @@ -20,44 +20,44 @@ jobs: runs-on: [ubuntu-latest] steps: - - name: Check out code - uses: actions/checkout@v4 - with: + - name: Check out code + uses: actions/checkout@v4 + with: persist-credentials: false - # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - - name: Define missing rpm macros - run: | - if [[ -n $(rpm --eval '%bcond test 1') ]]; then - echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros - fi - - - name: Get base commit for PRs - if: ${{ github.event_name == 'pull_request' }} - run: | - base_ref="${BASE_REF}" - git fetch origin $base_ref - echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into $base_ref" - env: - BASE_REF: ${{ github.base_ref }} - - - name: Get base commit for Pushes - if: ${{ github.event_name == 'push' }} - run: | - git fetch origin ${{ github.event.before }} - echo "base_sha=${{ github.event.before }}" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.event.before }}" - - - name: Get the changed files - run: | - echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'" - changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; } | awk '{printf "%s ", $0}') - echo "Files to validate: '${changed_specs}'" - echo "updated-specs=${changed_specs}" >> "$GITHUB_ENV" - - - name: Check each spec - run: | - .github/workflows/overwrite_shell_link.sh - .github/workflows/validate-cg-manifest.sh ${{ env.updated-specs }} - shell: bash + # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond + - name: Define missing rpm macros + run: | + if [[ -n $(rpm --eval '%bcond test 1') ]]; then + echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros + fi + + - name: Get base commit for PRs + if: ${{ github.event_name == 'pull_request' }} + run: | + base_ref="${BASE_REF}" + git fetch origin $base_ref + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} + + - name: Get base commit for Pushes + if: ${{ github.event_name == 'push' }} + run: | + git fetch origin ${{ github.event.before }} + echo "base_sha=${{ github.event.before }}" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into ${{ github.event.before }}" + + - name: Get the changed files + run: | + echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'" + changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; } | awk '{printf "%s ", $0}') + echo "Files to validate: '${changed_specs}'" + echo "updated-specs=${changed_specs}" >> "$GITHUB_ENV" + + - name: Check each spec + run: | + .github/workflows/overwrite_shell_link.sh + .github/workflows/validate-cg-manifest.sh ${{ env.updated-specs }} + shell: bash diff --git a/.github/workflows/check-source-signatures.yml b/.github/workflows/check-source-signatures.yml index efd86fc9e8..08c163efa3 100644 --- a/.github/workflows/check-source-signatures.yml +++ b/.github/workflows/check-source-signatures.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Source Signature Check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Source Signature Check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest strategy: matrix: specs-dir: [SPECS, SPECS-EXTENDED] diff --git a/.github/workflows/check-spec.yml b/.github/workflows/check-spec.yml index 4df7f16dc8..2d13e53ecb 100644 --- a/.github/workflows/check-spec.yml +++ b/.github/workflows/check-spec.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Spec files check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Spec files check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action diff --git a/.github/workflows/check-static-glibc.yml b/.github/workflows/check-static-glibc.yml index 709f956f7c..22df2dd10e 100644 --- a/.github/workflows/check-static-glibc.yml +++ b/.github/workflows/check-static-glibc.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Static glibc version check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Static glibc version check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action diff --git a/.github/workflows/go-test-coverage.yml b/.github/workflows/go-test-coverage.yml index e7645372d7..b4c63312e2 100644 --- a/.github/workflows/go-test-coverage.yml +++ b/.github/workflows/go-test-coverage.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Go Test Coverage on: @@ -18,7 +18,7 @@ env: jobs: build: name: Go Test Coverage - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: #- name: Set up Go 1.x @@ -31,80 +31,79 @@ jobs: #run: | #go version && which go - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - with: + - name: Check out code into the Go module directory + uses: actions/checkout@v4 + with: persist-credentials: false - - name: Check go.mod - run: | - if grep -q "go $EXPECTED_GO_VERSION" ./toolkit/tools/go.mod; then - echo "go.mod has correct version ($EXPECTED_GO_VERSION)" - else - actual_version="$(grep -E '^go [0-9]+\.[0-9]+' ./toolkit/tools/go.mod)" - echo "go.mod has bad version expected:$EXPECTED_GO_VERSION, found: $actual_version" - echo "UPDATE ./github/workflows/go-test-coverage.yml AND prerequisite documentation if minimum go version changed" - exit 1 - fi + - name: Check go.mod + run: | + if grep -q "go $EXPECTED_GO_VERSION" ./toolkit/tools/go.mod; then + echo "go.mod has correct version ($EXPECTED_GO_VERSION)" + else + actual_version="$(grep -E '^go [0-9]+\.[0-9]+' ./toolkit/tools/go.mod)" + echo "go.mod has bad version expected:$EXPECTED_GO_VERSION, found: $actual_version" + echo "UPDATE ./github/workflows/go-test-coverage.yml AND prerequisite documentation if minimum go version changed" + exit 1 + fi #- name: Install prerequisites #run: | # sudo apt-get update # sudo apt -y install qemu-utils - - name: Check for bad go formatting - run: | - pushd toolkit - sudo --preserve-env=PATH make go-fmt-all - changes=$(git diff ./*.go) - if [ -n "$changes" ]; then - echo Unformatted go files! - git diff ./*.go - exit 1 - fi - shell: bash - - - name: Check for out of date go modules - run: | - pushd toolkit - sudo make go-mod-tidy - modchanges=$(git diff tools/go.mod) - sumchanges=$(git diff tools/go.sum) - if [ -n "$modchanges$sumchanges" ]; then - echo Module files out of date! - git diff tools/go.mod - git diff tools/go.sum - exit 1 - fi - shell: bash - - - name: Check for missing tests - run: | - pushd toolkit - sudo make go-test-coverage - noTestCount=$(sudo make go-test-coverage | grep -c "no test files") - echo "$noTestCount" - if [ "$noTestCount" -ne "0" ]; then - sudo make go-test-coverage | grep "no test files" - echo Missing "$noTestCount" Go Tests! - fi - shell: bash - - - name: Evaluate test coverage - run: | - pushd toolkit - sudo make go-test-coverage - shell: bash - - - name: Upload test coverage - uses: actions/upload-artifact@v4 - with: - name: TestCoverage - path: toolkit/out/tools/test_coverage_report.html - - - name: Ensure all tools build - run: | - pushd toolkit - sudo make go-tools REBUILD_TOOLS=y - shell: bash - + - name: Check for bad go formatting + run: | + pushd toolkit + sudo --preserve-env=PATH make go-fmt-all + changes=$(git diff ./*.go) + if [ -n "$changes" ]; then + echo Unformatted go files! + git diff ./*.go + exit 1 + fi + shell: bash + + - name: Check for out of date go modules + run: | + pushd toolkit + sudo make go-mod-tidy + modchanges=$(git diff tools/go.mod) + sumchanges=$(git diff tools/go.sum) + if [ -n "$modchanges$sumchanges" ]; then + echo Module files out of date! + git diff tools/go.mod + git diff tools/go.sum + exit 1 + fi + shell: bash + + - name: Check for missing tests + run: | + pushd toolkit + sudo make go-test-coverage + noTestCount=$(sudo make go-test-coverage | grep -c "no test files") + echo "$noTestCount" + if [ "$noTestCount" -ne "0" ]; then + sudo make go-test-coverage | grep "no test files" + echo Missing "$noTestCount" Go Tests! + fi + shell: bash + + - name: Evaluate test coverage + run: | + pushd toolkit + sudo make go-test-coverage + shell: bash + + - name: Upload test coverage + uses: actions/upload-artifact@v4 + with: + name: TestCoverage + path: toolkit/out/tools/test_coverage_report.html + + - name: Ensure all tools build + run: | + pushd toolkit + sudo make go-tools REBUILD_TOOLS=y + shell: bash diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index 47dea50cbf..16e45d7a10 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Spec Linting on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-lint: name: Spec Linting - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action @@ -34,7 +34,7 @@ jobs: echo "Merging ${{ github.sha }} into $base_ref" env: BASE_REF: ${{ github.base_ref }} - + - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} run: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fdb8bf5a63..683352caa9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,9 +6,11 @@ # Documentation: https://github.com/github/super-linter # ############################################################################### +--- name: Linter on: + workflow_dispatch: pull_request: branches: [3.0, 3.0-dev] paths-ignore: @@ -21,7 +23,7 @@ permissions: read-all jobs: lint: name: Lint Workflows and Code - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest permissions: contents: read @@ -39,15 +41,22 @@ jobs: - name: Lint uses: github/super-linter/slim@v7 env: - # the default branch for this stream is 3.0. github.event.repository.default_branch will return main which is not correct + # the default branch for this stream is 3.0. + #github.event.repository.default_branch will return main which is not correct DEFAULT_BRANCH: '3.0' VALIDATE_ALL_CODEBASE: false VALIDATE_GITHUB_ACTIONS: true - GITHUB_ACTIONS_COMMAND_ARGS: -ignore SC2043 -ignore SC2011 -ignore SC2035 -ignore SC2156 -ignore SC2038 -ignore SC2061 -ignore SC2129 -ignore '".+" section is missing in workflow' -ignore 'unexpected key ".+" for "workflow" section' + GITHUB_ACTIONS_COMMAND_ARGS: >- + -ignore SC2043 -ignore SC2011 -ignore SC2035 + -ignore SC2156 -ignore SC2038 -ignore SC2061 + -ignore SC2129 -ignore '".+" section is missing in workflow' + -ignore 'unexpected key ".+" for "workflow" section' VALIDATE_YAML: true VALIDATE_JSON: true VALIDATE_PYTHON: true VALIDATE_BASH: true VALIDATE_MARKDOWN: true SHELLCHECK_OPTS: "--severity=error" + LINTER_RULES_PATH: . + YAML_CONFIG_FILE: .yamllint.yaml GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/merge-conflict-check.yml b/.github/workflows/merge-conflict-check.yml index ffe173c40f..44fb3cbf9d 100644 --- a/.github/workflows/merge-conflict-check.yml +++ b/.github/workflows/merge-conflict-check.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Github Merge Conflict Check on: @@ -12,7 +12,7 @@ permissions: read-all jobs: spec-check: name: Github Merge Conflict Check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index a7d565477e..7ec9569ff2 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -27,4 +27,3 @@ jobs: with: docs_directory: '.' branch_pattern: '^3\.0.*$' - diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000000..aa2563bd94 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + truthy: disable + comments: disable + comments-indentation: disable + line-length: disable From 8b556a7090f7935cd16ad351739e34d01b8ce611 Mon Sep 17 00:00:00 2001 From: Alexandru Dimofte Date: Tue, 13 May 2025 00:17:28 -0700 Subject: [PATCH 11/11] Fixed small linter issue --- .github/workflows/check-package-cgmanifest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/check-package-cgmanifest.yml b/.github/workflows/check-package-cgmanifest.yml index 01c47adf82..e93e2c1cb9 100644 --- a/.github/workflows/check-package-cgmanifest.yml +++ b/.github/workflows/check-package-cgmanifest.yml @@ -61,4 +61,3 @@ jobs: .github/workflows/overwrite_shell_link.sh .github/workflows/validate-cg-manifest.sh ${{ env.updated-specs }} shell: bash -