Open
Conversation
Signed-off-by: Renê de Souza Pinto <rene@renesp.com.br>
Signed-off-by: Renê de Souza Pinto <rene@renesp.com.br>
pointing to europaul Signed-off-by: Paul Gaiduk <paulg@zededa.com>
During the SBOM collect-sources step, curl downloads of upstream source tarballs have no timeout configured. This causes the entire pipeline to hang for extended periods when upstream mirrors are slow or unreachable (e.g. ftp.gnu.org regularly takes 2+ minutes just to fail a connection). Add --connect-timeout (10s), --max-time (2min) and --retry (3 attempts) to the curl call in get-alpine-pkg-source.sh. All values are configurable via environment variables CURL_CONNECT_TIMEOUT, CURL_MAX_TIME and CURL_RETRIES. Signed-off-by: Paul Gaiduk <paulg@zededa.com>
Some upstream source URLs in Alpine APKBUILDs point to notoriously slow or unreliable hosts (e.g. ftp.gnu.org over FTP). This causes the SBOM collect-sources step to spend a long time on downloads that will likely fail anyway. Add a URL rewriting function that transparently tries faster mirrors before falling back to the original URL: - ftp.gnu.org (FTP/HTTP/HTTPS) -> ftpmirror.gnu.org (geo-routed HTTPS) - download-mirror.savannah.gnu.org -> download.savannah.gnu.org (geo-routed) - www.kernel.org -> mirrors.edge.kernel.org (CDN-backed) - busybox.net -> sources.buildroot.net (buildroot mirror) Signed-off-by: Paul Gaiduk <paulg@zededa.com>
The SBOM collect-sources step downloads hundreds of source tarballs sequentially, which makes the entire process very slow especially when some upstream mirrors are unresponsive. Restructure the download logic into three phases: 1. Collect all download jobs while processing APKBUILDs (sequential, fast) 2. Download source files in parallel using background jobs (default: 8) 3. Verify SHA512 checksums after all downloads complete (sequential, fast) The parallelism is configurable via the PARALLEL_JOBS env var. Signed-off-by: Paul Gaiduk <paulg@zededa.com>
GitHub is deprecating Node.js 20 actions. Starting June 2nd, 2026, actions will be forced to run with Node.js 24 by default, and Node.js 20 will be removed from runners on September 16th, 2026. Update all GitHub Actions in CI workflows to the latest versions that support Node.js 24 and pin them to commit SHAs for supply-chain security: - actions/checkout v5.0.0 -> v6.0.2 - actions/cache v4.3.0 -> v5.0.4 - actions/upload-artifact v5.0.0 -> v7.0.0 - actions/download-artifact v6.0.0 -> v8.0.1 - actions/setup-go v6.0.0 -> v6.3.0 - docker/login-action v3.6.0 -> v4.0.0 - docker/setup-buildx-action v3 (unpinned) -> v4.0.0 (pinned) - github/codeql-action v4.31.3 -> v4.35.1 - codecov/codecov-action v5.5.1 -> v6.0.0 - zizmorcore/zizmor-action v0.2.0 -> v0.5.2 - google/osv-scanner-action v1.9.2 -> v2.3.5 Signed-off-by: Mikhail Malyshev <mike.malyshev@gmail.com>
to trigger build & test Signed-off-by: Paul Gaiduk <paulg@zededa.com>
rucoder
force-pushed
the
master
branch
4 times, most recently
from
ca532e2 to
85ffa22
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a PR to test lf-edge#5713