Merge branch 'master' into jenkins.aix.fix

adoptium · Dec 5, 2024 · 9949684 · 9949684
2 parents ae6ebe5 + a2c806e
commit 9949684
Show file tree

Hide file tree

Showing 234 changed files with 5,393 additions and 2,503 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,4 +1,6 @@
 ---
+# .ansible-lint
+
 skip_list:
   - '106'  # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
   - '204'  # Lines should be no longer than 160 chars
@@ -22,6 +24,8 @@ skip_list:
   - 'fqcn[action]' # Exclude As Requires Significant Changes ( 249 changes required )
   - 'args[module]' # Exclude Experimental Rule Validation ( Prevents 4 experimental warnings )
 
+kinds:
+  - vars: "ansible/playbooks/adoptopenjdk_variables.yml"
 
 exclude_paths:
-  - ./ansible/playbooks/adoptopenjdk_variables.yml # See: https://github.com/AdoptOpenJDK/openjdk-infrastructure/issues/1926
+  - ansible/playbooks/adoptopenjdk_variables.yml # See: https://github.com/AdoptOpenJDK/openjdk-infrastructure/issues/1926
diff --git a/.github/ISSUE_TEMPLATE/machineaccess.md b/.github/ISSUE_TEMPLATE/machineaccess.md
@@ -6,6 +6,10 @@ labels: 'Temp Infra Access'
 assignees: 'sxa'
 
 ---
+**NOTE: THIS ISSUE SHOULD NOT BE CLOSED BY THE ORIGINATOR IF ACCESS IS GRANTED**.
+When the access is no longer needed please add a comment and a member
+of the infrastructure team will revoke it and close the issue.
+
 Required access level (Delete as appropriate). Note that you should only
 request the minimum level that is required to solve your problem
 

diff --git a/.github/dependabot → .github/dependabot.yml b/.github/dependabot → .github/dependabot.yml
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -9,20 +9,22 @@
 
 # label_name:
 #   - path/to/file_or_folder
+
 ghActions:
-    - .github/workflows/**/*
+- changed-files:
+  - any-glob-to-any-file: [.github/*]
 doc:
-    - docs/*
-    - '**/*.md'
+- changed-files:
+    - any-glob-to-any-file: [docs/*, '**/*.md']
 Vagrant:
-    - ansible/pbTestScripts/**/*
-    - ansible/vagrant/Vagrantfile*
+- changed-files:
+    - any-glob-to-any-file: [ansible/pbTestScripts/**/*, ansible/vagrant/Vagrantfile*]
 pbTests:
-    - ansible/pbTestScripts/**/*
+- changed-files:
+    - any-glob-to-any-file: [ansible/pbTestScripts/**/*]
 docker:
-    - ansible/docker/Dockerfile*
+- changed-files:
+    - any-glob-to-any-file: [ansible/docker/Dockerfile*]
 ansible:
-    - ansible/playbooks/**/*
-    - ansible/plugins/**/*
-    - ansible/inventory.yml
-    - ansible/ansible.cfg
+- changed-files:
+    - any-glob-to-any-file: [ansible/playbooks/**/*, ansible/plugins/**/*, ansible/inventory.yml, ansible/ansible.cfg]
diff --git a/.github/regex_labeler.yml b/.github/regex_labeler.yml
@@ -76,9 +76,9 @@ labels:
   - label: "provider:osuosl"
     matcher:
       title: "osuosl"
-  - label: "provider:scaleway"
+  - label: "provider:skytap"
     matcher:
-      title: "scaleway"
+      title: "skytap"
   - label: "provider:nine"
     matcher:
       title: "nine"

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -25,40 +25,53 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Set up Docker Buildx to use cache feature
-      uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
+      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
 
     - name: Login to Docker Hub
-      uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
+        password: ${{ secrets.DOCKER_TOKEN }}
       if: github.ref == 'refs/heads/master'
 
-    - name: Docker Build & Push Centos6 Image to Docker Hub
-      uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0
+
+    - name: Docker Build CentOS6 Image Test
+      uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
       with:
         file: ./ansible/docker/Dockerfile.CentOS6
         build-args: git_sha=${{ github.sha }}
         tags: adoptopenjdk/centos6_build_image:latest
         cache-from: type=registry,ref=adoptopenjdk/centos6_build_image:latest
         cache-to: type=inline
-        push: ${{ github.ref == 'refs/heads/master' }}
+        push: false
+      if: github.ref != 'refs/heads/master'
+
+    - name: Docker Build & Push Centos6 Image to Docker Hub On Merge
+      uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+      with:
+        file: ./ansible/docker/Dockerfile.CentOS6
+        build-args: git_sha=${{ github.sha }}
+        tags: adoptopenjdk/centos6_build_image:latest
+        cache-from: type=registry,ref=adoptopenjdk/centos6_build_image:latest
+        cache-to: type=inline
+        push: false
+      if: github.ref == 'refs/heads/master'
 
   build-and-push-alpine3:
     name: Alpine3
     runs-on: ubuntu-latest
     steps:
 
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Set up Docker Buildx to use cache feature
-      uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
+      uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
 
     - name: Docker Build Alpine3 Image
-      uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # v2.10.0
+      uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
       with:
         file: ./ansible/docker/Dockerfile.Alpine3
         build-args: git_sha=${{ github.sha }}

diff --git a/.github/workflows/build_mac.yml b/.github/workflows/build_mac.yml
@@ -5,7 +5,7 @@ on:
     paths:
     - .github/workflows/build_mac.yml
     - ansible/playbooks/AdoptOpenJDK_Unix_Playbook/**
-    branches:         
+    branches:
     - master
 
 permissions:
@@ -17,12 +17,23 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [macos-11]
+        include:
+          - os: [macos-13]
+          - os: [macos-14]
     steps:
 
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-    - name: Install dependencies
+    - name: Install Python
+      run: brew install [email protected] --overwrite
+
+    - name: Configure dirmgr
+      run: |
+        mkdir -p ~/.gnupg/
+        touch ~/.gnupg/dirmngr.conf
+        echo "standard-resolver" >  ~/.gnupg/dirmngr.conf
+
+    - name: Install Ansible
       run: brew install ansible
 
     - name: Run Ansible Playbook

diff --git a/.github/workflows/build_qemu.yml b/.github/workflows/build_qemu.yml
@@ -1,4 +1,4 @@
-name: Build QEMU
+name: QEMU Playbook Checker
 
 on:
   pull_request:
@@ -16,7 +16,7 @@ jobs:
   build_job:
     if: ${{ github.event.label.name == 'QEMU-playbook-check' }}
     # The host should always be linux
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     name: Build on ${{ matrix.distro }} ${{ matrix.arch }}
 
     strategy:
@@ -30,16 +30,16 @@ jobs:
             distro: ubuntu18.04
           - arch: s390x
             distro: ubuntu18.04
-          # - arch: riscv64
-          #   distro: ubuntu22.04
+          - arch: riscv64
+            distro: ubuntu20.04
           # - arch: armv7
           #   distro: jessie
 
     steps:
-      - uses: actions/checkout@v2.1.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run on architecture
-        uses: uraimo/run-on-arch-action@v2.4.0
+        uses: uraimo/run-on-arch-action@5397f9e30a9b62422f302092631c99ae1effcd9e # v2.8.1
         with:
           arch: ${{ matrix.arch }}
           distro: ${{ matrix.distro }}

diff --git a/.github/workflows/build_vagrant.yml b/.github/workflows/build_vagrant.yml
@@ -8,59 +8,105 @@ on:
     branches:
     - master
 
+# Cancel existing runs if user makes another push.
+concurrency:
+  group: "${{ github.ref }}"
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
 permissions:
   contents: read
 
 jobs:
   build-solaris:
     name: Solaris
-    runs-on: macos-12
+    runs-on: ubuntu-20.04
     steps:
 
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-    - name: Install dependencies
-      run: |
-        brew install ansible
+    # As Solaris Needs An Older Version Of Ansible/Python
+    # Use Python2 & Pip To Install On Ubuntu 22.04
+    # Rather Than The System Packages
+
+    - name: Install Python 2
+      run: sudo apt-get install python2
+
+    - name: Python 2 Get Pip Bootstrap Script
+      run: curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
+
+    - name: Python 2 Get Pip
+      run: sudo python2 get-pip.py
+
+    - name: Install Ansible Using PIP2
+      run: pip2 install ansible
+
+    - name: Install VirtualBox
+      run: sudo apt-get install virtualbox
+
+    - name: Add Hashicorp GPG Key
+      run: wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+
+    - name: Add Hashicorp Repository
+      run: echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
 
-    - name: Install Solaris 10 Box If Not Already Present
+    - name: Update Repos
+      run: sudo apt-get update
+
+    - name: Install Vagrant
+      run: sudo apt-get install vagrant
+
+    - name: Add User To VBOX group
+      run: sudo usermod -a -G vboxusers $USER
+
+    - name: Cache Solaris10.box
+      id: solaris-10-cache
+      uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+      with:
+        path: Solaris10.box
+        key: sol10boxcache
+
+    - name: Download Solaris 10 Box If Cache Misses
+      if: steps.solaris-10-cache.outputs.cache-hit != 'true'
+      run: wget https://ci.adoptium.net/userContent/vagrant/Solaris10.box.gz
+
+    - name: Verify Checksum If Cache Misses
+      if: steps.solaris-10-cache.outputs.cache-hit != 'true'
       run: |
-        if [ `vagrant box list|grep ^solaris10|wc -l` -gt 0 ]
+        CKSUM=`shasum -a 256 ./Solaris10.box.gz|cut -d" " -f1`
+        if [ "$CKSUM" = "0879215f4bf03f5e125addb139d0b5a49a4f8a258297b765cf1f22a8a7ee3309" ]
         then
-          echo "Box Exists - Do Nothing"
+          echo "Checksum OK"
         else
-          echo "No Box - Download From Jenkins And Import"
-          wget https://ci.adoptium.net/userContent/vagrant/Solaris10.box.gz
-          CKSUM=`shasum -a 256 ./Solaris10.box.gz|cut -d" " -f1`
-          if [ "$CKSUM" = "0879215f4bf03f5e125addb139d0b5a49a4f8a258297b765cf1f22a8a7ee3309" ]
-          then
-            echo "Checksum OK"
-            gunzip Solaris10.box.gz
-            vagrant box add --name="solaris10" ./Solaris10.box
-            rm Solaris10.box
-          else
-            echo "Sum Bad"
-            exit 99;
-          fi
+          echo "Sum Bad"
+          exit 99;
         fi
 
+    - name: Extract Solaris10.box.gz If Cache Misses
+      if: steps.solaris-10-cache.outputs.cache-hit != 'true'
+      run: gunzip Solaris10.box.gz
+
+    - name: Add Solaris 10 Box To Vagrant
+      run: vagrant box add --name="solaris10" ./Solaris10.box
+
     - name: Setup Vagrant VM
+      working-directory: ansible
       run: |
-        cd ansible
         ln -sf vagrant/Vagrantfile.Solaris10 Vagrantfile
         rm -f id_rsa.pub id_rsa
         # Copy the machine's ssh key for the VMs to use, after removing prior files
         ssh-keygen -q -f $PWD/id_rsa -t rsa -N ''
-        vagrant up
+        vagrant plugin install vagrant-vbguest
+        vagrant up --provider=virtualbox
         vagrantPORT=$(vagrant port | grep host | awk '{ print $4 }')
         rm -f playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx
         echo "[127.0.0.1]:${vagrantPORT}" >> playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx
+        [ ! -d $HOME/.ssh ] && mkdir $HOME/.ssh && chmod 700 $HOME/.ssh
         [ ! -r $HOME/.ssh/known_hosts ] && touch $HOME/.ssh/known_hosts && chmod 644 $HOME/.ssh/known_hosts
+        [ ! -d $HOME/.ansible ] && mkdir $HOME/.ansible
         ssh-keygen -R $(cat playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx)
         sed -i -e "s/.*hosts:.*/  hosts: all/g" playbooks/AdoptOpenJDK_Unix_Playbook/main.yml
         awk '{print}/^\[defaults\]$/{print "private_key_file = id_rsa"; print "timeout = 60"; print "remote_tmp = $HOME/.ansible/tmp"}' < ansible.cfg > ansible.cfg.tmp && mv ansible.cfg.tmp ansible.cfg
 
     - name: Run Ansible Playbook
-      run: |
-        cd ansible
-        ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml
+      working-directory: ansible
+      run: ansible-playbook -i playbooks/AdoptOpenJDK_Unix_Playbook/hosts.unx --ssh-common-args='-o HostKeyAlgorithms=ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 -o PubKeyAcceptedKeyTypes=ssh-rsa' -u vagrant -b --skip-tags adoptopenjdk,cups playbooks/AdoptOpenJDK_Unix_Playbook/main.yml
diff --git a/.github/workflows/build_wsl.yml b/.github/workflows/build_wsl.yml
@@ -29,21 +29,29 @@ jobs:
     name: Windows
     runs-on: ${{ matrix.os }}
     steps:
-
-    - name: Setup WinRM and Password
+    - name: Setup WinRM and Password (checksum verified)
       shell: powershell
       run: |
         Set-LocalUser -Name "runneradmin" -Password (ConvertTo-SecureString -AsPlainText "Ansible_password123!" -Force)
         New-NetFirewallRule -DisplayName "ALLOW TCP PORT 5986" -Direction inbound -Profile Any -Action Allow -LocalPort 5986 -Protocol TCP
-        Invoke-WebRequest https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile .\ConfigureRemotingForAnsible.ps1
-        .\ConfigureRemotingForAnsible.ps1 -CertValidityDays 9999
-        .\ConfigureRemotingForAnsible.ps1 -EnableCredSSP
-        .\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert
-        .\ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck
+        Invoke-WebRequest https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 -OutFile .\ConfigureRemotingForAnsible.ps1
+        $expectedChecksum = "EBA72DF06E3E77709595F75D1D5B4D95B06602429DD2A3F7867406DF875B0C70"
+        $actualChecksum = Get-FileHash -Path ".\ConfigureRemotingForAnsible.ps1" -Algorithm SHA256 | Select-Object -ExpandProperty Hash        
+        if ($actualChecksum -ne $expectedChecksum) {
+            Write-Output "Checksum mismatch"
+            Write-Output "Actual Checksum: $actualChecksum"
+            Write-Output "Expect Checksum: $expectedChecksum"
+            exit 1
+        } else {
+            .\ConfigureRemotingForAnsible.ps1 -CertValidityDays 9999
+            .\ConfigureRemotingForAnsible.ps1 -EnableCredSSP
+            .\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert
+            .\ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck       
+        }
 
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-    - uses: Vampire/setup-wsl@230f54c1aaf45965739002df30b3e4de43349a37 # v1.3.4
+    - uses: Vampire/setup-wsl@23f94bc31caaddc08bd1230a00b89f872633d8d7 # v3.1.3
 
     - name: Install dependencies
       run: |