Bump Actions versions to the latest version, cache test container to …

…DockerHub instead of GHCR and finally, use Org secret instead of repo secret
panda-re · Jul 30, 2024 · 6605b55 · 6605b55
1 parent 2d2fccc
commit 6605b55
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 29 deletions.
diff --git a/.github/workflows/local_tests.yml b/.github/workflows/local_tests.yml
@@ -5,11 +5,14 @@
 
 name: Local
 
+on:
+  workflow_dispatch:
+
 jobs:
   local_build_container:
     runs-on: panda-arc
     steps:
-    - uses: actions/checkout@v2 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
+    - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
 
     - name: Build docker container from project root
       run: echo $GITHUB_WORKSPACE; cd $GITHUB_WORKSPACE && DOCKER_BUILDKIT=1 docker build --progress=plain --target developer -t panda_local:${{ github.sha }} .

diff --git a/.github/workflows/parallel_tests.yml b/.github/workflows/parallel_tests.yml
@@ -29,7 +29,7 @@ jobs:
     - name: Install ssl
       run: apt-get -qq install -y libssl-dev
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: 3.9
     - name: Install Python dev headers
@@ -54,23 +54,22 @@ jobs:
       - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
         with:
           fetch-depth: 0
-      - name: 'Login to Github Container Registry'
+      - name: 'Login to DockerHub Registry'
         uses: docker/login-action@v3
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: pandare
+          password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: Build and push
+      - name: Build panda_test container for testing and cache it in DockerHub
         uses: docker/build-push-action@v5
         with:
           context: ${{ github.workspace }}
-          tags: ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}
+          tags: pandare/panda_test:${{ github.sha }}
           target: developer
           push: true
       - name: Minimal test of built container # Just test to see if one of our binaries is built
-        run: docker run --rm "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
+        run: docker run --rm "pandare/panda_test:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
 
   tests:
     if: github.repository  == 'panda-re/panda'
@@ -103,7 +102,7 @@ jobs:
         docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID}
         --mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2
         --mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /tmp; git clone https://github.com/panda-re/panda_test;
         cd ./panda_test/tests/taint2;
         echo 'Running Record:';
@@ -122,11 +121,11 @@ jobs:
         docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
         --mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow
         -e PANDA_TEST=yes --cap-add SYS_NICE
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && chmod +x ./run_all_tests.sh && ./run_all_tests.sh";
 
         docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID}
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py;
         if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi"
 
@@ -135,7 +134,7 @@ jobs:
       run: >-
         docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
         -e PANDA_TEST=yes --cap-add SYS_NICE
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /panda/build && make check"
 
   cleanup:
@@ -159,7 +158,7 @@ jobs:
     runs-on: panda-arc
 
     steps:
-    - uses: actions/checkout@v1 # Clones code into to /home/runner/work/panda
+    - uses: actions/checkout@v4 # Clones code into to /home/runner/work/panda
 
     - name: Build docker container from project root
       run: cd $GITHUB_WORKSPACE && docker build -t panda_local .

diff --git a/.github/workflows/publish_docker.yml b/.github/workflows/publish_docker.yml
@@ -1,6 +1,7 @@
 name: Build and Publish Docker Container and Pypanda Docs # Only for main panda-re repo, not forks
 
 on:
+  workflow_run:
   push:
     branches:
       - dev
@@ -14,7 +15,6 @@ jobs:
     if: github.repository  == 'panda-re/panda' && github.ref == 'refs/heads/dev'
     runs-on: panda-arc
     outputs:
-      upload_url: ${{ steps.create_release.outputs.upload_url }}
       v-version: ${{ steps.version.outputs.v-version }}
     steps:
       - name: Install git
@@ -60,9 +60,9 @@ jobs:
             panda/debian/pandare_*.deb
 
       - name: Store the PyPanda distribution packages
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: python-package-distributions
+          name: pypanda
           path: panda/debian/pandare-*.whl
           if-no-files-found: error
 
@@ -71,7 +71,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           username: pandare
-          password: ${{secrets.pandare_dockerhub}}
+          password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
 
       #- name: 'Login to GHCR Registry'
       #  if: ${{ matrix.ubuntu_version == env.PANDA_CONTAINER_UBUNTU_VERSION }}
@@ -151,9 +151,9 @@ jobs:
 
     steps:
     - name: Download all the dists
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
-        name: python-package-distributions
+        name: pypanda
         path: dist/
 
     - name: Publish distribution 📦 to PyPI
@@ -172,17 +172,18 @@ jobs:
       uses: docker/login-action@v3
       with:
         username: pandare
-        password: ${{secrets.pandare_dockerhub}}
+        password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
 
     - name: Build Bionic container
       # Push both dev and regular container
-      run:  DOCKER_BUILDKIT=1 docker build --progress=plain --target=panda -t pandare/panda_stable:${GITHUB_SHA} $GITHUB_WORKSPACE;
-            docker tag pandare/panda_stable:${GITHUB_SHA} pandare/panda_stable:latest
-            docker push pandare/panda_stable:${GITHUB_SHA};
-            docker push pandare/panda_stable;
-            #DOCKER_BUILDKIT=1 docker build --progress=plain --target=developer -t pandare/pandadev:${GITHUB_SHA} $GITHUB_WORKSPACE;
-            #docker tag pandare/panadev:${GITHUB_SHA} pandare/pandadev:latest
-            #docker push pandare/pandadev;
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: ${{ github.workspace }}
+        tags: |
+          pandare/panda_stable:${{ github.sha }}
+          pandare/panda_stable:latest
+        target: panda
 
     - name: Checkout docs and reset
       run: rm -rf "${GITHUB_WORKSPACE}/auto_pydoc";

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v9
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         days-before-close: 30