Bump Actions versions to the latest version, cache test container to …

…DockerHub instead of GHCR and finally, use Org secret instead of repo secret

.github/workflows/local_tests.yml

@@ -5,11 +5,14 @@
 
 name: Local
 
+on:
+  workflow_dispatch:
+
 jobs:
   local_build_container:
     runs-on: panda-arc
     steps:
-    - uses: actions/checkout@v2 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
+    - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
 
     - name: Build docker container from project root
       run: echo $GITHUB_WORKSPACE; cd $GITHUB_WORKSPACE && DOCKER_BUILDKIT=1 docker build --progress=plain --target developer -t panda_local:${{ github.sha }} .

.github/workflows/parallel_tests.yml

@@ -29,7 +29,7 @@ jobs:
     - name: Install ssl
       run: apt-get -qq install -y libssl-dev
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: 3.9
     - name: Install Python dev headers
@@ -54,23 +54,22 @@ jobs:
       - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
         with:
           fetch-depth: 0
-      - name: 'Login to Github Container Registry'
+      - name: 'Login to DockerHub Registry'
         uses: docker/login-action@v3
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: pandare
+          password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: Build and push
+      - name: Build panda_test container for testing and cache it in DockerHub
         uses: docker/build-push-action@v5
         with:
           context: ${{ github.workspace }}
-          tags: ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}
+          tags: pandare/panda_test:${{ github.sha }}
           target: developer
           push: true
       - name: Minimal test of built container # Just test to see if one of our binaries is built
-        run: docker run --rm "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
+        run: docker run --rm "pandare/panda_test:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
 
   tests:
     if: github.repository  == 'panda-re/panda'
@@ -103,7 +102,7 @@ jobs:
         docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID}
         --mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2
         --mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /tmp; git clone https://github.com/panda-re/panda_test;
         cd ./panda_test/tests/taint2;
         echo 'Running Record:';
@@ -122,11 +121,11 @@ jobs:
         docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
         --mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow
         -e PANDA_TEST=yes --cap-add SYS_NICE
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && chmod +x ./run_all_tests.sh && ./run_all_tests.sh";
 
         docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID}
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py;
         if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi"
 
@@ -135,7 +134,7 @@ jobs:
       run: >-
         docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
         -e PANDA_TEST=yes --cap-add SYS_NICE
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /panda/build && make check"
 
   cleanup:
@@ -159,7 +158,7 @@ jobs:
     runs-on: panda-arc
 
     steps:
-    - uses: actions/checkout@v1 # Clones code into to /home/runner/work/panda
+    - uses: actions/checkout@v4 # Clones code into to /home/runner/work/panda
 
     - name: Build docker container from project root
       run: cd $GITHUB_WORKSPACE && docker build -t panda_local .

.github/workflows/publish_docker.yml

@@ -1,6 +1,7 @@
 name: Build and Publish Docker Container and Pypanda Docs # Only for main panda-re repo, not forks
 
 on:
+  workflow_run:
   push:
     branches:
       - dev
@@ -14,7 +15,6 @@ jobs:
     if: github.repository  == 'panda-re/panda' && github.ref == 'refs/heads/dev'
     runs-on: panda-arc
     outputs:
-      upload_url: ${{ steps.create_release.outputs.upload_url }}
       v-version: ${{ steps.version.outputs.v-version }}
     steps:
       - name: Install git
@@ -60,9 +60,9 @@ jobs:
             panda/debian/pandare_*.deb
 
       - name: Store the PyPanda distribution packages
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: python-package-distributions
+          name: pypanda
           path: panda/debian/pandare-*.whl
           if-no-files-found: error
 
@@ -71,7 +71,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           username: pandare
-          password: ${{secrets.pandare_dockerhub}}
+          password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
 
       #- name: 'Login to GHCR Registry'
       #  if: ${{ matrix.ubuntu_version == env.PANDA_CONTAINER_UBUNTU_VERSION }}
@@ -151,9 +151,9 @@ jobs:
 
     steps:
     - name: Download all the dists
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
-        name: python-package-distributions
+        name: pypanda
         path: dist/
 
     - name: Publish distribution 📦 to PyPI
@@ -172,17 +172,18 @@ jobs:
       uses: docker/login-action@v3
       with:
         username: pandare
-        password: ${{secrets.pandare_dockerhub}}
+        password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
 
     - name: Build Bionic container
       # Push both dev and regular container
-      run:  DOCKER_BUILDKIT=1 docker build --progress=plain --target=panda -t pandare/panda_stable:${GITHUB_SHA} $GITHUB_WORKSPACE;
-            docker tag pandare/panda_stable:${GITHUB_SHA} pandare/panda_stable:latest
-            docker push pandare/panda_stable:${GITHUB_SHA};
-            docker push pandare/panda_stable;
-            #DOCKER_BUILDKIT=1 docker build --progress=plain --target=developer -t pandare/pandadev:${GITHUB_SHA} $GITHUB_WORKSPACE;
-            #docker tag pandare/panadev:${GITHUB_SHA} pandare/pandadev:latest
-            #docker push pandare/pandadev;
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: ${{ github.workspace }}
+        tags: |
+          pandare/panda_stable:${{ github.sha }}
+          pandare/panda_stable:latest
+        target: panda
 
     - name: Checkout docs and reset
       run: rm -rf "${GITHUB_WORKSPACE}/auto_pydoc";

.github/workflows/stale.yml

@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v9
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         days-before-close: 30

README.md

@@ -59,8 +59,8 @@ $ docker run --rm pandadev panda-system-i386 --help
 The Python interface to PANDA (also known as *pypanda*) can be installed from [PIP](https://pypi.org/project/pandare/) by running `pip3 install pandare`. This will install everything you need for python-based PANDA analyses, but not stand-alone PANDA binaries. The distributed binaries are only tested on 64-bit Ubuntu 18.04 and other architectures/versions are unlikely to work. You can also install pypanda by building PANDA and then running `python3 setup.py install` from the directory `panda/panda/python/core`.
 
 ###  Debian, Ubuntu
-The fastest way to install PANDA would be through installing [the debian packages](https://github.com/pandare/panda/releases). 
-There is a debian package for both Ubuntu 20.04 and Ubuntu 22.04, and its corresponding PyPanda package. 
+The fastest way to install PANDA would be through installing [the debian packages](https://github.com/pandare/panda/releases).
+There is a debian package for both Ubuntu 20.04 and Ubuntu 22.04, and its corresponding PyPanda package.
 Because PANDA has a few dependencies, we've encoded the build instructions into
 the [install\_ubuntu.sh](panda/scripts/install\_ubuntu.sh). The script should
 work on the latest Debian stable/Ubuntu LTS versions.
@@ -75,7 +75,7 @@ commands into whatever package manager your distribution uses.
 Note that if you want to use our LLVM features (mainly the dynamic taint
 system), you will need to install LLVM 11 from OS packages or compiled from
 source. On Ubuntu this should happen automatically via `install_ubuntu.sh`.
-Additionally, it is **strongly** recommended that you only build PANDA as 64-bit binary. 
+Additionally, it is **strongly** recommended that you only build PANDA as 64-bit binary.
 Creating a 32-bit build should be possible, but best avoided.
 See the limitations section for details.