Small Updates Part I - more GHA Tweaks

.github/workflows/local_tests.yml

@@ -5,11 +5,14 @@
 
 name: Local
 
+on:
+  workflow_dispatch:
+
 jobs:
   local_build_container:
     runs-on: panda-arc
     steps:
-    - uses: actions/checkout@v2 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
+    - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
 
     - name: Build docker container from project root
       run: echo $GITHUB_WORKSPACE; cd $GITHUB_WORKSPACE && DOCKER_BUILDKIT=1 docker build --progress=plain --target developer -t panda_local:${{ github.sha }} .

.github/workflows/parallel_tests.yml

@@ -22,21 +22,26 @@ jobs:
     steps:
     - name: Update
       run: apt-get -qq update -y
+
     - name: Install ssl
       run: apt-get -qq install -y libssl-dev
+
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v5
       with:
         python-version: 3.9
+
     - name: Install Python dev headers
       run: apt-get -qq install -y libpython3.9-dev
     - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
+
     - name: Lint PyPANDA with flake8
       run: |
        pip install --upgrade pip
        pip install flake8
        flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --select=E9,F63,F7,F82 --show-source --statistics
        # python -m flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
     - name: Run install_ubuntu.sh
       run: cd $GITHUB_WORKSPACE && ./panda/scripts/install_ubuntu.sh
 
@@ -50,23 +55,40 @@ jobs:
       - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
         with:
           fetch-depth: 0
-      - name: 'Login to Github Container Registry'
+
+      - name: 'Login to DockerHub Registry'
         uses: docker/login-action@v3
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: pandare
+          password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-      - name: Build and push
+
+      - name: Build panda_test container for testing and cache it in DockerHub
         uses: docker/build-push-action@v5
         with:
           context: ${{ github.workspace }}
-          tags: ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}
+          tags: pandare/panda_test:${{ github.sha }}
           target: developer
           push: true
+
       - name: Minimal test of built container # Just test to see if one of our binaries is built
-        run: docker run --rm "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
+        run: docker run --rm "pandare/panda_test:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
+
+      # https://docs.docker.com/reference/cli/docker/image/save/
+      #- name: Save Docker image as artifact
+      #  run: |
+      #    docker save panda_test:${{ github.sha }} | gzip > panda.tar.gz
+
+      #- name: Upload Docker image artifact
+      #  uses: actions/upload-artifact@v4
+      #  with:
+      #    name: panda
+      #    path: panda.tar.gz
+
+      #- name: Minimal test of built container # Just test to see if one of our binaries is built
+      #  run: docker run --rm "panda_test:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
 
   tests:
     if: github.repository  == 'panda-re/panda'
@@ -89,8 +111,21 @@ jobs:
     # Given a container with PANDA installed at /panda, run the taint tests
     - name: Update
       run: sudo apt-get -qq update -y
+
     - name: Install ssl
       run: sudo apt-get -qq install -y wget
+
+    #- name: Download Docker image artifact
+    #  uses: actions/download-artifact@v4
+    #  with:
+    #    name: panda
+
+    # https://docs.docker.com/reference/cli/docker/image/load/
+    #- name: Load Docker image
+    #  run: |
+    #    cat panda.tar.gz | gzip -d > panda.tar
+    #    docker load -i panda.tar
+
     - name: Run Taint Tests
       if: matrix.test_type == 'taint'
       run: >-
@@ -99,7 +134,7 @@ jobs:
         docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID}
         --mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2
         --mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /tmp; git clone https://github.com/panda-re/panda_test;
         cd ./panda_test/tests/taint2;
         echo 'Running Record:';
@@ -118,11 +153,11 @@ jobs:
         docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
         --mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow
         -e PANDA_TEST=yes --cap-add SYS_NICE
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && chmod +x ./run_all_tests.sh && ./run_all_tests.sh";
 
         docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID}
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py;
         if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi"
 
@@ -131,7 +166,7 @@ jobs:
       run: >-
         docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
         -e PANDA_TEST=yes --cap-add SYS_NICE
-        --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c
+        --rm -t "pandare/panda_test:${{ github.sha }}" bash -c
         "cd /panda/build && make check"
 
   cleanup:
@@ -155,7 +190,7 @@ jobs:
     runs-on: panda-arc
 
     steps:
-    - uses: actions/checkout@v1 # Clones code into to /home/runner/work/panda
+    - uses: actions/checkout@v4 # Clones code into to /home/runner/work/panda
 
     - name: Build docker container from project root
       run: cd $GITHUB_WORKSPACE && docker build -t panda_local .
@@ -164,4 +199,4 @@ jobs:
       run: docker run --rm panda_local /bin/bash -c 'exit $(panda-system-arm -help | grep -q "usage. panda-system-arm")'
 
     - name: Minimal test of built container # Run make check to check all architectures (in serial)
-      run: docker run --rm panda_local /bin/bash -c 'cd /panda/build && make check'
+      run: docker run --rm panda_local /bin/bash -c 'cd /panda/build && make check'

.github/workflows/publish_docker.yml

@@ -1,6 +1,10 @@
 name: Build and Publish Docker Container and Pypanda Docs # Only for main panda-re repo, not forks
 
 on:
+  workflow_run:
+    workflows: ["Parallel Tests"]
+    types:
+      - completed
   push:
     branches:
       - dev
@@ -14,7 +18,6 @@ jobs:
     if: github.repository  == 'panda-re/panda' && github.ref == 'refs/heads/dev'
     runs-on: panda-arc
     outputs:
-      upload_url: ${{ steps.create_release.outputs.upload_url }}
       v-version: ${{ steps.version.outputs.v-version }}
     steps:
       - name: Install git
@@ -60,9 +63,9 @@ jobs:
             panda/debian/pandare_*.deb
 
       - name: Store the PyPanda distribution packages
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: python-package-distributions
+          name: pypanda
           path: panda/debian/pandare-*.whl
           if-no-files-found: error
 
@@ -71,7 +74,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           username: pandare
-          password: ${{secrets.pandare_dockerhub}}
+          password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
 
       #- name: 'Login to GHCR Registry'
       #  if: ${{ matrix.ubuntu_version == env.PANDA_CONTAINER_UBUNTU_VERSION }}
@@ -95,6 +98,7 @@ jobs:
         #    ghcr.io/pandare/panda:${{ needs.create_release.outputs.v-version }}
         #    ghcr.io/pandare/panda:latest
           target: panda
+
       - name: Build pandadev:latest
         if: ${{ matrix.ubuntu_version == env.PANDA_CONTAINER_UBUNTU_VERSION }}
         uses: docker/build-push-action@v5
@@ -109,10 +113,12 @@ jobs:
          #   ghcr.io/pandare/pandadev:${{ needs.create_release.outputs.v-version }}
          #   ghcr.io/pandare/pandadev:latest
           target: developer
+
       - name: Checkout docs and reset
         if: ${{ matrix.ubuntu_version == env.PANDA_CONTAINER_UBUNTU_VERSION }}
         run: rm -rf "${GITHUB_WORKSPACE}/auto_pydoc";
              git clone https://panda-jenkins-ci:${{ secrets.PANDABOT_GITHUB_API }}@github.com/panda-re/panda-re.github.io.git --branch=master ${GITHUB_WORKSPACE}/auto_pydoc/pandare
+
       - name: Update PYPANDA docs in container
         if: ${{ matrix.ubuntu_version == env.PANDA_CONTAINER_UBUNTU_VERSION }}
         run: docker run --rm -v ${GITHUB_WORKSPACE}/auto_pydoc:/out pandare/pandadev:latest /bin/sh -c "pip3 install pdoc3; cd /panda/panda/python/core; pdoc3 --html --template-dir=../docs/template --force -o /out/${GITHUB_REF##*/} pandare; chmod -R 777 /out/"
@@ -121,6 +127,7 @@ jobs:
         #
         # This is a bit complicated, sorry. We want to keep pandare/{CNAME,.git/} and nothing else
         # then we copy in the new files (and merge doc-search.html and index.js with dev/pandare/
+
       - name: Push PYPANDA docs to GitHub Pages if docs changed
         if: ${{ matrix.ubuntu_version == env.PANDA_CONTAINER_UBUNTU_VERSION }}
         run: cd "${GITHUB_WORKSPACE}/auto_pydoc" &&
@@ -150,10 +157,10 @@ jobs:
       id-token: write  # IMPORTANT: mandatory for trusted publishing
 
     steps:
-    - name: Download all the dists
-      uses: actions/download-artifact@v3
+    - name: Download PyPanda from Release Assets
+      uses: actions/download-artifact@v4
       with:
-        name: python-package-distributions
+        name: pypanda
         path: dist/
 
     - name: Publish distribution 📦 to PyPI
@@ -172,17 +179,17 @@ jobs:
       uses: docker/login-action@v3
       with:
         username: pandare
-        password: ${{secrets.pandare_dockerhub}}
+        password: ${{secrets.ALL_PANDARE_DOCKERHUB}}
 
     - name: Build Bionic container
-      # Push both dev and regular container
-      run:  DOCKER_BUILDKIT=1 docker build --progress=plain --target=panda -t pandare/panda_stable:${GITHUB_SHA} $GITHUB_WORKSPACE;
-            docker tag pandare/panda_stable:${GITHUB_SHA} pandare/panda_stable:latest
-            docker push pandare/panda_stable:${GITHUB_SHA};
-            docker push pandare/panda_stable;
-            #DOCKER_BUILDKIT=1 docker build --progress=plain --target=developer -t pandare/pandadev:${GITHUB_SHA} $GITHUB_WORKSPACE;
-            #docker tag pandare/panadev:${GITHUB_SHA} pandare/pandadev:latest
-            #docker push pandare/pandadev;
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: ${{ github.workspace }}
+        tags: |
+          pandare/panda_stable:${{ github.sha }}
+          pandare/panda_stable:latest
+        target: panda
 
     - name: Checkout docs and reset
       run: rm -rf "${GITHUB_WORKSPACE}/auto_pydoc";

.github/workflows/stale.yml

@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@v9
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         days-before-close: 30