Initial attempt to update cut-release and generate checksums for scripts

.github/workflows/release.yml

@@ -41,11 +41,9 @@ jobs:
       - name: Check Branch
         run: |
           echo "Trying to run the release workflow from branch ${{ github.ref_name }}"
-          ## DGM if [ "${{ github.ref_name }}" != "main" ]; then
-          if [ "${{ github.ref_name }}" != "fix_cut_release" ]; then
+          if [ "${{ github.ref_name }}" != "main" ]; then
               echo "Running the release workflow from the ${{ github.ref_name }} branch is not allowed"
-              ## DGM echo "Allowed branches: main"
-              echo "Allowed branches: fix_cut_release"
+              echo "Allowed branches: main"
               exit 1
           else
               echo "Allowed to release from branch ${{ github.ref_name }}"
@@ -64,15 +62,14 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ## DGM ref: main
-          ref: fix_cut_release
+          ref: main
           repository: ${{ github.repository }}
           ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }}
 
-      ## - name: Install Requirements
-      ##   run: |
-      ##     python3 -m pip install -r requirements/release.txt
-      ##     pre-commit install --install-hooks
+      - name: Install Requirements
+        run: |
+          python3 -m pip install -r requirements/release.txt
+          pre-commit install --install-hooks
 
       - name: Configure Git
         shell: bash
@@ -96,18 +93,15 @@ jobs:
 
       - name: Commit Changes
         run: |
-          ## DGM git commit -am "Update main branch for the ${{ steps.update-repo.outputs.release-version }} release" || \
-          ## DGM   git commit -am "Update main branch for the ${{ steps.update-repo.outputs.release-version }} release"
-          git commit -am "Update fix_cut_release branch for the ${{ steps.update-repo.outputs.release-version }} release" || \
-            git commit -am "Update fix_cut_release branch for the ${{ steps.update-repo.outputs.release-version }} release"
+          git commit -am "Update main branch for the ${{ steps.update-repo.outputs.release-version }} release" || \
+            git commit -am "Update main branch for the ${{ steps.update-repo.outputs.release-version }} release"
 
       - name: Push Changes
         uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839
         with:
           ssh: true
           atomic: true
-          ## DGM branch: main
-          branch: fix_cut_release
+          branch: main
           repository: ${{ github.repository }}
 
       - name: Upload Release Details
@@ -123,7 +117,7 @@ jobs:
   ##   name: Merge develop into stable
   ##   runs-on: ubuntu-latest
   ##   needs:
-  ##     - update-develop
+  ##     - update-main
   ##   environment: release
   ##   permissions:
   ##     contents: write  # To be able to publish the release
@@ -140,7 +134,7 @@ jobs:
   ##       run: |
   ##         git config --global --add safe.directory "$(pwd)"
   ##         git config --global user.name "Salt Project Packaging"
-  ##         git config --global user.email saltproject-packaging@vmware.com
+  ##         git config --global user.email saltproject.pdl@broadcom.com
   ##         git config --global commit.gpgsign false
 
   ##     - name: Download Release Details
@@ -193,7 +187,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ## ref: stable
+          ref: main
           repository: ${{ github.repository }}
           ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }}
 
@@ -213,7 +207,7 @@ jobs:
           name: ${{ env.CUT_RELEASE_VERSION }}
           tag_name: ${{ env.CUT_RELEASE_VERSION }}
           body_path: .cut_release_changes
-          target_commitish: stable
+          target_commitish: main
           draft: false
           prerelease: false
           generate_release_notes: false
@@ -228,60 +222,79 @@ jobs:
           name: release-details
           failOnError: false
 
-  ## update-develop-checksums:
-  ##   name: Update Release Checksums on Develop
-  ##   runs-on: ubuntu-latest
-  ##   needs:
-  ##     - publish-release
-  ##   environment: release
-  ##   permissions:
-  ##     contents: write  # For action peter-evans/create-pull-request
-  ##     pull-requests: write  # For action peter-evans/create-pull-request
+  update-main-checksums:
+    name: Update Release Checksums on Main
+    runs-on: ubuntu-latest
+    needs:
+      - publish-release
+    environment: release
+    permissions:
+      contents: write  # For action peter-evans/create-pull-request
+      pull-requests: write  # For action peter-evans/create-pull-request
 
-  ##   steps:
-  ##     - uses: actions/checkout@v4
-  ##       with:
-  ##         ref: stable
-  ##         repository: ${{ github.repository }}
-  ##         ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: main
+          repository: ${{ github.repository }}
+          ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }}
 
-  ##     ## - name: Get vmtools-salt.sh on stable branch sha256sum
-  ##     ##   run: |
-  ##     ##     echo "SH=$(sha256sum vmtools-salt.sh | awk '{ print $1 }')" >> "$GITHUB_ENV"
-  ##     ##     echo "BS_VERSION=$(sh vmtools-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV"
+      - name: Get vmtools-salt.sh on main branch sha256sum
+        run: |
+          echo "SH=$(sha256sum vmtools-salt.sh | awk '{ print $1 }')" >> "$GITHUB_ENV"
+          echo "BS_VERSION=$(sh vmtools-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV"
 
-  ##     - uses: actions/checkout@v4
-  ##       with:
-  ##         ref: develop
-  ##         repository: ${{ github.repository }}
-  ##         ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }}
+      - uses: actions/checkout@v4
+        with:
+          ref: main
+          repository: ${{ github.repository }}
+          ssh-key: ${{ secrets.SALT_VMTOOLS_RELEASE_KEY }}
 
-  ##     - name: Configure Git
-  ##       shell: bash
-  ##       run: |
-  ##         git config --global --add safe.directory "$(pwd)"
-  ##         git config --global user.name "Salt Project Packaging"
-  ##         git config --global user.email saltproject-packaging@vmware.com
-  ##         git config --global commit.gpgsign false
+      - name: Configure Git
+        shell: bash
+        run: |
+          git config --global --add safe.directory "$(pwd)"
+          git config --global user.name "Salt Project Packaging"
+          git config --global user.email saltproject.pdl@broadcom.com
+          git config --global commit.gpgsign false
 
-  ##     - name: Update Latest Release on README
-  ##       run: |
-  ##         python3 .github/workflows/scripts/update-release-shasum.py ${{ env.BS_VERSION }} ${{ env.SH }}
+      - name: Update Latest Release on README
+        run: |
+          python3 .github/workflows/scripts/update-release-shasum.py ${{ env.BS_VERSION }} ${{ env.SH }}
 
-  ##     - name: Show Changes
-  ##       run: |
-  ##         git status
-  ##         git diff
+      - name: Show Changes
+        run: |
+          git status
+          git diff
 
-  ##     - name: Commit Changes
-  ##       run: |
-  ##         git commit -am "Update README.rst with ${{ env.BS_VERSION }} release sha256sum" || \
-  ##           git commit -am "Update README.rst with ${{ env.BS_VERSION }} release sha256sum"
+      - name: Commit Changes
+        run: |
+          git commit -am "Update README.rst with ${{ env.BS_VERSION }} release sha256sum" || \
+            git commit -am "Update README.rst with ${{ env.BS_VERSION }} release sha256sum"
 
-  ##     - name: Push Changes
-  ##       uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839
-  ##       with:
-  ##         ssh: true
-  ##         atomic: true
-  ##         branch: develop
-  ##         repository: ${{ github.repository }}
+      - name: Push Changes
+        uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839
+        with:
+          ssh: true
+          atomic: true
+          branch: main
+          repository: ${{ github.repository }}
+
+      - name: Update vmtools-salt.sh sha256sum's
+        run: |
+          sha256sum vmtools-salt.sh | awk '{ print $1 }' > vmtools-salt.sh.sha256
+          sha256sum vmtools-salt.ps1 | awk '{ print $1 }' > vmtools-salt.ps1.sha256
+          git commit -a -m "Update sha256 checksums" || git commit -a -m "Update sha256 checksums"
+
+      - name: Push Changes
+        uses: ad-m/github-push-action@b87afee92c6e70ea888be6203a3e9426fda49839
+        with:
+          ssh: true
+          tags: true
+          atomic: true
+          branch: main
+          repository: ${{ github.repository }}
+
+      - name: Tag The ${{ needs.update-main.outputs.release-version }} Release
+        run: |
+          git tag --no-sign -m "Release ${{ needs.update-main.outputs.release-version }}" -a ${{ needs.update-main.outputs.release-version }}

.github/workflows/scripts/update-release-shasum.py

@@ -5,7 +5,7 @@
 
 THIS_FILE = pathlib.Path(__file__).resolve()
 CODE_ROOT = THIS_FILE.parent.parent.parent.parent
-README_PATH = CODE_ROOT / "README.rst"
+README_PATH = CODE_ROOT / "README.md"
 
 
 def main(version, sha256sum):

.pre-commit-config.yaml

@@ -29,6 +29,14 @@ repos:
       - id: check-yaml
       - id: check-json
 
+  - repo: https://github.com/jazzband/pip-tools
+    rev: 7.3.0
+    hooks:
+      - id: pip-compile
+        files: ^requirements/release\.(in|txt)$
+        args:
+          - requirements/release.in
+
   - repo: local
     hooks:
       - id: generate-actions-workflow

README.md

@@ -14,6 +14,21 @@ The script can install, remove, and check the status of an installed Salt minion
 either using a direct command line option or via VMware's use of Guest Variables,
 commonly referred to as guestVars.
 
+In every two-step installation example, you would be well-served to **verify against the SHA256
+sum** of the downloaded ``svtminion.sh`` file.
+
+.. _sha256sums:
+
+The SHA256 sum of the ``svtminion.sh`` file, per release, is:
+
+
+If you're looking for a *one-liner* to install Salt Minion, please read below.
+
+There are also .sha256 files for verifying against in the repo for the main branch.  You can also
+get the correct sha256 sum for the tagged release from
+https://github.com/saltstack/salt-vmtools/releases/latest/download/svtminion.sh.sha256 and
+https://github.com/saltstack/salt-vmtools/releases/latest/download/svtminion.ps1.sha256
+
 
 ## Configuration options
 

requirements/release.in

@@ -0,0 +1,2 @@
+pre-commit
+python-tools-scripts >= 0.18.6

requirements/release.txt

@@ -0,0 +1,60 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile requirements/release.in
+#
+annotated-types==0.7.0
+    # via pydantic
+attrs==24.2.0
+    # via python-tools-scripts
+certifi==2024.8.30
+    # via requests
+cfgv==3.4.0
+    # via pre-commit
+charset-normalizer==3.4.0
+    # via requests
+distlib==0.3.9
+    # via virtualenv
+filelock==3.16.1
+    # via
+    #   python-tools-scripts
+    #   virtualenv
+identify==2.6.3
+    # via pre-commit
+idna==3.10
+    # via requests
+markdown-it-py==3.0.0
+    # via rich
+mdurl==0.1.2
+    # via markdown-it-py
+nodeenv==1.9.1
+    # via pre-commit
+platformdirs==4.3.6
+    # via virtualenv
+pre-commit==4.0.1
+    # via -r requirements/release.in
+pydantic==2.10.3
+    # via python-tools-scripts
+pydantic-core==2.27.1
+    # via pydantic
+pygments==2.18.0
+    # via rich
+python-tools-scripts==0.20.5
+    # via -r requirements/release.in
+pyyaml==6.0.2
+    # via pre-commit
+requests==2.32.3
+    # via python-tools-scripts
+rich==13.9.4
+    # via python-tools-scripts
+typing-extensions==4.12.2
+    # via
+    #   pydantic
+    #   pydantic-core
+    #   python-tools-scripts
+    #   rich
+urllib3==2.2.3
+    # via requests
+virtualenv==20.28.0
+    # via pre-commit