Merge remote-tracking branch 'origin/master' into ckochhof/dev/master…

…/daos-16501 Required-githooks: true
daos-stack · Dec 6, 2024 · e7e8139 · e7e8139
2 parents 7e9f339 + ab5815d
commit e7e8139
Show file tree

Hide file tree

Showing 524 changed files with 43,541 additions and 8,382 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directories:
+      - /utils/ansible/ftest/
+      - /utils/cq/
+      - /
+    schedule:
+      interval: daily
+    groups:
+      python-packages:
+        patterns:
+          - "*"
diff --git a/.github/workflows/ci2.yml b/.github/workflows/ci2.yml
@@ -15,7 +15,7 @@ jobs:
   # from scratch, but do not save them.
   Build-and-test:
     name: Run DAOS/NLT tests
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       # https://github.com/EnricoMi/publish-unit-test-result-action#permissions
       checks: write
@@ -26,7 +26,7 @@ jobs:
         include:
           - distro: ubuntu
             base: ubuntu
-            with: ubuntu:mantic
+            with: ubuntu:oracular
     env:
       DEPS_JOBS: 10
       COMPILER: clang
@@ -76,7 +76,7 @@ jobs:
 
   Build:
     name: Build DAOS
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:

diff --git a/.github/workflows/landing-builds.yml b/.github/workflows/landing-builds.yml
@@ -16,6 +16,7 @@ on:
       - ci/**
       - requirements-build.txt
       - requirements-utest.txt
+      - utils/build.config
 
 permissions: {}
 
@@ -34,7 +35,7 @@ jobs:
   # for distros where we only want to build on master and not PRs see the Build-branch job below.
   Prepare:
     name: Create Docker images
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       max-parallel: 1
@@ -43,7 +44,7 @@ jobs:
         include:
           - distro: ubuntu
             base: ubuntu
-            with: ubuntu:mantic
+            with: ubuntu:oracular
           - distro: rocky
             base: el.9
             with: rockylinux/rockylinux:9
@@ -87,7 +88,7 @@ jobs:
   Build-and-test:
     name: Run DAOS/NLT tests
     needs: Prepare
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       # https://github.com/EnricoMi/publish-unit-test-result-action#permissions
       checks: write
@@ -98,7 +99,7 @@ jobs:
         include:
           - distro: ubuntu
             base: ubuntu
-            with: ubuntu:mantic
+            with: ubuntu:oracular
     env:
       DEPS_JOBS: 10
       BASE_DISTRO: ${{ matrix.with }}
@@ -147,7 +148,7 @@ jobs:
   Build:
     name: Build DAOS in image
     needs: Prepare
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       max-parallel: 2
@@ -157,7 +158,7 @@ jobs:
         include:
           - distro: ubuntu
             base: ubuntu
-            with: ubuntu:mantic
+            with: ubuntu:oracular
           - distro: rocky
             base: el.9
             with: rockylinux/rockylinux:9
@@ -225,7 +226,7 @@ jobs:
 
   Build-branch:
     name: Build DAOS
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
@@ -321,7 +322,7 @@ jobs:
         include:
           - distro: ubuntu
             base: ubuntu
-            with: ubuntu:mantic
+            with: ubuntu:oracular
           - distro: alma.8
             base: el.8
             with: almalinux:8

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -26,7 +26,7 @@ jobs:
       - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d  # v5.1.0
         with:
           python-version: '3'
-      - uses: isort/isort-action@master
+      - uses: isort/isort-action@f14e57e1d457956c45a19c05a89cccdf087846e5  # v1.1.0
         with:
           requirementsFiles: "requirements.txt"
       - name: Run on SConstruct file.
@@ -36,7 +36,7 @@ jobs:
 
   shell-check:
     name: ShellCheck
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
@@ -54,7 +54,7 @@ jobs:
 
   log-check:
     name: Logging macro checking
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
@@ -65,15 +65,15 @@ jobs:
 
   ftest-tags:
     name: Ftest tag check
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
       - name: Check DAOS ftest tags.
         run: \[ ! -x src/tests/ftest/tags.py \] || ./src/tests/ftest/tags.py lint --verbose
 
   flake8-lint:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     name: Flake8 check
     steps:
       - name: Check out source repository
@@ -107,7 +107,7 @@ jobs:
 
   doxygen:
     name: Doxygen
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
@@ -128,7 +128,7 @@ jobs:
 
   pylint:
     name: Pylint check
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
@@ -148,7 +148,7 @@ jobs:
 
   codespell:
     name: Codespell
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
@@ -163,7 +163,7 @@ jobs:
 
   clang-format:
     name: Clang Format
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
@@ -182,7 +182,7 @@ jobs:
 
   yaml-lint:
     name: Yamllint check
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Check out source repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
@@ -199,7 +199,7 @@ jobs:
 
   linting-summary:
     name: Linting Summary
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs:
       - isort
       - shell-check

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -38,7 +38,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736  # v2.3.1
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46  # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif

diff --git a/.github/workflows/pr-metadata.yml b/.github/workflows/pr-metadata.yml
@@ -13,7 +13,7 @@ permissions: {}
 
 jobs:
   example_comment_pr:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       pull-requests: write
     name: Report Jira data to PR comment

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -1,22 +1,32 @@
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+# Copyright (c) 2024 Intel Corporation.
+
 name: Trivy scan
 
 on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+  push:
+    branches: ["master", "release/**"]
   pull_request:
     branches: ["master", "release/**"]
 
 # Declare default permissions as nothing.
 permissions: {}
 
 jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-20.04
+  scan:
+    name: Scan with Trivy
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
 
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # 0.24.0
+      - name: Run Trivy vulnerability scanner in filesystem mode (table format)
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2  # 0.28.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -40,8 +50,8 @@ jobs:
             utils/trivy/trivy.yaml
           sed -i 's/format: template/format: sarif/g' utils/trivy/trivy.yaml
 
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # 0.24.0
+      - name: Run Trivy vulnerability scanner in filesystem mode (sarif format)
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2  # 0.28.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -59,8 +69,8 @@ jobs:
           sed -i 's/format: sarif/format: table/g' utils/trivy/trivy.yaml
           sed -i 's/exit-code: 0/exit-code: 1/g' utils/trivy/trivy.yaml
 
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # 0.24.0
+      - name: Run Trivy vulnerability scanner in filesystem mode (human readable format)
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2  # 0.28.0
         with:
           scan-type: 'fs'
           scan-ref: '.'

diff --git a/.github/workflows/version-checks.yml b/.github/workflows/version-checks.yml
@@ -7,13 +7,14 @@ on:
   pull_request:
     paths:
       - 'utils/cq/requirements.txt'
+      - '.github/workflows/version-checks.yml'
 
 permissions: {}
 
 jobs:
   upgrade-check:
     name: Check for updates
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix: