build-git-installers: target an older Ubuntu version #719
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mjcheetham
approved these changes
Jan 17, 2025
derrickstolee
approved these changes
Jan 17, 2025
No need to initialize the `release` environment for the `prereq` job; Originally, the expectation was that this would prevent the repeated need for validating manually that the jobs are allowed to access that environment; However, GitHub Actions does ask for every single job, and for certain reasons it is unlikely that this is ever going to be fixed. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Currently, we target whatever GitHub Actions use as `ubuntu-latest`; This, however, led to the unintentional requirement in v2.47.2.vfs.0.0 to run Ubuntu 24.04 (up from 22.04 in v2.47.1.vfs.0.1). It is important to target a wider audience, though, especially in light of CVE-2024-52005 which is only addressed in Git for Windows and `microsoft/git`, but not Git. We could now go back to 22.04; This would only be a temporary band-aid, https://github.blog/changelog/2025-01-15-github-actions-ubuntu-20-runner-image-brownout-dates-and-other-breaking-changes/ already announced that 20.04 is phased out very soon, and 22.04 will be next. Let's just use a Docker container instead that targets the oldest Ubuntu LTS that is still maintained in _some_ shape or form. This requires a few modifications (`sudo` is not available, GitHub Actions' node.js needs to be overridden, and we need to install a couple of packages explicitly). In particular, we now need two jobs because it turned out to be too convoluted to get `debsign` to work in a headless workflow with Ubuntu 16.04; We still resort to `ubuntu-latest` for that instead. By still verifying the resulting binary in `validate-installers`, we ensure that it installs and works on the latest Ubuntu version by virtue of using `runs-on: ubuntu-latest` in _that_ matrix job. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Do use `apt-get` and ensure that it does not ask for confirmation. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
By using cURL for `imap-send`, we can drop the libssl dependency, which is not installed in Ubuntu 16.04 container by default. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This avoids some Bash-only `sed` invocations to strip quotes where no stripping is required if `az` is asked to output the value in a more appropriate format. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
force-pushed
the
target-older-ubuntu
branch
from
3162433 to
ed8287b
Compare
|
Well, I spent all of yesterday trying to fix the build, and I finally succeeded. This is now ready to be merged. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, we target whatever GitHub Actions use as
ubuntu-latest; This, however, led to the unintentional requirement in v2.47.2.vfs.0.0 to run Ubuntu 24.04 (up from 22.04 in v2.47.1.vfs.0.1).It is important to target a wider audience, though, especially in light of CVE-2024-52005 which is only addressed in Git for Windows and
microsoft/git, but not Git.We could now go back to 22.04; This would only be a temporary band-aid, https://github.blog/changelog/2025-01-15-github-actions-ubuntu-20-runner-image-brownout-dates-and-other-breaking-changes/ already announced that 20.04 is phased out very soon, and 22.04 will be next.
Let's just use a Docker container instead that targets the oldest Ubuntu LTS that is still maintained in some shape or form.
We still verify in
validate-installersthat the resulting binary installs and works on the latest Ubuntu version by virtue of usingruns-on: ubuntu-latestin that matrix job.