Merge develop into stable for v2024.04.03 release

.github/workflows/ci.yml

@@ -16,13 +16,13 @@ jobs:
     outputs:
       run-tests: ${{ steps.set-output.outputs.run-tests }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Get specific changed files
         id: changed-files
-        uses: tj-actions/changed-files@v25
+        uses: tj-actions/changed-files@v42
         with:
           separator: ","
           files: |
@@ -47,7 +47,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: exitstatus
           path: exitstatus
@@ -59,7 +59,7 @@ jobs:
 
     if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python 3.9
         uses: actions/setup-python@v4
@@ -84,7 +84,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: exitstatus
           path: exitstatus
@@ -96,7 +96,7 @@ jobs:
     container: koalaman/shellcheck-alpine:v0.7.0
     if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: ShellCheck
         run: |
           shellcheck -s sh -f tty bootstrap-salt.sh
@@ -109,7 +109,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: exitstatus
           path: exitstatus
@@ -603,14 +603,14 @@ jobs:
 
       - name: Download Exit Status Files
         if: always()
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: exitstatus
           path: exitstatus
 
       - name: Delete Exit Status Artifacts
         if: always()
-        uses: geekyeggo/delete-artifact@v1
+        uses: geekyeggo/delete-artifact@v4
         with:
           name: exitstatus
           failOnError: false

.github/workflows/release.yml

@@ -444,95 +444,3 @@ jobs:
           atomic: true
           branch: develop
           repository: ${{ github.repository }}
-
-
-  salt:
-    name: Update Release on Salt Repo
-    runs-on:
-      - self-hosted
-      - linux
-      - repo-release
-    needs:
-      - update-develop-checksums
-    environment: release
-    permissions:
-      contents: write  # For action peter-evans/create-pull-request
-      pull-requests: write  # For action peter-evans/create-pull-request
-
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: stable
-          repository: ${{ github.repository }}
-
-      - name: Get bootstrap version
-        run: |
-          echo "BS_VERSION=$(sh bootstrap-salt.sh -v | awk '{ print $4 }')" >> "$GITHUB_ENV"
-
-      - uses: actions/checkout@v3
-        with:
-          repository: saltstack/salt
-          ref: master
-          path: salt-checkout
-          token: ${{ secrets.SALT_REPO_WRITE_TOKEN }}
-
-      - name: Setup GnuPG
-        run: |
-          sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
-          GNUPGHOME="$(mktemp -d -p /run/gpg)"
-          echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
-          cat <<EOF > "${GNUPGHOME}/gpg.conf"
-          batch
-          no-tty
-          pinentry-mode loopback
-          EOF
-
-      - name: Get Secrets
-        id: get-secrets
-        env:
-          SECRETS_KEY: ${{ secrets.SECRETS_KEY }}
-        run: |
-          SECRETS_KEY_FILE=$(mktemp /tmp/output.XXXXXXXXXX)
-          echo "$SECRETS_KEY" > "$SECRETS_KEY_FILE"
-          aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
-            --query SecretString --output text | jq .default_key -r | base64 -d \
-            | gpg --passphrase-file "${SECRETS_KEY_FILE}" -d - \
-            | gpg --import -
-          sync
-          aws --region us-west-2 secretsmanager get-secret-value --secret-id /cmbu-saltstack/signing/repo-signing-keys-sha256-2023 \
-            --query SecretString --output text| jq .default_passphrase -r | base64 -d \
-            | gpg --passphrase-file "${SECRETS_KEY_FILE}" -o "${GNUPGHOME}/passphrase" -d -
-          sync
-          rm "$SECRETS_KEY_FILE"
-          echo "passphrase-file ${GNUPGHOME}/passphrase" >> "${GNUPGHOME}/gpg.conf"
-
-      - name: Configure Git
-        shell: bash
-        run: |
-          git config --global --add safe.directory "$(pwd)"
-          git config --global user.name "Salt Project Packaging"
-          git config --global user.email saltproject-packaging@vmware.com
-          git config --global user.signingkey 64CBBC8173D76B3F
-          git config --global commit.gpgsign true
-
-      - name: Update bootstrap script on Salt
-        run: |
-          cp bootstrap-salt.sh salt-checkout/salt/cloud/deploy/bootstrap-salt.sh
-
-      - name: Commit Changes
-        working-directory: salt-checkout/
-        run: |
-          git commit -am "Update the bootstrap script to v${{ env.BS_VERSION }}"
-
-      - name: Create Pull Request Against Develop
-        uses: peter-evans/create-pull-request@v5
-        with:
-          title: "Update the bootstrap script to v${{ env.BS_VERSION }}"
-          path: salt-checkout
-          base: master
-          token: ${{ secrets.SALT_REPO_WRITE_TOKEN }}
-          author: "Salt Project Packaging <saltproject-packaging@vmware.com>"
-          committer: "Salt Project Packaging <saltproject-packaging@vmware.com>"
-          commit-message: Update the bootstrap script to v${{ env.BS_VERSION }}
-          signoff: true
-          delete-branch: true

.github/workflows/templates/ci-tail.yml

@@ -11,14 +11,14 @@
 
       - name: Download Exit Status Files
         if: always()
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: exitstatus
           path: exitstatus
 
       - name: Delete Exit Status Artifacts
         if: always()
-        uses: geekyeggo/delete-artifact@v1
+        uses: geekyeggo/delete-artifact@v4
         with:
           name: exitstatus
           failOnError: false

.github/workflows/templates/ci.yml

@@ -16,13 +16,13 @@ jobs:
     outputs:
       run-tests: ${{ steps.set-output.outputs.run-tests }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Get specific changed files
         id: changed-files
-        uses: tj-actions/changed-files@v25
+        uses: tj-actions/changed-files@v42
         with:
           separator: ","
           files: |
@@ -47,7 +47,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: exitstatus
           path: exitstatus
@@ -59,7 +59,7 @@ jobs:
 
     if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python 3.9
         uses: actions/setup-python@v4
@@ -84,7 +84,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: exitstatus
           path: exitstatus
@@ -96,7 +96,7 @@ jobs:
     container: koalaman/shellcheck-alpine:v0.7.0
     if: github.event_name == 'push' || needs.collect-changed-files.outputs.run-tests == 'true'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: ShellCheck
         run: |
           shellcheck -s sh -f tty bootstrap-salt.sh
@@ -109,7 +109,7 @@ jobs:
 
       - name: Upload Exit Status
         if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: exitstatus
           path: exitstatus

CHANGELOG.md

@@ -1,3 +1,18 @@
+# v2024.04.03
+
+## What's Changed
+
+- Remove automated PR against salt repo at release by @ScriptAutomate in https://github.com/saltstack/salt-bootstrap/pull/1984
+- Update actions by @twangboy in https://github.com/saltstack/salt-bootstrap/pull/1985
+- Fix DEBIAN Keyring url by @Dudek-AMS in https://github.com/saltstack/salt-bootstrap/pull/1983
+- Fix script to support installing RC on Windows by @twangboy in https://github.com/saltstack/salt-bootstrap/pull/1993
+
+## New Contributors
+
+- @Dudek-AMS made their first contribution in https://github.com/saltstack/salt-bootstrap/pull/1983
+
+**Full Changelog**: https://github.com/saltstack/salt-bootstrap/compare/v2024.01.04...v2024.04.03
+
 # v2024.01.04
 
 ## What's Changed
@@ -565,7 +580,7 @@
 - add apt-transport-https for ubuntu. (epcim) #896
 - Fix expanding shell script position parameters with nounset enabled. (vutny) #895
 - RFC: Add tests for bootstrap-salt.ps1. (themalkolm) #893
-- Keep original name of salt executable executable. (themalkolm) #857
+- Keep original name of salt executable. (themalkolm) #857
 
 # v2016.06.27:
 

README.rst

@@ -32,6 +32,7 @@ sum** of the downloaded ``bootstrap-salt.sh`` file.
 
 The SHA256 sum of the ``bootstrap-salt.sh`` file, per release, is:
 
+- 2024.01.04: ``cebcbc67895e238d1cf0024922a7fe5c772b9aaba346490c8fa6193bb0d993d4``
 - 2023.11.16: ``3757ed82161113fed4c711fd7332e922265eeeb54e6e4f657a08ea82d57cc3a2``
 - 2023.11.07: ``91f8a3bfb8b14476f7793c7f20cec7bfc638c10c073786f9a8904a858a929784``
 - 2023.08.03: ``963e559bdb85adecfbbec2c3b81190392bc59b24992e4491e919cd748eeafcb8``

RELEASE.md

@@ -3,13 +3,10 @@
 - See if there are any PRs worth squeezing into release.
 - Go through the changes since last release, add them to changelog.
 - Add any new authors to the AUTHORS file.
-- If there's a new Salt release(major), update the script to add support for it.
+- If there's a new Salt release (major), update the script to add support for it.
 - Bump version for release.
 - Open PR against develop with these changes.
-- Once the above PR is merged, open a PR against stable with the changes from develop.
-- Once the above PR is merged, wait until an automatic PR is opened against stable which updates the checksums.
-- Once the above PR is merged, tag the release `v{version-here}` and push the tag.
-- Wait until an automatic PR is opened against the develop branch updating the checksums in `README.rst`. Merge it.
-- Check that an automated PR was opened against the salt repo updating the bootstrap script, located in `salt/cloud/deploy/bootstrap-salt.sh`
-
+- Once the above PR is merged, go to [Cut Release](https://github.com/saltstack/salt-bootstrap/actions/workflows/release.yml) and `Run workflow` against `develop` branch
+- Open a new PR against the branch of the oldest supported version of [the salt repo](https://github.com/saltstack/salt) (ex. `3006.x`), and replace `salt/cloud/deploy/bootstrap-salt.sh` with the latest `bootstrap-salt.sh` file
+- When that PR is merged into [the salt repo](https://github.com/saltstack/salt), merge-forwards into the latest branches and `master` will ensure that the latest bootstrap script is available
 - Victory!