Merge branch 'main' into feat/inventory-remove-orka-release

Author: UlisesGascon

.github/workflows/check_assets-tool.yml

@@ -0,0 +1,43 @@
+name: Run tests for check_assets
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/check_assets-tool.yml'
+      - 'ansible/www-standalone/tools/promote/expected_assets/*'
+      - 'ansible/www-standalone/tools/promote/check_assets*'
+      - 'ansible/www-standalone/tools/promote/check_r2_assets*'
+      - 'ansible/www-standalone/tools/promote/test/**'
+  push:
+    paths:
+      - '.github/workflows/check_assets-tool.yml'
+      - 'ansible/www-standalone/tools/promote/expected_assets/*'
+      - 'ansible/www-standalone/tools/promote/check_assets*'
+      - 'ansible/www-standalone/tools/promote/check_r2_assets*'
+      - 'ansible/www-standalone/tools/promote/test/**'
+  schedule:
+    - cron: 0 0 * * *
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  # This needs to match the version of Node.js on www.
+  NODE_VERSION: 22
+
+jobs:
+  run-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout current repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+      - name: Run tests
+        run: node --test --experimental-test-module-mocks
+        working-directory: ansible/www-standalone/tools/promote/  

.github/workflows/orka-templates.yml

@@ -0,0 +1,56 @@
+name: Check ORKA Packer Templates
+
+on:
+  push:
+    paths:
+      - 'orka/**/*.pkr.hcl'
+  pull_request:
+    paths:
+      - 'orka/**/*.pkr.hcl'
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
+
+    - name: Set up Packer
+      uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232 #v3.1.0
+
+    - name: Initialize Packer
+      run: |
+        for file in $(find . -name '*.pkr.hcl'); do
+          echo "Initializing $file"
+          packer init $file || exit 1
+        done
+      working-directory: orka/templates
+
+    - name: Validate Packer templates
+      env:
+        ORKA_ENDPOINT: 'https://mock-orka-endpoint'
+        ORKA_AUTH_TOKEN: 'mock-orka-auth-token'
+        SSH_DEFAULT_USERNAME: 'mock-ssh-default-username'
+        SSH_DEFAULT_PASSWORD: 'mock-ssh-default-password'
+        SSH_TEST_PASSWORD: 'mock-ssh-test-password'
+        SSH_RELEASE_PASSWORD: 'mock-ssh-release-password'
+        SSH_TEST_PUBLIC_KEY: 'mock-ssh-test-public-key'
+        SSH_RELEASE_PUBLIC_KEY: 'mock-ssh-release-public-key'
+      run: |
+        for file in $(find . -name '*.pkr.hcl'); do
+          echo "Validating $file"
+          vars="-var orka_endpoint=$ORKA_ENDPOINT -var orka_auth_token=$ORKA_AUTH_TOKEN -var ssh_default_username=$SSH_DEFAULT_USERNAME"
+          
+          if echo "$file" | grep -q "release"; then
+            vars="$vars -var ssh_release_password=$SSH_RELEASE_PASSWORD -var ssh_release_public_key=$SSH_RELEASE_PUBLIC_KEY"
+          elif echo "$file" | grep -q "test"; then
+            vars="$vars -var ssh_test_password=$SSH_TEST_PASSWORD -var ssh_test_public_key=$SSH_TEST_PUBLIC_KEY -var ssh_default_password=$SSH_DEFAULT_PASSWORD"
+          fi
+
+          packer validate $vars $file || exit 1
+        done
+      working-directory: orka/templates

.gitignore

@@ -14,3 +14,6 @@ ansible/host_vars/*
 !ansible/host_vars/*-template
 .venv
 Pipfile.lock
+
+# Orka secrets files including naming mutations
+orka/*/.env*

GOVERNANCE.md

@@ -56,7 +56,9 @@ should be aware of the bounds of their expertise and act accordingly.
   the basics of a trust relationship. The most two most straightforward paths
   to trust are:
   1. An established relationship with the Node.js project and its associated
-     working groups and activities. The longer the better.
+     working groups and activities. The longer the better. In case of doubt,
+     or if the individual is _not_ a Node.js Collaborator, contact the Node.js
+     TSC.
   2. A contractual relationship (such as employment) with a member company of
      the OpenJS Foundation. Contractual relationships carry legal weight and
      provide greater likelihood of a stable trust relationship; at a minimum

README.md

@@ -142,7 +142,7 @@ accesses and team roles see [GOVERNANCE.md][].
 ### Emeriti
 
 - [@addaleax](https://github.com/addaleax) - Anna Henningsen
-* [@anonrig](https://github.com/anonrig) - Yagiz Nizipli
+- [@anonrig](https://github.com/anonrig) - Yagiz Nizipli
 - [@bnoordhuis](https://github.com/bnoordhuis) - Ben Noordhuis
 - [@gibfahn](https://github.com/gibfahn) - Gibson Fahnestock
 - [@gireeshpunathil](https://github.com/gireeshpunathil) - Gireesh Punathil

ansible.cfg

@@ -29,6 +29,7 @@ ansible_python_interpreter = /opt/local/bin/python
 
 [hosts:freebsd]
 ansible_python_interpreter = /usr/local/bin/python3
+ansible_shell_allow_world_readable_temp = True
 
 [hosts:ibm]
 become_method             = sudo

ansible/README.md

@@ -255,15 +255,11 @@ Unsorted stuff of things we need to do/think about
 - [ ] move all service-related stuff to handlers
 - [ ] find a nicer way of adding proxyhosts to iptables
 - [ ] add clang/clang++ symlinks for ccache
-- [ ] centos7 needs different ccache path
-- [ ] debian7 needs to update alternative gcc/g++
 - [ ] verify that /usr/local/bin works as ccache install path
 - [x] remove subversion since v8 tests uses git nowadays
 - [ ] assign 192/256mb ram to the jenkins instances that requires it:
       - aix
       - TBD
-- [ ] epel-release for centos - required for centos7 on packet.net arm64
-      before ccache can be installed
 - [x] make .ssh/config and .ssh/id_rsa for release machines, adding config
       for `node-www` and record host key for node-www
 - [ ] add explicit ARCH and DESTCPU for release machines (RV: I'm adding

ansible/inventory.yml

@@ -17,8 +17,8 @@ hosts:
         ubuntu2204-x64-1: {ip: 107.170.240.62, alias: ci}
 
     - ibm:
-        ubuntu1804-x64-1: {ip: 169.45.166.50, alias: ci-release}
         ubuntu2004-x64-1: {ip: 169.60.150.91, alias: ansible}
+        ubuntu2404-x64-1: {ip: 169.61.75.62, alias: ci-release}
 
     - joyent:
         debian10-x64-1: {ip: 147.28.162.110, alias: grafana}
@@ -53,8 +53,6 @@ hosts:
         ibmi73-ppc64_be-1: {ip: 65.183.160.62, user: nodejs}
 
     - joyent:
-        smartos18-x64-2: {ip: 147.28.162.101}
-        smartos20-x64-2: {ip: 147.28.162.108}
         ubuntu1804_docker-x64-1: {ip: 147.28.162.104, user: ubuntu}
 
     - macstadium:
@@ -76,7 +74,6 @@ hosts:
         aix72-ppc64_be-1:
             ip: 140.211.9.77
             server_jobs: 6
-        centos7-arm64-1: {ip: 140.211.169.7, server_jobs: 2, user: centos}
         rhel8-arm64-1:
             ip: 140.211.169.58
             server_jobs: 2
@@ -108,19 +105,19 @@ hosts:
     - digitalocean:
         debian11-x64-1: {ip: 174.138.79.159, swap_file_size_mb: 2048}
         debian12-x64-1: {ip: 159.203.105.159, swap_file_size_mb: 2048}
-        fedora39-x64-1: {ip: 159.203.117.50}
-        fedora39-x64-2: {ip: 134.209.172.40}
         fedora40-x64-1: {ip: 159.65.248.149}
         fedora40-x64-2: {ip: 162.243.187.89}
-        freebsd12-x64-1: {ip: 45.55.90.237, user: freebsd}
-        freebsd12-x64-2: {ip: 107.170.28.213, user: freebsd}
+        fedora41-x64-1: {ip: 165.227.191.35}
+        fedora41-x64-2: {ip: 159.65.246.5}
+        freebsd13-x64-1: {ip: 138.197.25.49, user: freebsd, swap_file_size_mb: 2048}
+        freebsd13-x64-2: {ip: 159.89.188.229, user: freebsd, swap_file_size_mb: 2048}
         rhel8-x64-1: {ip: 161.35.139.78, build_test_v8: yes, swap_file_size_mb: 2048}
         rhel9-x64-1: {ip: 134.122.12.240, swap_file_size_mb: 2048}
         ubuntu2204_docker-x64-1: {ip: 134.209.55.216}
         ubuntu2204_docker-x64-2: {ip: 159.89.183.200}
         ubuntu1804-x64-1: {ip: 178.128.181.213}
-        ubuntu2204-x64-1: {ip: 138.197.4.1}
-        ubuntu2204-x64-2: {ip: 167.99.124.188}
+        ubuntu2204-x64-1: {ip: 138.197.4.1, swap_file_size_mb: 2048}
+        ubuntu2204-x64-2: {ip: 167.99.124.188, swap_file_size_mb: 2048}
 
     - equinix:
         ubuntu2004_docker-arm64-1: {ip: 145.40.81.219}
@@ -152,8 +149,8 @@ hosts:
         rhel8-x64-2: {ip: 169.61.75.58, build_test_v8: yes}
         rhel8-x64-3: {ip: 52.117.26.13, build_test_v8: yes}
         rhel9-x64-1: {ip: 169.60.150.92, swap_file_size_mb: 2048}
+        rhel9-x64-2: {ip: 169.44.168.2}
         ubuntu2204-x64-1: {ip: 169.60.150.82}
-        ubuntu2204-x64-2: {ip: 169.44.168.2}
         # when adding, removing or changing the IPs for any
         # `jenkins-workspace-*` machine, remember to rerun
         # the `ansible/playbooks/create-github-bot.yml` playbook
@@ -162,10 +159,6 @@ hosts:
         ubuntu2204_docker-x64-1: {ip: 52.117.26.9}
 
     - equinix_mnx:
-        smartos18-x64-3: {ip: 147.28.162.102}
-        smartos18-x64-4: {ip: 147.28.162.103}
-        smartos20-x64-3: {ip: 147.28.162.107}
-        smartos20-x64-4: {ip: 147.28.162.109}
         ubuntu1804-x64-1: {ip: 147.28.162.99, user: ubuntu}
 
     - hetzner:
@@ -230,10 +223,23 @@ hosts:
         # to update the Jenkins worker IP allowlist in github-bot
         ubuntu2204-x64-1: {ip: 67.158.54.159, alias: jenkins-workspace-9}
         ubuntu2204-x64-2: {ip: 8.225.232.44, alias: jenkins-workspace-10}
-        smartos21-x64-1: {ip: 8.225.232.135}
-        smartos21-x64-2: {ip: 8.225.232.137}
-        smartos23-x64-1: {ip: 8.225.232.134}
-        smartos23-x64-2: {ip: 8.225.232.141}
+        smartos22-x64-1:
+          ip: 172.16.9.3
+          ansible_ssh_common_args: '-o ProxyCommand="ssh -i ~/.ssh/nodejs_build_test -W %h:%p root@67.158.54.157"'
+          ansible_user: root
+        smartos22-x64-2:
+          ip: 172.16.9.3
+          ansible_ssh_common_args: '-o ProxyCommand="ssh -i ~/.ssh/nodejs_build_test -W %h:%p root@67.158.54.56"'
+          ansible_user: root
+        smartos23-x64-4:
+          ip: 172.16.9.3
+          ansible_ssh_common_args: '-o ProxyCommand="ssh -i ~/.ssh/nodejs_build_test -W %h:%p root@192.207.255.124"'
+          ansible_user: root
+        smartos23-x64-5:
+          ip: 172.16.9.3
+          ansible_ssh_common_args: '-o ProxyCommand="ssh -i ~/.ssh/nodejs_build_test -W %h:%p root@67.158.54.51"'
+          ansible_user: root
+
 
     - osuosl:
         # secret for -1 was compromised, do not use -1 name
@@ -250,9 +256,10 @@ hosts:
         rhel8-ppc64_le-2: {ip: 140.211.168.76, user: cloud-user, build_test_v8: yes, swap_file_size_mb: 2048}
         rhel8-ppc64_le-3: {ip: 140.211.168.221, user: cloud-user, build_test_v8: yes, swap_file_size_mb: 2048}
         rhel8-ppc64_le-4: {ip: 140.211.168.194, user: cloud-user, build_test_v8: yes, swap_file_size_mb: 2048}
-        rhel9-ppc64_le-1: {ip: 140.211.10.92, user: cloud-user, swap_file_size_mb: 2048}
-        rhel9-ppc64_le-2: {ip: 140.211.10.69, user: cloud-user, swap_file_size_mb: 2048}
-        rhel9-ppc64_le-3: {ip: 140.211.10.110, user: cloud-user, swap_file_size_mb: 2048}
+        rhel9-ppc64_le-1: {ip: 140.211.10.105, user: cloud-user, swap_file_size_mb: 2048}
+        rhel9-ppc64_le-2: {ip: 140.211.10.98, user: cloud-user, swap_file_size_mb: 2048}
+        rhel9-ppc64_le-3: {ip: 140.211.10.102, user: cloud-user, swap_file_size_mb: 2048}
+        rhel9-ppc64_le-4: {ip: 140.211.10.107, user: cloud-user, swap_file_size_mb: 2048}
         ubuntu2004_docker-arm64-1: {ip: 140.211.169.11, user: ubuntu}
 
     - orka:
@@ -283,21 +290,19 @@ hosts:
             user: admin
 
     - iinthecloud:
-        ibmi73-ppc64_be-1: {ip: 65.183.160.52, user: nodejs}
-        ibmi73-ppc64_be-2: {ip: 65.183.160.59, user: nodejs}
+        ibmi74-ppc64_be-1: {ip: 65.183.160.52, user: nodejs}
+        ibmi74-ppc64_be-2: {ip: 65.183.160.59, user: nodejs}
 
     - rzkh:
-        ibmi73-ppc64_be-1:
+        ibmi74-ppc64_be-1:
             ip: 185.113.4.148
             user: nodejs
             server_jobs: 32
 
     - rackspace:
-        centos7-x64-1: {ip: 119.9.27.82}
-        debian10-x64-1: {ip: 104.239.140.184}
         debian11-x64-1: {ip: 23.253.109.216, swap_file_size_mb: 4096}
-        ubuntu1604-x64-1: {ip: 119.9.51.176}
-        ubuntu1604-x64-2: {ip: 104.130.124.194}
+        debian12-x64-1: {ip: 104.130.124.194, swap_file_size_mb: 4096}
+        ubuntu2204-x64-1: {ip: 119.9.52.75, swap_file_size_mb: 4096, user: ubuntu}
         win2016_vs2015-x64-1: {}
         win2016_vs2015-x64-2: {}
         win2019_vs2019-x64-1: {}
@@ -312,5 +317,4 @@ hosts:
         win2022_vs2022-x64-6: {}
 
     - softlayer:
-        debian10-x64-1: {ip: 169.44.16.126}
         debian12-x64-1: {ip: 169.60.150.88, swap_file_size_mb: 2048}

ansible/playbooks/jenkins/host/create.yml

@@ -6,7 +6,7 @@
 
 - hosts:
   - infra-digitalocean-ubuntu2204-x64-1 # ci.nodejs.org
-  - infra-ibm-ubuntu1804-x64-1 # ci-release.nodejs.org
+  - infra-ibm-ubuntu2404-x64-1 # ci-release.nodejs.org
 
   roles:
   - bootstrap

ansible/playbooks/jenkins/host/iptables.yml

@@ -9,12 +9,12 @@
 
 - hosts:
   - infra-digitalocean-ubuntu2204-x64-1 # ci.nodejs.org
-  - infra-ibm-ubuntu1804-x64-1 # ci-release.nodejs.org
+  - infra-ibm-ubuntu2404-x64-1 # ci-release.nodejs.org
 
   vars:
     hostgroups: {
       'infra-digitalocean-ubuntu2204-x64-1': 'test',
-      'infra-ibm-ubuntu1804-x64-1': 'release'
+      'infra-ibm-ubuntu2404-x64-1': 'release'
       }
 
   tasks: