Release 20250200

.github/actions/merge-artifacts/action.yml

@@ -25,7 +25,7 @@ runs:
         merge-multiple: true
 
     - name: Upload the Regrouped Artifact
-      uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       with:
         name: ${{ inputs.target_name }}
         path: |

.github/actions/package-delivery/action.yml

@@ -77,7 +77,7 @@ runs:
 
     - if: ${{ inputs.stability != 'stable' }}
       name: Restore packages from cache
-      uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+      uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         path: ./*.${{ steps.parse-distrib.outputs.package_extension }}
         key: ${{ inputs.cache_key }}
@@ -177,6 +177,11 @@ runs:
           const path = require('path');
           const globber = await glob.create('*.${{ steps.parse-distrib.outputs.package_extension }}');
 
+          let stableRpmSubdirectory = '';
+          if ('${{ inputs.stability }}' === 'stable') {
+            stableRpmSubdirectory = 'RPMS/';
+          }
+
           const debTargetProps = '${{ inputs.stability }}' == 'testing' ? '--target-props "release_type=${{ inputs.release_type }}"' : '';
 
           for await (const file of globber.globGenerator()) {
@@ -188,7 +193,7 @@ runs:
                 arch = 'x86_64';
               }
               await exec.exec(
-                `jf rt upload "${fileName}" "${{ steps.get_repository_stability_path.outputs.repository_stability_path }}/${arch}/${{ inputs.module_name }}/" --flat`
+                `jf rt upload "${fileName}" "${{ steps.get_repository_stability_path.outputs.repository_stability_path }}/${arch}/${stableRpmSubdirectory}${{ inputs.module_name }}/" --flat`
               );
             } else if ('${{ steps.parse-distrib.outputs.package_extension }}' === 'deb') {
               let arch = 'all';

.github/actions/package-nfpm/action.yml

@@ -122,15 +122,15 @@ runs:
         done
       shell: bash
 
-    - uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+    - uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         path: ./*.${{ inputs.package_extension }}
         key: ${{ inputs.cache_key }}
 
     # Add to your PR the label upload-artifacts to get packages as artifacts
     - if: ${{ contains(github.event.pull_request.labels.*.name, 'upload-artifacts') }}
       name: Upload package artifacts
-      uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
       with:
         name: packages-${{ inputs.distrib }}
         path: ./*.${{ inputs.package_extension}}

.github/actions/test-plugins/action.yml

@@ -16,7 +16,7 @@ runs:
   steps:
 
     - name: get the cached plugin
-      uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
+      uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         path: ./*.${{ inputs.package-extension }}
         key: ${{ inputs.cache-key }}

.github/docker/packaging/Dockerfile.packaging-plugins-alma8

@@ -10,10 +10,22 @@ baseurl=https://repo.goreleaser.com/yum/
 enabled=1
 gpgcheck=0' | tee /etc/yum.repos.d/goreleaser.repo
 
-dnf -y install gcc git gettext rpm-build dos2unix python3 epel-release nfpm-2.41.0 openssl-devel jq zstd selinux-policy-devel
+dnf -y install gcc git gettext rpm-build dos2unix python3 epel-release nfpm-2.41.0 openssl-devel jq zstd selinux-policy-devel yum-utils
+dnf config-manager --set-enabled powertools
 dnf -y install perl-App-cpanminus perl-JSON
 cpanm App::FatPacker
 cpanm File::Copy::Recursive
+
+# For cpan libs
+dnf install -y cpio libcurl-devel libssh-devel expat-devel libuuid-devel zeromq-devel libxml2-devel libffi-devel perl-DBI perl-Net-Pcap freetds freetds-devel perl-Module-Build-Tiny
+cpanm Module::Build::Tiny
+cpanm Module::Install
+# Install fpm (ruby 3 is required)
+dnf module reset -y ruby
+dnf module enable -y ruby:3.1
+dnf install -y ruby ruby-devel
+gem install fpm
+
 dnf clean all
 
 EOF

.github/docker/packaging/Dockerfile.packaging-plugins-alma9

@@ -10,10 +10,22 @@ baseurl=https://repo.goreleaser.com/yum/
 enabled=1
 gpgcheck=0' | tee /etc/yum.repos.d/goreleaser.repo
 
-dnf -y install gcc git gettext rpm-build dos2unix python3 epel-release nfpm-2.41.0 openssl-devel jq zstd selinux-policy-devel
+dnf -y install gcc git gettext rpm-build dos2unix python3 epel-release nfpm-2.41.0 openssl-devel jq zstd selinux-policy-devel yum-utils
+dnf  config-manager --set-enabled crb
 dnf -y install perl-App-cpanminus perl-JSON
 cpanm App::FatPacker
 cpanm File::Copy::Recursive
+
+# For cpan libs
+dnf install -y cpio libcurl-devel libssh-devel expat-devel libuuid-devel zeromq-devel libxml2-devel libffi-devel perl-DBI perl-Net-Pcap freetds freetds-devel perl-Module-Build-Tiny
+cpanm Module::Build::Tiny
+cpanm Module::Install
+# Install fpm (ruby 3 is required)
+dnf module reset -y ruby
+dnf module enable -y ruby:3.1
+dnf install -y ruby ruby-devel
+gem install fpm
+
 dnf clean all
 
 EOF

.github/docker/packaging/Dockerfile.packaging-plugins-bookworm

@@ -55,6 +55,8 @@ apt-get install -y \
 
 cpanm Module::Build::Tiny
 cpanm Module::Install
+cpanm Crypt::OpenSSL::Guess
+
 gem install fpm
 
 echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | tee /etc/apt/sources.list.d/goreleaser.list
@@ -64,3 +66,7 @@ apt-get install -y nfpm=2.41.0
 apt-get clean
 
 EOF
+
+COPY .github/patch/fpm-deb.rb.diff /tmp/fpm-deb.rb.diff
+# Patch to apply fpm fix for debian package generation while waiting for the official fix to be released (https://github.com/jordansissel/fpm/pull/1947).
+RUN patch -i /tmp/fpm-deb.rb.diff $(find / -type f -name "deb.rb") && /bin/rm -rf /tmp/fpm-deb.rb.diff

.github/docker/packaging/Dockerfile.packaging-plugins-bullseye

@@ -38,7 +38,6 @@ apt-get install -y \
   libapp-fatpacker-perl \
   libcurl4-openssl-dev \
   libczmq-dev \
-  libczmq-dev\
   libfile-copy-recursive-perl \
   libjson-perl \
   libmodule-build-tiny-perl \
@@ -58,11 +57,14 @@ cpanm Crypt::OpenSSL::Guess
 
 gem install fpm
 
-
 echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | tee /etc/apt/sources.list.d/goreleaser.list
 apt-get update
 apt-get install -y nfpm=2.41.0
 
 apt-get clean
 
 EOF
+
+COPY .github/patch/fpm-deb.rb.diff /tmp/fpm-deb.rb.diff
+# Patch to apply fpm fix for debian package generation while waiting for the official fix to be released (https://github.com/jordansissel/fpm/pull/1947).
+RUN patch -i /tmp/fpm-deb.rb.diff $(find / -type f -name "deb.rb") && /bin/rm -rf /tmp/fpm-deb.rb.diff

.github/docker/packaging/Dockerfile.packaging-plugins-jammy

@@ -66,3 +66,7 @@ apt-get install -y nfpm=2.41.0
 apt-get clean
 
 EOF
+
+COPY .github/patch/fpm-deb.rb.diff /tmp/fpm-deb.rb.diff
+# Patch to apply fpm fix for debian package generation while waiting for the official fix to be released (https://github.com/jordansissel/fpm/pull/1947).
+RUN patch -i /tmp/fpm-deb.rb.diff $(find / -type f -name "deb.rb") && /bin/rm -rf /tmp/fpm-deb.rb.diff

.github/workflows/as400.yml

@@ -102,7 +102,7 @@ jobs:
           stability: ${{ needs.get-environment.outputs.stability }}
 
       - name: Save to cache
-        uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: ./*.${{ matrix.package_extension }}
           key: ${{ github.sha }}-${{ github.run_id }}-${{ matrix.package_extension }}-${{ matrix.distrib }}

.github/workflows/check-status.yml

@@ -0,0 +1,180 @@
+name: check-status
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - master
+      - hotfix-*
+      - release-*
+
+jobs:
+  check-status:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check workflow statuses and display token usage
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          echo "current rest api rate usage:"
+          curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .rate
+          echo ""
+          echo ""
+          echo "current graphql rate usage:"
+          curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .resources.graphql
+          echo ""
+          echo ""
+
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.number }}
+        with:
+          script: |
+            await exec.exec("sleep 20s");
+
+            for (let i = 0; i < 120; i++) {
+              const failure = [];
+              const cancelled = [];
+              const pending = [];
+
+              const result = await github.rest.checks.listSuitesForRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: "${{ github.head_ref }}"
+              });
+              result.data.check_suites.forEach(({ app: { slug }, conclusion, id}) => {
+                if (slug === 'github-actions') {
+                  if (conclusion === 'failure' || conclusion === 'cancelled') {
+                    failure.push(id);
+                  } else if (conclusion === null) {
+                    pending.push(id);
+                  }
+                  console.log(`check suite ${id} => ${conclusion === null ? 'pending' : conclusion}`);
+                }
+              });
+
+              if (pending.length === 0) {
+                core.setFailed("Cannot get pull request check status");
+                return;
+              }
+
+              if (failure.length > 0) {
+                let failureMessage = '';
+                const failedCheckRuns = [];
+                for await (const suite_id of failure) {
+                  const resultCheckRuns = await github.rest.checks.listForSuite({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    check_suite_id: suite_id
+                  });
+
+                  resultCheckRuns.data.check_runs.forEach(({ conclusion, name, html_url }) => {
+                    if (conclusion === 'failure' || conclusion === 'cancelled') {
+                      failedCheckRuns.push(`<a href="${html_url}">${name} (${conclusion})</a>`);
+                    }
+                  });
+                }
+
+                core.summary.addRaw(`${failedCheckRuns.length} job(s) failed:`, true)
+                core.summary.addList(failedCheckRuns);
+                core.summary.write()
+
+                if (failedCheckRuns.length > 0) {
+                  core.setFailed(`${failedCheckRuns.length} job(s) failed`);
+                  return;
+                }
+              }
+
+              if (pending.length === 1) {
+                core.info("All workflows are ok");
+                return;
+              }
+
+              core.info(`${pending.length} workflows in progress`);
+
+              await exec.exec("sleep 30s");
+            }
+
+            core.setFailed("Timeout: some jobs are still in progress");
+
+  get-environment:
+    if: |
+      contains(fromJSON('["pull_request", "pull_request_target"]') , github.event_name) &&
+      (startsWith(github.base_ref, 'release-') || startsWith(github.base_ref, 'hotfix-'))
+    uses: ./.github/workflows/get-environment.yml
+
+  check-cherry-pick:
+    needs: [get-environment, check-status]
+    runs-on: ubuntu-24.04
+    if: |
+      contains(fromJSON('["pull_request", "pull_request_target"]') , github.event_name) &&
+      needs.get-environment.outputs.target_stability == 'testing' &&
+      ! contains(needs.get-environment.outputs.labels, 'skip-cherry-pick')
+
+    steps:
+      - name: Check if the PR is a cherry-pick from dev branch
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        env:
+          LINKED_DEV_BRANCH: develop
+        with:
+          script: |
+            let linkedPrs = [];
+            let errorMessage = `This pull request is not a cherry-pick from ${process.env.LINKED_DEV_BRANCH} or has no reference to a pull request which has been merged on ${process.env.LINKED_DEV_BRANCH}\n`;
+
+            try {
+              const pull = await github.rest.pulls.get({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.issue.number
+              });
+
+              const { title, body } = pull.data;
+
+              [title, body].forEach((text) => {
+                const linkedPrMatches = text.matchAll(/(?:#|\/pull\/)(\d+)/g);
+                if (linkedPrMatches) {
+                  [...linkedPrMatches].forEach((match) => {
+                    linkedPrs.push(Number(match[1]));
+                  });
+                }
+              });
+
+              // remove duplicates
+              linkedPrs = [...new Set(linkedPrs)];
+              console.log(`Linked pull requests found in PR title and body: ${linkedPrs.join(', ')}`);
+            } catch (e) {
+              throw new Error(`Failed to get information of pull request #${context.issue.number}: ${e}`);
+            }
+
+            for await (const prNumber of linkedPrs) {
+              try {
+                const pull = await github.rest.pulls.get({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  pull_number: prNumber
+                });
+
+                if (pull.data.base.ref === process.env.LINKED_DEV_BRANCH) {
+                  if (pull.data.state === 'closed' && pull.data.merged === true) {
+                    console.log(`This pull request is a cherry-pick from pull request #${prNumber} on ${process.env.LINKED_DEV_BRANCH}`);
+                    return;
+                  } else {
+                    errorMessage += `This pull request seems to be a cherry-pick from pull request #${prNumber} on ${process.env.LINKED_DEV_BRANCH} but it is not merged yet\n`;
+                  }
+                } else {
+                  errorMessage += `Pull request #${prNumber} is linked to ${pull.data.base.ref} instead of ${process.env.LINKED_DEV_BRANCH}\n`;
+                }
+              } catch (e) {
+                errorMessage += `Failed to get information on pull request #${prNumber}: ${e}\n`;
+              }
+            }
+
+            errorMessage += `\nIf you are sure this PR does not need to be a cherry-pick from ${process.env.LINKED_DEV_BRANCH} or must be merged urgently, `;
+            errorMessage += `open the pull request on ${process.env.LINKED_DEV_BRANCH} and add label "skip-cherry-pick" to the PR and re-run all jobs of workflow check-status\n`;
+
+            throw new Error(errorMessage);

.github/workflows/connector-vmware.yml

@@ -77,7 +77,7 @@ jobs:
           stability: ${{ needs.get-environment.outputs.stability }}
       - name: Upload apt/dnf packages as artifacts if asked
         if: ${{ contains(github.event.pull_request.labels.*.name, 'upload-artifacts') }}
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: vmware-connector-daemon-${{ matrix.distrib }}
           path: centreon-plugin*

.github/workflows/docker-builder-packaging-plugins.yml

@@ -84,9 +84,9 @@ jobs:
           username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }}
           password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }}
 
-      - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
-      - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
         with:
           file: .github/docker/packaging/Dockerfile.${{ matrix.dockerfile }}
           context: .

.github/workflows/docker-builder-testing-plugins.yml

@@ -69,9 +69,9 @@ jobs:
           username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }}
           password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }}
 
-      - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
-      - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
         with:
           file: .github/docker/testing/Dockerfile.testing-plugins-${{ matrix.dockerfile }}
           context: .

.github/workflows/docker-builder-unit-tests.yml

@@ -69,9 +69,9 @@ jobs:
           username: ${{ secrets.HARBOR_CENTREON_PUSH_USERNAME }}
           password: ${{ secrets.HARBOR_CENTREON_PUSH_TOKEN }}
 
-      - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
-      - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+      - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
         with:
           file: .github/docker/unit-tests/Dockerfile.unit-tests-${{ matrix.dockerfile }}
           context: .