GitHub action build

.github/workflows/check-unused-imports.yml

@@ -9,6 +9,7 @@ on:
   workflow_dispatch:
 
 permissions:
+  pull-requests: write
   contents: read
 
 jobs:

.github/workflows/package-smoketest.yml

@@ -14,7 +14,7 @@ env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed for PR comments
 
 jobs:
-  build:
+  build_iso:
     runs-on: ubuntu-24.04
     timeout-minutes: 45
     container:
@@ -42,6 +42,7 @@ jobs:
         run: |
           echo "build_version=1.5-integration-$(date -u +%Y%m%d%H%M)" >> $GITHUB_OUTPUT
       - name: Build custom ISO image
+        shell: bash
         run: |
           sudo --preserve-env ./build-vyos-image \
           --architecture amd64 \
@@ -55,13 +56,15 @@ jobs:
           name: vyos-${{ steps.version.outputs.build_version }}
           path: build/live-image-amd64.hybrid.iso
 
-  cli-smoketests:
-    needs: build
+  test_smoketest_cli:
+    needs: build_iso
     runs-on: ubuntu-24.04
     timeout-minutes: 180
     container:
       image: vyos/vyos-build:current
       options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
+    outputs:
+      exit_code: ${{ steps.test.outputs.exit_code }}
     steps:
       # We need the test script from vyos-build repo
       - name: Clone vyos-build source code
@@ -70,27 +73,29 @@ jobs:
           repository: vyos/vyos-build
       - uses: actions/download-artifact@v4
         with:
-          name: vyos-${{ needs.build.outputs.build_version }}
+          name: vyos-${{ needs.build_iso.outputs.build_version }}
           path: build
       - name: VyOS CLI smoketests
-        run: sudo make test
-      - name: Add PR comment
-        if: always()
-        uses: mshick/add-pr-comment@v2
-        with:
-          message-success: '👍 VyOS CLI smoketests finished successfully!'
-          message-failure: '❌ VyOS CLI smoketests failed!'
-          message-cancelled: '❌ VyOS CLI smoketests cancelled!'
-          allow-repeats: false
-          refresh-message-position: true
+        id: test
+        shell: bash
+        run: |
+          set -e
+          sudo make test
+          if [[ $? == 0 ]]; then
+            echo "exit_code=success" >> $GITHUB_OUTPUT
+          else
+            echo "exit_code=fail" >> $GITHUB_OUTPUT
+          fi
 
-  config-load-tests:
-    needs: build
+  test_config_load:
+    needs: build_iso
     runs-on: ubuntu-24.04
     timeout-minutes: 90
     container:
       image: vyos/vyos-build:current
       options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
+    outputs:
+      exit_code: ${{ steps.test.outputs.exit_code }}
     steps:
       # We need the test script from vyos-build repo
       - name: Clone vyos-build source code
@@ -99,27 +104,29 @@ jobs:
           repository: vyos/vyos-build
       - uses: actions/download-artifact@v4
         with:
-          name: vyos-${{ needs.build.outputs.build_version }}
+          name: vyos-${{ needs.build_iso.outputs.build_version }}
           path: build
-      - name: VyOS config tests
-        run: sudo make testc
-      - name: Add PR comment
-        if: always()
-        uses: mshick/add-pr-comment@v2
-        with:
-          message-success: '👍 VyOS config tests finished successfully!'
-          message-failure: '❌ VyOS config tests failed!'
-          message-cancelled: '❌ VyOS config tests cancelled!'
-          allow-repeats: false
-          refresh-message-position: true
+      - name: VyOS config load tests
+        id: test
+        shell: bash
+        run: |
+          set -e
+          sudo make testc
+          if [[ $? == 0 ]]; then
+            echo "exit_code=success" >> $GITHUB_OUTPUT
+          else
+            echo "exit_code=fail" >> $GITHUB_OUTPUT
+          fi
 
-  raid1-install-test:
-    needs: build
+  test_raid1_install:
+    needs: build_iso
     runs-on: ubuntu-24.04
     timeout-minutes: 20
     container:
       image: vyos/vyos-build:current
       options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
+    outputs:
+      exit_code: ${{ steps.test.outputs.exit_code }}
     steps:
       # We need the test script from vyos-build repo
       - name: Clone vyos-build source code
@@ -128,16 +135,44 @@ jobs:
           repository: vyos/vyos-build
       - uses: actions/download-artifact@v4
         with:
-          name: vyos-${{ needs.build.outputs.build_version }}
+          name: vyos-${{ needs.build_iso.outputs.build_version }}
           path: build
-      - name: VyOS RAID1 install test
-        run: sudo make testraid
+      - name: VyOS RAID1 installation tests
+        id: test
+        shell: bash
+        run: |
+          set -e
+          sudo make testraid
+          if [[ $? == 0 ]]; then
+            echo "exit_code=success" >> $GITHUB_OUTPUT
+          else
+            echo "exit_code=fail" >> $GITHUB_OUTPUT
+          fi
+
+  result:
+    needs:
+      - test_smoketest_cli
+      - test_config_load
+      - test_raid1_install
+    runs-on: ubuntu-24.04
+    timeout-minutes: 5
+    if: always()
+    steps:
       - name: Add PR comment
         if: always()
         uses: mshick/add-pr-comment@v2
         with:
-          message-success: '👍 RAID1 Smoketests finished successfully!'
-          message-failure: '❌ RAID1 Smoketests failed!'
-          message-cancelled: '❌ RAID1 action cancelled!'
+          message: |
+            CI integration ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && needs.test_config_load.outputs.exit_code == 'success' && needs.test_raid1_install.outputs.exit_code == 'success' && '👍 passed!' || '❌ failed!' }}
+
+            ### Details
+
+            [CI logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
+
+            * CLI Smoketests ${{ needs.test_smoketest_cli.outputs.exit_code == 'success' && '👍 passed' || '❌ failed' }}
+            * Config tests ${{ needs.test_config_load.outputs.exit_code == 'success' && '👍 passed' || '❌ failed' }}
+            * RAID1 tests ${{ needs.test_raid1_install.outputs.exit_code == 'success' && '👍 passed' || '❌ failed' }}
+
+          message-id: "SMOKETEST_RESULTS"
           allow-repeats: false
           refresh-message-position: true

Makefile

@@ -55,12 +55,6 @@ op_mode_definitions: $(op_xml_obj)
 
 	find $(BUILD_DIR)/op-mode-definitions/ -type f -name "*.xml" | xargs -I {} $(CURDIR)/scripts/build-command-op-templates {} $(CURDIR)/schema/op-mode-definition.rng $(OP_TMPL_DIR) || exit 1
 
-	# XXX: delete top level op mode node.def's that now live in other packages
-	rm -f $(OP_TMPL_DIR)/add/node.def
-	rm -f $(OP_TMPL_DIR)/clear/interfaces/node.def
-	rm -f $(OP_TMPL_DIR)/clear/node.def
-	rm -f $(OP_TMPL_DIR)/delete/node.def
-
 	# XXX: tcpdump, ping, traceroute and mtr must be able to recursivly call themselves as the
 	# options are provided from the scripts themselves
 	ln -s ../node.tag $(OP_TMPL_DIR)/ping/node.tag/node.tag/

data/op-mode-standardized.json

@@ -23,6 +23,7 @@
 "openconnect.py",
 "openvpn.py",
 "otp.py",
+"qos.py",
 "reset_vpn.py",
 "reverseproxy.py",
 "route.py",

data/templates/accel-ppp/pppoe.config.j2

@@ -31,10 +31,13 @@ copy=1
 level={{ log.level }}
 {% endif %}
 
-{% if authentication.mode is vyos_defined("noauth") %}
 [auth]
+{% if authentication.mode is vyos_defined("noauth") %}
 noauth=1
 {% endif %}
+{% if authentication.any_login is vyos_defined %}
+any-login=1
+{% endif %}
 
 [client-ip-range]
 0.0.0.0/0

data/templates/load-balancing/haproxy.cfg.j2

@@ -1,8 +1,6 @@
 ### Autogenerated by load-balancing_reverse-proxy.py ###
 
 global
-    log /dev/log local0
-    log /dev/log local1 notice
     chroot /var/lib/haproxy
     stats socket /run/haproxy/admin.sock mode 660 level admin
     stats timeout 30s
@@ -11,6 +9,11 @@ global
     daemon
 
 {% if global_parameters is vyos_defined %}
+{%     if global_parameters.logging is vyos_defined %}
+{%         for facility, facility_config in global_parameters.logging.facility.items() %}
+    log /dev/log {{ facility }} {{ facility_config.level }}
+{%         endfor %}
+{%     endif %}
 {%     if global_parameters.max_connections is vyos_defined %}
     maxconn {{ global_parameters.max_connections }}
 {%     endif %}
@@ -66,6 +69,11 @@ frontend {{ front }}
 {%         endif %}
 {%         if front_config.redirect_http_to_https is vyos_defined %}
     http-request redirect scheme https unless { ssl_fc }
+{%         endif %}
+{%         if front_config.logging is vyos_defined %}
+{%             for facility, facility_config in front_config.logging.facility.items() %}
+    log /dev/log {{ facility }} {{ facility_config.level }}
+{%             endfor %}
 {%         endif %}
     mode {{ front_config.mode }}
 {%         if front_config.tcp_request.inspect_delay is vyos_defined %}
@@ -165,6 +173,11 @@ backend {{ back }}
     option forwardfor
     http-request set-header X-Forwarded-Port %[dst_port]
     http-request add-header X-Forwarded-Proto https if { ssl_fc }
+{%         endif %}
+{%         if back_config.logging is vyos_defined %}
+{%             for facility, facility_config in back_config.logging.facility.items() %}
+    log /dev/log {{ facility }} {{ facility_config.level }}
+{%             endfor %}
 {%         endif %}
     mode {{ back_config.mode }}
 {%         if back_config.http_response_headers is vyos_defined %}

data/templates/rsyslog/logrotate.j2

@@ -5,9 +5,6 @@
   create
   rotate 5
   size=256k
-  postrotate
-    invoke-rc.d rsyslog rotate > /dev/null
-  endscript
 }
 
 {% if file is vyos_defined %}
@@ -18,9 +15,6 @@
   create
   rotate {{ file_options.archive.file }}
   size={{ file_options.archive.size | int // 1024 }}k
-  postrotate
-    invoke-rc.d rsyslog rotate > /dev/null
-  endscript
 }
 
 {%     endfor %}

data/templates/ssh/sshd_config.j2

@@ -67,6 +67,11 @@ Ciphers {{ ciphers | join(',') }}
 HostKeyAlgorithms {{ hostkey_algorithm | join(',') }}
 {% endif %}
 
+{% if pubkey_accepted_algorithm is vyos_defined %}
+# Specifies the available PubKey signature algorithms
+PubkeyAcceptedAlgorithms {{ pubkey_accepted_algorithm | join(',') }}
+{% endif %}
+
 {% if mac is vyos_defined %}
 # Specifies the available MAC (message authentication code) algorithms
 MACs {{ mac | join(',') }}

data/templates/telegraf/telegraf.j2

@@ -41,6 +41,21 @@
   bucket = "{{ influxdb.bucket }}"
 ### End InfluxDB2 ###
 {% endif %}
+{% if loki is vyos_defined %}
+### Loki ###
+[[outputs.loki]]
+  ## The domain of Loki
+  domain = "{{ loki.url }}:{{ loki.port }}"
+{%     if loki.authentication.username is vyos_defined and loki.authentication.password is vyos_defined  %}
+  ## Basic Authentication
+  username = "{{ loki.authentication.username }}"
+  password = "{{ loki.authentication.password }}"
+{%     endif %}
+{%     if loki.metric_name_label is vyos_defined %}
+metric_name_label = "{{ loki.metric_name_label }}"
+{%     endif %}
+### End Loki ###
+{% endif %}
 {% if prometheus_client is vyos_defined %}
 ### Prometheus ###
 [[outputs.prometheus_client]]
@@ -115,7 +130,9 @@
 {% if influxdb is vyos_defined %}
 [[inputs.exec]]
   commands = [
+{%     if nft_chains is vyos_defined %}
     "{{ custom_scripts_dir }}/show_firewall_input_filter.py",
+{%     endif %}
     "{{ custom_scripts_dir }}/show_interfaces_input_filter.py",
     "{{ custom_scripts_dir }}/vyos_services_input_filter.py"
   ]